Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVChost.exe *32 Redirect Virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 kclayto2

kclayto2

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 February 2012 - 03:28 PM

I am so happy that I found this site. I cleared my computer of a Windows 7 security update virus in the beginning of January using TDSSkiller and Malwarebytes- but an SVChost virus has embedded itself in my computer and although Malwarebytes detects it, it doesn't completely remove it. Malwarebytes lists this as a Trojan virus along with an additional spyware component

General description:

- Firefox initially became unstable
- Random computer shutdowns followed by Windows repair on startup(completely shuts down when put on sleep or hibernate; reboots normally if shutdown manually)
- Redirects google and websites to gimmeanswers and other websites (something resembling an IP address appears in the address box)
- 404 Not Found nginx when searching google images and video
- In the task manager, the virus process runs as svchost.exe *32- winrscmde

Note: GMER only allowed me to check the Services, Registry, Files (Drives C), and ADS boxes. I could not check or uncheck the Systems, Devices, Modules Processes, Threads, Libraries or Show All boxes.


DDS Text:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Kayla Clayton at 13:48:47 on 2012-02-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6069.2293 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Fotki Desktop\fotki.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Best Buy pc app] C:\Users\Kayla Clayton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\KAYLAC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - D:\Common\EpsonReg\EpsonReg.exe
StartupFolder: C:\Users\KAYLAC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FOTKID~1.LNK - C:\Program Files (x86)\Fotki Desktop\fotki.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{08639884-7C27-4DAC-8D79-EE5988826EC0} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{08639884-7C27-4DAC-8D79-EE5988826EC0}\23438324027505B4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{08639884-7C27-4DAC-8D79-EE5988826EC0}\35072796E6768496C6C602355796475637 : DhcpNameServer = 24.25.5.60 24.25.5.61
TCP: Interfaces\{08639884-7C27-4DAC-8D79-EE5988826EC0}\4496A7A797350727573656D27657563747 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{08639884-7C27-4DAC-8D79-EE5988826EC0}\74C6F627961602451697C6F627 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{08639884-7C27-4DAC-8D79-EE5988826EC0}\75942554C45435350294E4455425E4544502359676E602550512022353 : DhcpNameServer = 10.34.2.1 10.0.0.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kayla Clayton\AppData\Roaming\Mozilla\Firefox\Profiles\pbv3tadv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652872]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-6-17 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-6-17 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-6 2314240]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-9-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-9-6 79360]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-28 17:01:54 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04891AF8-27CA-4661-9FEF-4AAFB86EDA30}\offreg.dll
2012-02-25 16:30:31 -------- d-----w- C:\Users\Kayla Clayton\AppData\Local\Google
2012-02-22 20:30:11 -------- d-----w- C:\Windows\System32\RsFx
2012-02-22 20:27:04 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-02-22 20:26:10 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-02-22 20:24:58 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-02-22 20:24:58 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-02-22 20:24:53 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-02-22 20:24:53 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-02-22 20:24:29 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-02-22 20:22:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-02-22 20:22:25 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-02-22 20:21:28 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-02-22 20:21:28 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-02-17 17:04:16 20480 ----a-w- C:\Windows\svchost.exe
2012-02-13 06:03:31 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B983.tmp
2012-02-13 06:03:31 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B973.tmp
2012-02-09 20:59:05 -------- d-----r- C:\Program Files (x86)\Skype
2012-02-07 07:31:46 -------- d-----w- C:\Users\Kayla Clayton\AppData\Roaming\4F55B
2012-02-07 07:31:35 -------- d-----w- C:\Users\Kayla Clayton\AppData\Roaming\FAD4F
2012-02-04 21:09:34 -------- d-----w- C:\Users\Kayla Clayton\AppData\Roaming\OpenCandy
.
==================== Find3M ====================
.
2012-02-28 16:59:39 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-02-09 23:18:03 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 13:50:08.78 ===============


Thanks in advance for any help

Attached Files


Edited by kclayto2, 28 February 2012 - 03:31 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:35 AM

Posted 28 February 2012 - 03:47 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 kclayto2

kclayto2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 February 2012 - 04:38 PM

I rebooted my computer. Here is the TDSS log:

16:26:44.0361 5864 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:26:45.0063 5864 ============================================================
16:26:45.0063 5864 Current date / time: 2012/02/28 16:26:45.0063
16:26:45.0063 5864 SystemInfo:
16:26:45.0063 5864
16:26:45.0063 5864 OS Version: 6.1.7600 ServicePack: 0.0
16:26:45.0063 5864 Product type: Workstation
16:26:45.0063 5864 ComputerName: KAYLACLAYTON-PC
16:26:45.0063 5864 UserName: Kayla Clayton
16:26:45.0063 5864 Windows directory: C:\Windows
16:26:45.0063 5864 System windows directory: C:\Windows
16:26:45.0063 5864 Running under WOW64
16:26:45.0063 5864 Processor architecture: Intel x64
16:26:45.0063 5864 Number of processors: 8
16:26:45.0063 5864 Page size: 0x1000
16:26:45.0063 5864 Boot type: Normal boot
16:26:45.0063 5864 ============================================================
16:26:45.0500 5864 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:26:45.0516 5864 \Device\Harddisk0\DR0:
16:26:45.0516 5864 MBR used
16:26:45.0516 5864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x4814643A
16:26:45.0531 5864 Initialize success
16:26:45.0531 5864 ============================================================
16:27:00.0929 4020 ============================================================
16:27:00.0929 4020 Scan started
16:27:00.0929 4020 Mode: Manual; SigCheck; TDLFS;
16:27:00.0929 4020 ============================================================
16:27:01.0256 4020 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:27:01.0381 4020 1394ohci - ok
16:27:01.0475 4020 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:27:01.0490 4020 ACPI - ok
16:27:01.0521 4020 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:27:01.0599 4020 AcpiPmi - ok
16:27:01.0693 4020 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:27:01.0724 4020 adp94xx - ok
16:27:01.0755 4020 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:27:01.0771 4020 adpahci - ok
16:27:01.0802 4020 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:27:01.0818 4020 adpu320 - ok
16:27:01.0896 4020 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
16:27:01.0974 4020 AFD - ok
16:27:02.0083 4020 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:27:02.0099 4020 agp440 - ok
16:27:02.0145 4020 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:27:02.0161 4020 aliide - ok
16:27:02.0395 4020 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:27:02.0411 4020 amdide - ok
16:27:02.0457 4020 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:27:02.0489 4020 AmdK8 - ok
16:27:02.0535 4020 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:27:02.0567 4020 AmdPPM - ok
16:27:02.0645 4020 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\DRIVERS\amdsata.sys
16:27:02.0660 4020 amdsata - ok
16:27:02.0707 4020 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:27:02.0723 4020 amdsbs - ok
16:27:02.0769 4020 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\DRIVERS\amdxata.sys
16:27:02.0769 4020 amdxata - ok
16:27:02.0816 4020 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
16:27:02.0863 4020 AmUStor - ok
16:27:02.0957 4020 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:27:03.0050 4020 AppID - ok
16:27:03.0175 4020 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:27:03.0191 4020 arc - ok
16:27:03.0206 4020 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:27:03.0222 4020 arcsas - ok
16:27:03.0284 4020 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
16:27:03.0315 4020 ASMMAP64 - ok
16:27:03.0440 4020 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:27:03.0565 4020 AsyncMac - ok
16:27:03.0674 4020 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:27:03.0690 4020 atapi - ok
16:27:03.0783 4020 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
16:27:03.0846 4020 athr - ok
16:27:03.0986 4020 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
16:27:04.0002 4020 AtiHdmiService - ok
16:27:04.0127 4020 atikmdag (6abdeacf12a74374cac307bc045d4662) C:\Windows\system32\DRIVERS\atikmdag.sys
16:27:04.0314 4020 atikmdag - ok
16:27:04.0501 4020 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:27:04.0563 4020 b06bdrv - ok
16:27:04.0673 4020 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:27:04.0704 4020 b57nd60a - ok
16:27:04.0813 4020 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:27:04.0860 4020 Beep - ok
16:27:04.0953 4020 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:27:04.0985 4020 blbdrive - ok
16:27:05.0125 4020 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:27:05.0172 4020 bowser - ok
16:27:05.0234 4020 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
16:27:05.0297 4020 bpenum - ok
16:27:05.0406 4020 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
16:27:05.0453 4020 bpmp - ok
16:27:05.0562 4020 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
16:27:05.0593 4020 bpusb - ok
16:27:05.0687 4020 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:27:05.0702 4020 BrFiltLo - ok
16:27:05.0749 4020 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:27:05.0765 4020 BrFiltUp - ok
16:27:05.0827 4020 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:27:05.0874 4020 Brserid - ok
16:27:05.0936 4020 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:27:05.0983 4020 BrSerWdm - ok
16:27:06.0030 4020 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:27:06.0077 4020 BrUsbMdm - ok
16:27:06.0155 4020 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:27:06.0186 4020 BrUsbSer - ok
16:27:06.0217 4020 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:27:06.0248 4020 BTHMODEM - ok
16:27:06.0357 4020 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:27:06.0420 4020 cdfs - ok
16:27:06.0451 4020 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:27:06.0467 4020 cdrom - ok
16:27:06.0498 4020 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:27:06.0529 4020 circlass - ok
16:27:06.0607 4020 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:27:06.0623 4020 CLFS - ok
16:27:06.0701 4020 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:27:06.0732 4020 CmBatt - ok
16:27:06.0810 4020 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:27:06.0825 4020 cmdide - ok
16:27:06.0841 4020 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
16:27:06.0872 4020 CNG - ok
16:27:06.0966 4020 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:27:06.0981 4020 Compbatt - ok
16:27:07.0028 4020 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:27:07.0075 4020 CompositeBus - ok
16:27:07.0153 4020 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:27:07.0169 4020 crcdisk - ok
16:27:07.0325 4020 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:27:07.0371 4020 DfsC - ok
16:27:07.0465 4020 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:27:07.0527 4020 discache - ok
16:27:07.0605 4020 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:27:07.0621 4020 Disk - ok
16:27:07.0699 4020 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:27:07.0730 4020 drmkaud - ok
16:27:07.0808 4020 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:27:07.0824 4020 DXGKrnl - ok
16:27:07.0902 4020 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:27:08.0027 4020 ebdrv - ok
16:27:08.0151 4020 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:27:08.0167 4020 elxstor - ok
16:27:08.0198 4020 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:27:08.0229 4020 ErrDev - ok
16:27:08.0307 4020 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:27:08.0354 4020 exfat - ok
16:27:08.0401 4020 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:27:08.0448 4020 fastfat - ok
16:27:08.0526 4020 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:27:08.0557 4020 fdc - ok
16:27:08.0666 4020 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:27:08.0682 4020 FileInfo - ok
16:27:08.0697 4020 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:27:08.0744 4020 Filetrace - ok
16:27:08.0838 4020 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:27:08.0869 4020 flpydisk - ok
16:27:08.0916 4020 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:27:08.0931 4020 FltMgr - ok
16:27:08.0994 4020 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:27:09.0009 4020 FsDepends - ok
16:27:09.0025 4020 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:27:09.0041 4020 Fs_Rec - ok
16:27:09.0134 4020 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:27:09.0150 4020 fvevol - ok
16:27:09.0197 4020 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:27:09.0212 4020 gagp30kx - ok
16:27:09.0275 4020 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:27:09.0290 4020 GEARAspiWDM - ok
16:27:09.0384 4020 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:27:09.0415 4020 hcw85cir - ok
16:27:09.0509 4020 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:27:09.0555 4020 HdAudAddService - ok
16:27:09.0665 4020 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:27:09.0696 4020 HDAudBus - ok
16:27:09.0789 4020 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:27:09.0789 4020 HECIx64 - ok
16:27:09.0821 4020 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:27:09.0852 4020 HidBatt - ok
16:27:09.0914 4020 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:27:09.0945 4020 HidBth - ok
16:27:10.0039 4020 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:27:10.0070 4020 HidIr - ok
16:27:10.0164 4020 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:27:10.0195 4020 HidUsb - ok
16:27:10.0242 4020 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:27:10.0257 4020 HpSAMD - ok
16:27:10.0304 4020 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:27:10.0351 4020 HTTP - ok
16:27:10.0445 4020 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:27:10.0445 4020 hwpolicy - ok
16:27:10.0507 4020 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:27:10.0523 4020 i8042prt - ok
16:27:10.0569 4020 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
16:27:10.0569 4020 iaStor - ok
16:27:10.0663 4020 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\DRIVERS\iaStorV.sys
16:27:10.0679 4020 iaStorV - ok
16:27:10.0757 4020 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:27:10.0772 4020 iirsp - ok
16:27:10.0850 4020 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
16:27:10.0881 4020 IntcAzAudAddService - ok
16:27:10.0913 4020 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:27:10.0928 4020 intelide - ok
16:27:10.0959 4020 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:27:10.0975 4020 intelppm - ok
16:27:11.0069 4020 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:27:11.0100 4020 IpFilterDriver - ok
16:27:11.0147 4020 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:27:11.0225 4020 IPMIDRV - ok
16:27:11.0318 4020 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:27:11.0365 4020 IPNAT - ok
16:27:11.0396 4020 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:27:11.0427 4020 IRENUM - ok
16:27:11.0443 4020 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:27:11.0459 4020 isapnp - ok
16:27:11.0490 4020 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:27:11.0505 4020 iScsiPrt - ok
16:27:11.0552 4020 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:27:11.0552 4020 kbdclass - ok
16:27:11.0583 4020 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:27:11.0599 4020 kbdhid - ok
16:27:11.0646 4020 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
16:27:11.0646 4020 kbfiltr - ok
16:27:11.0802 4020 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
16:27:11.0817 4020 KL1 - ok
16:27:11.0849 4020 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
16:27:11.0849 4020 kl2 - ok
16:27:11.0895 4020 KLIF (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
16:27:11.0911 4020 KLIF - ok
16:27:11.0958 4020 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
16:27:11.0958 4020 KLIM6 - ok
16:27:11.0973 4020 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
16:27:11.0989 4020 klmouflt - ok
16:27:12.0020 4020 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
16:27:12.0020 4020 KSecDD - ok
16:27:12.0067 4020 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
16:27:12.0083 4020 KSecPkg - ok
16:27:12.0098 4020 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:27:12.0145 4020 ksthunk - ok
16:27:12.0285 4020 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:27:12.0301 4020 L1C - ok
16:27:12.0348 4020 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:27:12.0379 4020 lltdio - ok
16:27:12.0629 4020 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:27:12.0644 4020 LSI_FC - ok
16:27:12.0675 4020 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:27:12.0691 4020 LSI_SAS - ok
16:27:12.0722 4020 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:27:12.0722 4020 LSI_SAS2 - ok
16:27:12.0769 4020 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:27:12.0785 4020 LSI_SCSI - ok
16:27:12.0816 4020 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:27:12.0863 4020 luafv - ok
16:27:12.0987 4020 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:27:12.0987 4020 MBAMProtector - ok
16:27:13.0128 4020 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:27:13.0128 4020 megasas - ok
16:27:13.0175 4020 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:27:13.0190 4020 MegaSR - ok
16:27:13.0206 4020 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:27:13.0253 4020 Modem - ok
16:27:13.0315 4020 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:27:13.0346 4020 monitor - ok
16:27:13.0440 4020 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:27:13.0440 4020 mouclass - ok
16:27:13.0487 4020 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:27:13.0518 4020 mouhid - ok
16:27:13.0596 4020 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:27:13.0611 4020 mountmgr - ok
16:27:13.0658 4020 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:27:13.0658 4020 mpio - ok
16:27:13.0705 4020 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:27:13.0752 4020 mpsdrv - ok
16:27:13.0830 4020 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:27:13.0861 4020 MRxDAV - ok
16:27:13.0892 4020 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:27:13.0939 4020 mrxsmb - ok
16:27:14.0017 4020 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:27:14.0048 4020 mrxsmb10 - ok
16:27:14.0064 4020 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:27:14.0095 4020 mrxsmb20 - ok
16:27:14.0126 4020 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:27:14.0142 4020 msahci - ok
16:27:14.0157 4020 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:27:14.0173 4020 msdsm - ok
16:27:14.0220 4020 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:27:14.0251 4020 Msfs - ok
16:27:14.0298 4020 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:27:14.0345 4020 mshidkmdf - ok
16:27:14.0360 4020 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:27:14.0376 4020 msisadrv - ok
16:27:14.0423 4020 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:27:14.0469 4020 MSKSSRV - ok
16:27:14.0501 4020 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:27:14.0547 4020 MSPCLOCK - ok
16:27:14.0579 4020 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:27:14.0625 4020 MSPQM - ok
16:27:14.0657 4020 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:27:14.0672 4020 MsRPC - ok
16:27:14.0735 4020 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:27:14.0750 4020 mssmbios - ok
16:27:14.0797 4020 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:27:14.0828 4020 MSTEE - ok
16:27:14.0875 4020 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:27:14.0906 4020 MTConfig - ok
16:27:14.0984 4020 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
16:27:14.0984 4020 MTsensor - ok
16:27:15.0031 4020 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:27:15.0031 4020 Mup - ok
16:27:15.0140 4020 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:27:15.0171 4020 NativeWifiP - ok
16:27:15.0281 4020 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:27:15.0312 4020 NDIS - ok
16:27:15.0374 4020 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:27:15.0421 4020 NdisCap - ok
16:27:15.0499 4020 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:27:15.0546 4020 NdisTapi - ok
16:27:15.0561 4020 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:27:15.0608 4020 Ndisuio - ok
16:27:15.0639 4020 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:27:15.0671 4020 NdisWan - ok
16:27:15.0764 4020 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:27:15.0811 4020 NDProxy - ok
16:27:15.0842 4020 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:27:15.0889 4020 NetBIOS - ok
16:27:15.0967 4020 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:27:16.0014 4020 NetBT - ok
16:27:16.0232 4020 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:27:16.0435 4020 NETw5s64 - ok
16:27:16.0529 4020 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:27:16.0529 4020 nfrd960 - ok
16:27:16.0669 4020 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:27:16.0716 4020 Npfs - ok
16:27:16.0731 4020 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:27:16.0778 4020 nsiproxy - ok
16:27:16.0872 4020 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
16:27:16.0934 4020 Ntfs - ok
16:27:16.0950 4020 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:27:16.0997 4020 Null - ok
16:27:17.0106 4020 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\DRIVERS\nvraid.sys
16:27:17.0106 4020 nvraid - ok
16:27:17.0153 4020 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\DRIVERS\nvstor.sys
16:27:17.0168 4020 nvstor - ok
16:27:17.0215 4020 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:27:17.0231 4020 nv_agp - ok
16:27:17.0262 4020 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:27:17.0293 4020 ohci1394 - ok
16:27:17.0418 4020 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:27:17.0433 4020 Parport - ok
16:27:17.0465 4020 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:27:17.0480 4020 partmgr - ok
16:27:17.0543 4020 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:27:17.0558 4020 pci - ok
16:27:17.0574 4020 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:27:17.0589 4020 pciide - ok
16:27:17.0621 4020 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:27:17.0636 4020 pcmcia - ok
16:27:17.0667 4020 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:27:17.0667 4020 pcw - ok
16:27:17.0699 4020 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:27:17.0745 4020 PEAUTH - ok
16:27:17.0901 4020 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:27:17.0964 4020 PptpMiniport - ok
16:27:17.0979 4020 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:27:18.0011 4020 Processor - ok
16:27:18.0120 4020 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:27:18.0167 4020 Psched - ok
16:27:18.0229 4020 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:27:18.0276 4020 ql2300 - ok
16:27:18.0338 4020 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:27:18.0354 4020 ql40xx - ok
16:27:18.0385 4020 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:27:18.0416 4020 QWAVEdrv - ok
16:27:18.0432 4020 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:27:18.0463 4020 RasAcd - ok
16:27:18.0557 4020 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:27:18.0588 4020 RasAgileVpn - ok
16:27:18.0635 4020 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:27:18.0681 4020 Rasl2tp - ok
16:27:18.0728 4020 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:27:18.0775 4020 RasPppoe - ok
16:27:18.0806 4020 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:27:18.0853 4020 RasSstp - ok
16:27:18.0978 4020 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:27:19.0025 4020 rdbss - ok
16:27:19.0056 4020 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:27:19.0071 4020 rdpbus - ok
16:27:19.0181 4020 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:27:19.0212 4020 RDPCDD - ok
16:27:19.0305 4020 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:27:19.0352 4020 RDPENCDD - ok
16:27:19.0461 4020 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:27:19.0493 4020 RDPREFMP - ok
16:27:19.0508 4020 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:27:19.0571 4020 RDPWD - ok
16:27:19.0586 4020 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
16:27:19.0602 4020 rdyboost - ok
16:27:19.0649 4020 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:27:19.0695 4020 rspndr - ok
16:27:19.0742 4020 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:27:19.0742 4020 sbp2port - ok
16:27:19.0820 4020 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:27:19.0867 4020 scfilter - ok
16:27:19.0929 4020 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:27:19.0961 4020 secdrv - ok
16:27:20.0007 4020 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:27:20.0023 4020 Serenum - ok
16:27:20.0117 4020 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:27:20.0132 4020 Serial - ok
16:27:20.0163 4020 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:27:20.0195 4020 sermouse - ok
16:27:20.0241 4020 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:27:20.0288 4020 sffdisk - ok
16:27:20.0366 4020 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:27:20.0382 4020 sffp_mmc - ok
16:27:20.0413 4020 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:27:20.0444 4020 sffp_sd - ok
16:27:20.0538 4020 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:27:20.0553 4020 sfloppy - ok
16:27:20.0631 4020 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
16:27:20.0647 4020 Sftfs - ok
16:27:20.0756 4020 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:27:20.0756 4020 Sftplay - ok
16:27:20.0834 4020 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:27:20.0834 4020 Sftredir - ok
16:27:20.0912 4020 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
16:27:20.0928 4020 Sftvol - ok
16:27:20.0990 4020 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
16:27:21.0021 4020 SiSGbeLH - ok
16:27:21.0084 4020 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:27:21.0084 4020 SiSRaid2 - ok
16:27:21.0115 4020 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:27:21.0131 4020 SiSRaid4 - ok
16:27:21.0209 4020 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:27:21.0240 4020 Smb - ok
16:27:21.0302 4020 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
16:27:21.0333 4020 SNP2UVC - ok
16:27:21.0396 4020 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:27:21.0411 4020 spldr - ok
16:27:21.0458 4020 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:27:21.0505 4020 srv - ok
16:27:21.0583 4020 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:27:21.0630 4020 srv2 - ok
16:27:21.0723 4020 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:27:21.0755 4020 srvnet - ok
16:27:21.0801 4020 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:27:21.0817 4020 stexstor - ok
16:27:21.0879 4020 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:27:21.0879 4020 swenum - ok
16:27:21.0989 4020 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
16:27:22.0004 4020 SynTP - ok
16:27:22.0129 4020 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
16:27:22.0176 4020 Tcpip - ok
16:27:22.0238 4020 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
16:27:22.0269 4020 TCPIP6 - ok
16:27:22.0301 4020 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:27:22.0332 4020 tcpipreg - ok
16:27:22.0410 4020 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:27:22.0457 4020 TDPIPE - ok
16:27:22.0488 4020 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:27:22.0519 4020 TDTCP - ok
16:27:22.0550 4020 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:27:22.0581 4020 tdx - ok
16:27:22.0800 4020 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:27:22.0815 4020 TermDD - ok
16:27:22.0925 4020 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:27:22.0956 4020 tssecsrv - ok
16:27:23.0003 4020 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:27:23.0034 4020 tunnel - ok
16:27:23.0081 4020 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
16:27:23.0096 4020 TurboB - ok
16:27:23.0127 4020 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:27:23.0143 4020 uagp35 - ok
16:27:23.0190 4020 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:27:23.0237 4020 udfs - ok
16:27:23.0330 4020 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:27:23.0346 4020 uliagpkx - ok
16:27:23.0377 4020 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:27:23.0408 4020 umbus - ok
16:27:23.0424 4020 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:27:23.0455 4020 UmPass - ok
16:27:23.0549 4020 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:27:23.0564 4020 usbccgp - ok
16:27:23.0595 4020 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:27:23.0611 4020 usbcir - ok
16:27:23.0642 4020 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:27:23.0658 4020 usbehci - ok
16:27:23.0689 4020 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:27:23.0720 4020 usbhub - ok
16:27:23.0783 4020 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:27:23.0798 4020 usbohci - ok
16:27:23.0829 4020 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:27:23.0861 4020 usbprint - ok
16:27:23.0939 4020 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:27:23.0970 4020 USBSTOR - ok
16:27:24.0079 4020 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:27:24.0095 4020 usbuhci - ok
16:27:24.0173 4020 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
16:27:24.0219 4020 usbvideo - ok
16:27:24.0313 4020 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:27:24.0313 4020 vdrvroot - ok
16:27:24.0407 4020 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:27:24.0422 4020 vga - ok
16:27:24.0453 4020 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:27:24.0500 4020 VgaSave - ok
16:27:24.0547 4020 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:27:24.0563 4020 vhdmp - ok
16:27:24.0594 4020 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:27:24.0609 4020 viaide - ok
16:27:24.0641 4020 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:27:24.0641 4020 volmgr - ok
16:27:24.0672 4020 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:27:24.0687 4020 volmgrx - ok
16:27:24.0719 4020 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:27:24.0734 4020 volsnap - ok
16:27:24.0781 4020 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:27:24.0797 4020 vsmraid - ok
16:27:24.0828 4020 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:27:24.0843 4020 vwifibus - ok
16:27:24.0875 4020 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:27:24.0906 4020 vwififlt - ok
16:27:24.0999 4020 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:27:25.0015 4020 vwifimp - ok
16:27:25.0046 4020 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:27:25.0062 4020 WacomPen - ok
16:27:25.0155 4020 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:27:25.0202 4020 WANARP - ok
16:27:25.0202 4020 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:27:25.0233 4020 Wanarpv6 - ok
16:27:25.0343 4020 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:27:25.0343 4020 Wd - ok
16:27:25.0374 4020 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:27:25.0405 4020 Wdf01000 - ok
16:27:25.0452 4020 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:27:25.0467 4020 WfpLwf - ok
16:27:25.0545 4020 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
16:27:25.0561 4020 WimFltr - ok
16:27:25.0592 4020 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:27:25.0608 4020 WIMMount - ok
16:27:25.0670 4020 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:27:25.0701 4020 WinUsb - ok
16:27:25.0779 4020 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:27:25.0811 4020 WmiAcpi - ok
16:27:25.0920 4020 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:27:25.0951 4020 ws2ifsl - ok
16:27:25.0982 4020 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:27:26.0013 4020 WudfPf - ok
16:27:26.0154 4020 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:27:26.0185 4020 WUDFRd - ok
16:27:26.0247 4020 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
16:27:26.0247 4020 xusb21 - ok
16:27:26.0279 4020 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
16:27:26.0325 4020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:27:26.0325 4020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:27:27.0168 4020 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:27:27.0168 4020 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:27:27.0199 4020 Boot (0x1200) (ac59ec3643cd53dda4d2f65ece9141de) \Device\Harddisk0\DR0\Partition0
16:27:27.0199 4020 \Device\Harddisk0\DR0\Partition0 - ok
16:27:27.0199 4020 ============================================================
16:27:27.0199 4020 Scan finished
16:27:27.0199 4020 ============================================================
16:27:27.0199 3528 Detected object count: 2
16:27:27.0199 3528 Actual detected object count: 2
16:27:58.0040 3528 \Device\Harddisk0\DR0\# - copied to quarantine
16:27:58.0040 3528 \Device\Harddisk0\DR0 - copied to quarantine
16:27:58.0118 3528 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:27:58.0118 3528 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:27:58.0134 3528 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:27:58.0149 3528 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:27:58.0165 3528 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:27:58.0274 3528 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:27:58.0274 3528 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:27:58.0274 3528 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:27:58.0290 3528 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:27:58.0321 3528 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:27:58.0352 3528 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:27:58.0352 3528 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:27:58.0399 3528 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:27:58.0399 3528 \Device\Harddisk0\DR0 - ok
16:27:58.0399 3528 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:27:58.0399 3528 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:27:58.0399 3528 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:28:45.0761 4488 Deinitialize success

Edited by kclayto2, 28 February 2012 - 04:40 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:35 AM

Posted 28 February 2012 - 05:16 PM

Reboot the system , if you haven't already, and then run TDSSKiller again and Cure any detections that it makes and let me have the log, as before.

So long, and thanks for all the fish.

 

 


#5 kclayto2

kclayto2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 February 2012 - 05:31 PM

After scanning the objects, only 1 comes up as a threat, but the prompt just shows the options to "quarantine, skip, or delete" the object.

17:20:57.0993 5548 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
17:20:58.0367 5548 ============================================================
17:20:58.0367 5548 Current date / time: 2012/02/28 17:20:58.0367
17:20:58.0367 5548 SystemInfo:
17:20:58.0367 5548
17:20:58.0367 5548 OS Version: 6.1.7600 ServicePack: 0.0
17:20:58.0367 5548 Product type: Workstation
17:20:58.0367 5548 ComputerName: KAYLACLAYTON-PC
17:20:58.0367 5548 UserName: Kayla Clayton
17:20:58.0367 5548 Windows directory: C:\Windows
17:20:58.0367 5548 System windows directory: C:\Windows
17:20:58.0367 5548 Running under WOW64
17:20:58.0367 5548 Processor architecture: Intel x64
17:20:58.0367 5548 Number of processors: 8
17:20:58.0367 5548 Page size: 0x1000
17:20:58.0367 5548 Boot type: Normal boot
17:20:58.0367 5548 ============================================================
17:21:00.0286 5548 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:21:00.0286 5548 \Device\Harddisk0\DR0:
17:21:00.0286 5548 MBR used
17:21:00.0286 5548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x4814643A
17:21:00.0317 5548 Initialize success
17:21:00.0317 5548 ============================================================
17:21:14.0451 5700 ============================================================
17:21:14.0451 5700 Scan started
17:21:14.0451 5700 Mode: Manual; SigCheck; TDLFS;
17:21:14.0451 5700 ============================================================
17:21:14.0825 5700 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:21:15.0028 5700 1394ohci - ok
17:21:15.0106 5700 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:21:15.0137 5700 ACPI - ok
17:21:15.0169 5700 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:21:15.0247 5700 AcpiPmi - ok
17:21:15.0356 5700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:21:15.0387 5700 adp94xx - ok
17:21:15.0512 5700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:21:15.0527 5700 adpahci - ok
17:21:15.0683 5700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:21:15.0699 5700 adpu320 - ok
17:21:15.0824 5700 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
17:21:15.0902 5700 AFD - ok
17:21:16.0027 5700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:21:16.0042 5700 agp440 - ok
17:21:16.0136 5700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:21:16.0151 5700 aliide - ok
17:21:16.0183 5700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:21:16.0183 5700 amdide - ok
17:21:16.0229 5700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:21:16.0261 5700 AmdK8 - ok
17:21:16.0339 5700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:21:16.0385 5700 AmdPPM - ok
17:21:16.0495 5700 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\DRIVERS\amdsata.sys
17:21:16.0510 5700 amdsata - ok
17:21:16.0573 5700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:21:16.0588 5700 amdsbs - ok
17:21:16.0682 5700 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\DRIVERS\amdxata.sys
17:21:16.0697 5700 amdxata - ok
17:21:16.0791 5700 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
17:21:16.0822 5700 AmUStor - ok
17:21:16.0931 5700 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:21:17.0041 5700 AppID - ok
17:21:17.0212 5700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:21:17.0228 5700 arc - ok
17:21:17.0337 5700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:21:17.0353 5700 arcsas - ok
17:21:17.0431 5700 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
17:21:17.0477 5700 ASMMAP64 - ok
17:21:17.0587 5700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:17.0727 5700 AsyncMac - ok
17:21:17.0821 5700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:21:17.0836 5700 atapi - ok
17:21:17.0899 5700 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
17:21:17.0961 5700 athr - ok
17:21:18.0070 5700 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
17:21:18.0086 5700 AtiHdmiService - ok
17:21:18.0273 5700 atikmdag (6abdeacf12a74374cac307bc045d4662) C:\Windows\system32\DRIVERS\atikmdag.sys
17:21:18.0460 5700 atikmdag - ok
17:21:18.0616 5700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:21:18.0663 5700 b06bdrv - ok
17:21:18.0772 5700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:21:18.0803 5700 b57nd60a - ok
17:21:18.0928 5700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:21:18.0975 5700 Beep - ok
17:21:19.0115 5700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:21:19.0147 5700 blbdrive - ok
17:21:19.0287 5700 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:21:19.0334 5700 bowser - ok
17:21:19.0412 5700 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
17:21:19.0474 5700 bpenum - ok
17:21:19.0583 5700 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
17:21:19.0630 5700 bpmp - ok
17:21:19.0724 5700 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
17:21:19.0755 5700 bpusb - ok
17:21:19.0849 5700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:21:19.0880 5700 BrFiltLo - ok
17:21:19.0958 5700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:21:19.0973 5700 BrFiltUp - ok
17:21:20.0020 5700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:21:20.0067 5700 Brserid - ok
17:21:20.0145 5700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:21:20.0192 5700 BrSerWdm - ok
17:21:20.0270 5700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:21:20.0317 5700 BrUsbMdm - ok
17:21:20.0410 5700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:21:20.0441 5700 BrUsbSer - ok
17:21:20.0488 5700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:21:20.0566 5700 BTHMODEM - ok
17:21:20.0675 5700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:21:20.0707 5700 cdfs - ok
17:21:20.0800 5700 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:21:20.0816 5700 cdrom - ok
17:21:20.0894 5700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:21:20.0909 5700 circlass - ok
17:21:21.0003 5700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:21:21.0019 5700 CLFS - ok
17:21:21.0097 5700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:21:21.0128 5700 CmBatt - ok
17:21:21.0315 5700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:21:21.0331 5700 cmdide - ok
17:21:21.0409 5700 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
17:21:21.0440 5700 CNG - ok
17:21:21.0533 5700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:21:21.0549 5700 Compbatt - ok
17:21:21.0627 5700 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:21:21.0658 5700 CompositeBus - ok
17:21:21.0705 5700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:21:21.0721 5700 crcdisk - ok
17:21:21.0877 5700 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:21:21.0923 5700 DfsC - ok
17:21:22.0017 5700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:21:22.0064 5700 discache - ok
17:21:22.0189 5700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:21:22.0204 5700 Disk - ok
17:21:22.0298 5700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:21:22.0329 5700 drmkaud - ok
17:21:22.0423 5700 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:21:22.0454 5700 DXGKrnl - ok
17:21:22.0797 5700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:21:22.0891 5700 ebdrv - ok
17:21:23.0015 5700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:21:23.0031 5700 elxstor - ok
17:21:23.0062 5700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:21:23.0093 5700 ErrDev - ok
17:21:23.0203 5700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:21:23.0249 5700 exfat - ok
17:21:23.0359 5700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:21:23.0405 5700 fastfat - ok
17:21:23.0515 5700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:21:23.0546 5700 fdc - ok
17:21:23.0655 5700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:21:23.0671 5700 FileInfo - ok
17:21:23.0686 5700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:21:23.0733 5700 Filetrace - ok
17:21:23.0842 5700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:21:23.0873 5700 flpydisk - ok
17:21:23.0905 5700 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:21:23.0920 5700 FltMgr - ok
17:21:24.0014 5700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:21:24.0029 5700 FsDepends - ok
17:21:24.0045 5700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:21:24.0061 5700 Fs_Rec - ok
17:21:24.0107 5700 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:21:24.0123 5700 fvevol - ok
17:21:24.0154 5700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:21:24.0170 5700 gagp30kx - ok
17:21:24.0232 5700 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:21:24.0248 5700 GEARAspiWDM - ok
17:21:24.0341 5700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:21:24.0388 5700 hcw85cir - ok
17:21:24.0497 5700 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:21:24.0529 5700 HdAudAddService - ok
17:21:24.0669 5700 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:21:24.0700 5700 HDAudBus - ok
17:21:24.0794 5700 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:21:24.0794 5700 HECIx64 - ok
17:21:24.0841 5700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:21:24.0872 5700 HidBatt - ok
17:21:24.0950 5700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:21:24.0981 5700 HidBth - ok
17:21:25.0106 5700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:21:25.0137 5700 HidIr - ok
17:21:25.0231 5700 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:21:25.0246 5700 HidUsb - ok
17:21:25.0355 5700 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:21:25.0371 5700 HpSAMD - ok
17:21:25.0480 5700 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:21:25.0527 5700 HTTP - ok
17:21:25.0621 5700 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:21:25.0636 5700 hwpolicy - ok
17:21:25.0730 5700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:21:25.0745 5700 i8042prt - ok
17:21:25.0792 5700 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
17:21:25.0792 5700 iaStor - ok
17:21:25.0886 5700 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\DRIVERS\iaStorV.sys
17:21:25.0901 5700 iaStorV - ok
17:21:25.0948 5700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:21:25.0964 5700 iirsp - ok
17:21:26.0057 5700 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
17:21:26.0089 5700 IntcAzAudAddService - ok
17:21:26.0260 5700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:21:26.0276 5700 intelide - ok
17:21:26.0338 5700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:21:26.0369 5700 intelppm - ok
17:21:26.0463 5700 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:21:26.0494 5700 IpFilterDriver - ok
17:21:26.0525 5700 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:21:26.0557 5700 IPMIDRV - ok
17:21:26.0619 5700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:21:26.0666 5700 IPNAT - ok
17:21:26.0697 5700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:21:26.0713 5700 IRENUM - ok
17:21:26.0744 5700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:21:26.0759 5700 isapnp - ok
17:21:26.0791 5700 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:21:26.0806 5700 iScsiPrt - ok
17:21:26.0837 5700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:21:26.0853 5700 kbdclass - ok
17:21:26.0931 5700 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:21:26.0962 5700 kbdhid - ok
17:21:27.0025 5700 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
17:21:27.0025 5700 kbfiltr - ok
17:21:27.0149 5700 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
17:21:27.0181 5700 KL1 - ok
17:21:27.0212 5700 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
17:21:27.0212 5700 kl2 - ok
17:21:27.0259 5700 KLIF (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
17:21:27.0274 5700 KLIF - ok
17:21:27.0352 5700 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
17:21:27.0352 5700 KLIM6 - ok
17:21:27.0399 5700 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
17:21:27.0399 5700 klmouflt - ok
17:21:27.0430 5700 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
17:21:27.0446 5700 KSecDD - ok
17:21:27.0477 5700 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
17:21:27.0493 5700 KSecPkg - ok
17:21:27.0508 5700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:21:27.0555 5700 ksthunk - ok
17:21:27.0664 5700 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
17:21:27.0680 5700 L1C - ok
17:21:27.0789 5700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:21:27.0820 5700 lltdio - ok
17:21:27.0976 5700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:21:27.0992 5700 LSI_FC - ok
17:21:28.0039 5700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:21:28.0054 5700 LSI_SAS - ok
17:21:28.0085 5700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:21:28.0101 5700 LSI_SAS2 - ok
17:21:28.0163 5700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:21:28.0179 5700 LSI_SCSI - ok
17:21:28.0226 5700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:21:28.0257 5700 luafv - ok
17:21:28.0366 5700 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:21:28.0366 5700 MBAMProtector - ok
17:21:28.0491 5700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:21:28.0507 5700 megasas - ok
17:21:28.0600 5700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:21:28.0616 5700 MegaSR - ok
17:21:28.0663 5700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:21:28.0709 5700 Modem - ok
17:21:28.0741 5700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:21:28.0772 5700 monitor - ok
17:21:28.0787 5700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:21:28.0803 5700 mouclass - ok
17:21:28.0897 5700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:21:28.0928 5700 mouhid - ok
17:21:29.0006 5700 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:21:29.0021 5700 mountmgr - ok
17:21:29.0053 5700 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:21:29.0068 5700 mpio - ok
17:21:29.0099 5700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:21:29.0146 5700 mpsdrv - ok
17:21:29.0255 5700 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:21:29.0287 5700 MRxDAV - ok
17:21:29.0365 5700 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:21:29.0411 5700 mrxsmb - ok
17:21:29.0536 5700 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:21:29.0567 5700 mrxsmb10 - ok
17:21:29.0661 5700 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:21:29.0677 5700 mrxsmb20 - ok
17:21:29.0708 5700 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:21:29.0723 5700 msahci - ok
17:21:29.0755 5700 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:21:29.0770 5700 msdsm - ok
17:21:29.0879 5700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:21:29.0911 5700 Msfs - ok
17:21:30.0004 5700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:21:30.0051 5700 mshidkmdf - ok
17:21:30.0067 5700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:21:30.0082 5700 msisadrv - ok
17:21:30.0176 5700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:21:30.0223 5700 MSKSSRV - ok
17:21:30.0316 5700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:21:30.0363 5700 MSPCLOCK - ok
17:21:30.0379 5700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:21:30.0425 5700 MSPQM - ok
17:21:30.0503 5700 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:21:30.0535 5700 MsRPC - ok
17:21:30.0550 5700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:21:30.0566 5700 mssmbios - ok
17:21:30.0581 5700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:21:30.0628 5700 MSTEE - ok
17:21:30.0691 5700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:21:30.0722 5700 MTConfig - ok
17:21:30.0769 5700 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
17:21:30.0784 5700 MTsensor - ok
17:21:30.0815 5700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:21:30.0831 5700 Mup - ok
17:21:30.0909 5700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:21:30.0956 5700 NativeWifiP - ok
17:21:31.0081 5700 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:21:31.0127 5700 NDIS - ok
17:21:31.0205 5700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:21:31.0252 5700 NdisCap - ok
17:21:31.0299 5700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:21:31.0346 5700 NdisTapi - ok
17:21:31.0439 5700 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:21:31.0486 5700 Ndisuio - ok
17:21:31.0502 5700 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:21:31.0549 5700 NdisWan - ok
17:21:31.0642 5700 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:21:31.0689 5700 NDProxy - ok
17:21:31.0783 5700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:21:31.0829 5700 NetBIOS - ok
17:21:31.0845 5700 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:21:31.0892 5700 NetBT - ok
17:21:32.0157 5700 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
17:21:32.0360 5700 NETw5s64 - ok
17:21:32.0453 5700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:21:32.0469 5700 nfrd960 - ok
17:21:32.0625 5700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:21:32.0672 5700 Npfs - ok
17:21:32.0765 5700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:21:32.0812 5700 nsiproxy - ok
17:21:32.0921 5700 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:21:32.0968 5700 Ntfs - ok
17:21:33.0031 5700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:21:33.0077 5700 Null - ok
17:21:33.0171 5700 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\DRIVERS\nvraid.sys
17:21:33.0187 5700 nvraid - ok
17:21:33.0233 5700 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\DRIVERS\nvstor.sys
17:21:33.0249 5700 nvstor - ok
17:21:33.0327 5700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:21:33.0343 5700 nv_agp - ok
17:21:33.0358 5700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:21:33.0389 5700 ohci1394 - ok
17:21:33.0530 5700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:21:33.0545 5700 Parport - ok
17:21:33.0577 5700 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:21:33.0577 5700 partmgr - ok
17:21:33.0623 5700 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:21:33.0639 5700 pci - ok
17:21:33.0670 5700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:21:33.0686 5700 pciide - ok
17:21:33.0717 5700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:21:33.0733 5700 pcmcia - ok
17:21:33.0764 5700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:21:33.0764 5700 pcw - ok
17:21:33.0811 5700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:21:33.0857 5700 PEAUTH - ok
17:21:33.0998 5700 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:21:34.0045 5700 PptpMiniport - ok
17:21:34.0060 5700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:21:34.0091 5700 Processor - ok
17:21:34.0185 5700 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:21:34.0232 5700 Psched - ok
17:21:34.0341 5700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:21:34.0403 5700 ql2300 - ok
17:21:34.0497 5700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:21:34.0513 5700 ql40xx - ok
17:21:34.0559 5700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:21:34.0591 5700 QWAVEdrv - ok
17:21:34.0669 5700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:21:34.0715 5700 RasAcd - ok
17:21:34.0793 5700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:21:34.0840 5700 RasAgileVpn - ok
17:21:34.0903 5700 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:34.0949 5700 Rasl2tp - ok
17:21:35.0043 5700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:35.0105 5700 RasPppoe - ok
17:21:35.0121 5700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:21:35.0168 5700 RasSstp - ok
17:21:35.0246 5700 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:21:35.0308 5700 rdbss - ok
17:21:35.0324 5700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:21:35.0371 5700 rdpbus - ok
17:21:35.0464 5700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:35.0511 5700 RDPCDD - ok
17:21:35.0620 5700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:21:35.0667 5700 RDPENCDD - ok
17:21:35.0714 5700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:21:35.0745 5700 RDPREFMP - ok
17:21:35.0792 5700 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
17:21:35.0854 5700 RDPWD - ok
17:21:35.0948 5700 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
17:21:35.0963 5700 rdyboost - ok
17:21:35.0995 5700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:21:36.0057 5700 rspndr - ok
17:21:36.0073 5700 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:21:36.0088 5700 sbp2port - ok
17:21:36.0119 5700 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:21:36.0166 5700 scfilter - ok
17:21:36.0244 5700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:21:36.0291 5700 secdrv - ok
17:21:36.0385 5700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:21:36.0416 5700 Serenum - ok
17:21:36.0509 5700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:21:36.0525 5700 Serial - ok
17:21:36.0572 5700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:21:36.0587 5700 sermouse - ok
17:21:36.0619 5700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:21:36.0650 5700 sffdisk - ok
17:21:36.0712 5700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:21:36.0743 5700 sffp_mmc - ok
17:21:36.0759 5700 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:21:36.0790 5700 sffp_sd - ok
17:21:36.0884 5700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:21:36.0899 5700 sfloppy - ok
17:21:36.0962 5700 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:21:36.0977 5700 Sftfs - ok
17:21:37.0087 5700 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:21:37.0102 5700 Sftplay - ok
17:21:37.0165 5700 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:21:37.0180 5700 Sftredir - ok
17:21:37.0258 5700 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:21:37.0258 5700 Sftvol - ok
17:21:37.0367 5700 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
17:21:37.0399 5700 SiSGbeLH - ok
17:21:37.0445 5700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:21:37.0461 5700 SiSRaid2 - ok
17:21:37.0477 5700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:21:37.0492 5700 SiSRaid4 - ok
17:21:37.0539 5700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:21:37.0601 5700 Smb - ok
17:21:37.0726 5700 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
17:21:37.0757 5700 SNP2UVC - ok
17:21:37.0789 5700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:21:37.0804 5700 spldr - ok
17:21:37.0851 5700 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:21:37.0898 5700 srv - ok
17:21:37.0991 5700 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:21:38.0038 5700 srv2 - ok
17:21:38.0101 5700 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:21:38.0132 5700 srvnet - ok
17:21:38.0225 5700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:21:38.0225 5700 stexstor - ok
17:21:38.0272 5700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:21:38.0288 5700 swenum - ok
17:21:38.0381 5700 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
17:21:38.0397 5700 SynTP - ok
17:21:38.0522 5700 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
17:21:38.0600 5700 Tcpip - ok
17:21:38.0725 5700 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
17:21:38.0772 5700 TCPIP6 - ok
17:21:38.0803 5700 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:21:38.0865 5700 tcpipreg - ok
17:21:38.0896 5700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:21:38.0943 5700 TDPIPE - ok
17:21:39.0006 5700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:21:39.0037 5700 TDTCP - ok
17:21:39.0068 5700 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:21:39.0099 5700 tdx - ok
17:21:39.0130 5700 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:21:39.0146 5700 TermDD - ok
17:21:39.0224 5700 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:39.0271 5700 tssecsrv - ok
17:21:39.0349 5700 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:21:39.0380 5700 tunnel - ok
17:21:39.0411 5700 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
17:21:39.0427 5700 TurboB - ok
17:21:39.0458 5700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:21:39.0474 5700 uagp35 - ok
17:21:39.0505 5700 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:21:39.0552 5700 udfs - ok
17:21:39.0645 5700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:21:39.0661 5700 uliagpkx - ok
17:21:39.0692 5700 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:21:39.0723 5700 umbus - ok
17:21:39.0786 5700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:21:39.0801 5700 UmPass - ok
17:21:39.0942 5700 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:39.0973 5700 usbccgp - ok
17:21:40.0035 5700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:21:40.0051 5700 usbcir - ok
17:21:40.0144 5700 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
17:21:40.0160 5700 usbehci - ok
17:21:40.0176 5700 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
17:21:40.0207 5700 usbhub - ok
17:21:40.0222 5700 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:21:40.0238 5700 usbohci - ok
17:21:40.0269 5700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:21:40.0300 5700 usbprint - ok
17:21:40.0363 5700 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:40.0410 5700 USBSTOR - ok
17:21:40.0503 5700 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:21:40.0519 5700 usbuhci - ok
17:21:40.0566 5700 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
17:21:40.0612 5700 usbvideo - ok
17:21:40.0706 5700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:21:40.0722 5700 vdrvroot - ok
17:21:40.0800 5700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:40.0815 5700 vga - ok
17:21:40.0846 5700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:21:40.0893 5700 VgaSave - ok
17:21:40.0924 5700 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:21:40.0940 5700 vhdmp - ok
17:21:41.0018 5700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:21:41.0034 5700 viaide - ok
17:21:41.0049 5700 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:21:41.0065 5700 volmgr - ok
17:21:41.0080 5700 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:21:41.0096 5700 volmgrx - ok
17:21:41.0127 5700 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:21:41.0143 5700 volsnap - ok
17:21:41.0205 5700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:21:41.0205 5700 vsmraid - ok
17:21:41.0268 5700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:21:41.0299 5700 vwifibus - ok
17:21:41.0314 5700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:21:41.0346 5700 vwififlt - ok
17:21:41.0439 5700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:21:41.0455 5700 vwifimp - ok
17:21:41.0502 5700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:21:41.0517 5700 WacomPen - ok
17:21:41.0611 5700 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:41.0658 5700 WANARP - ok
17:21:41.0673 5700 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:41.0704 5700 Wanarpv6 - ok
17:21:41.0798 5700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:21:41.0814 5700 Wd - ok
17:21:41.0845 5700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:21:41.0860 5700 Wdf01000 - ok
17:21:41.0938 5700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:21:41.0970 5700 WfpLwf - ok
17:21:42.0048 5700 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
17:21:42.0063 5700 WimFltr - ok
17:21:42.0094 5700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:21:42.0110 5700 WIMMount - ok
17:21:42.0204 5700 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:21:42.0235 5700 WinUsb - ok
17:21:42.0313 5700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:21:42.0328 5700 WmiAcpi - ok
17:21:42.0438 5700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:21:42.0469 5700 ws2ifsl - ok
17:21:42.0484 5700 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:21:42.0531 5700 WudfPf - ok
17:21:42.0594 5700 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:42.0625 5700 WUDFRd - ok
17:21:42.0672 5700 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
17:21:42.0672 5700 xusb21 - ok
17:21:42.0718 5700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:21:42.0906 5700 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:21:42.0906 5700 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:21:42.0906 5700 Boot (0x1200) (ac59ec3643cd53dda4d2f65ece9141de) \Device\Harddisk0\DR0\Partition0
17:21:42.0921 5700 \Device\Harddisk0\DR0\Partition0 - ok
17:21:42.0921 5700 ============================================================
17:21:42.0921 5700 Scan finished
17:21:42.0921 5700 ============================================================
17:21:42.0921 5692 Detected object count: 1
17:21:42.0921 5692 Actual detected object count: 1
17:22:50.0953 5692 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:22:50.0968 5692 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:22:50.0968 5692 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:22:51.0015 5692 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:22:51.0046 5692 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:22:51.0062 5692 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:22:51.0062 5692 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:22:51.0062 5692 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:22:51.0078 5692 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:22:51.0078 5692 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:22:51.0093 5692 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:22:51.0093 5692 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:22:51.0093 5692 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
17:23:02.0263 5652 Deinitialize success

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:35 AM

Posted 28 February 2012 - 06:56 PM

Will you Delete that object then and let me have the log that is produced.

So long, and thanks for all the fish.

 

 


#7 kclayto2

kclayto2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 29 February 2012 - 12:37 AM

Just deleted and rebooted my computer. Everything appears to be working great now - it no longer crashes when I put it in hibernate mode and Google operates smoothly. Thanks for all your help :)

00:34:00.0741 1896 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
00:34:01.0172 1896 ============================================================
00:34:01.0172 1896 Current date / time: 2012/02/29 00:34:01.0172
00:34:01.0172 1896 SystemInfo:
00:34:01.0172 1896
00:34:01.0172 1896 OS Version: 6.1.7600 ServicePack: 0.0
00:34:01.0172 1896 Product type: Workstation
00:34:01.0172 1896 ComputerName: KAYLACLAYTON-PC
00:34:01.0173 1896 UserName: Kayla Clayton
00:34:01.0173 1896 Windows directory: C:\Windows
00:34:01.0173 1896 System windows directory: C:\Windows
00:34:01.0173 1896 Running under WOW64
00:34:01.0173 1896 Processor architecture: Intel x64
00:34:01.0173 1896 Number of processors: 8
00:34:01.0173 1896 Page size: 0x1000
00:34:01.0173 1896 Boot type: Normal boot
00:34:01.0173 1896 ============================================================
00:34:01.0694 1896 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:34:01.0702 1896 \Device\Harddisk0\DR0:
00:34:01.0702 1896 MBR used
00:34:01.0702 1896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x4814643A
00:34:01.0724 1896 Initialize success
00:34:01.0724 1896 ============================================================
00:34:09.0513 2464 ============================================================
00:34:09.0513 2464 Scan started
00:34:09.0513 2464 Mode: Manual; SigCheck; TDLFS;
00:34:09.0513 2464 ============================================================
00:34:09.0894 2464 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:34:10.0014 2464 1394ohci - ok
00:34:10.0095 2464 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:34:10.0118 2464 ACPI - ok
00:34:10.0219 2464 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:34:10.0416 2464 AcpiPmi - ok
00:34:10.0508 2464 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:34:10.0530 2464 adp94xx - ok
00:34:10.0564 2464 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:34:10.0583 2464 adpahci - ok
00:34:10.0611 2464 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:34:10.0627 2464 adpu320 - ok
00:34:10.0700 2464 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
00:34:10.0768 2464 AFD - ok
00:34:10.0894 2464 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:34:10.0908 2464 agp440 - ok
00:34:10.0955 2464 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:34:10.0967 2464 aliide - ok
00:34:11.0065 2464 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:34:11.0078 2464 amdide - ok
00:34:11.0107 2464 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:34:11.0123 2464 AmdK8 - ok
00:34:11.0142 2464 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:34:11.0177 2464 AmdPPM - ok
00:34:11.0236 2464 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\DRIVERS\amdsata.sys
00:34:11.0250 2464 amdsata - ok
00:34:11.0299 2464 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:34:11.0316 2464 amdsbs - ok
00:34:11.0359 2464 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\DRIVERS\amdxata.sys
00:34:11.0372 2464 amdxata - ok
00:34:11.0420 2464 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
00:34:11.0462 2464 AmUStor - ok
00:34:11.0557 2464 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:34:11.0658 2464 AppID - ok
00:34:11.0775 2464 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:34:11.0788 2464 arc - ok
00:34:11.0809 2464 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:34:11.0822 2464 arcsas - ok
00:34:11.0903 2464 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
00:34:11.0929 2464 ASMMAP64 - ok
00:34:12.0045 2464 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:34:12.0173 2464 AsyncMac - ok
00:34:12.0277 2464 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:34:12.0289 2464 atapi - ok
00:34:12.0335 2464 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
00:34:12.0404 2464 athr - ok
00:34:12.0517 2464 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
00:34:12.0529 2464 AtiHdmiService - ok
00:34:12.0662 2464 atikmdag (6abdeacf12a74374cac307bc045d4662) C:\Windows\system32\DRIVERS\atikmdag.sys
00:34:12.0966 2464 atikmdag - ok
00:34:13.0106 2464 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:34:13.0171 2464 b06bdrv - ok
00:34:13.0271 2464 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:34:13.0321 2464 b57nd60a - ok
00:34:13.0424 2464 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:34:13.0471 2464 Beep - ok
00:34:13.0577 2464 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:34:13.0608 2464 blbdrive - ok
00:34:13.0739 2464 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
00:34:13.0794 2464 bowser - ok
00:34:13.0875 2464 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
00:34:13.0933 2464 bpenum - ok
00:34:14.0046 2464 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
00:34:14.0087 2464 bpmp - ok
00:34:14.0180 2464 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
00:34:14.0222 2464 bpusb - ok
00:34:14.0306 2464 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:34:14.0335 2464 BrFiltLo - ok
00:34:14.0378 2464 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:34:14.0395 2464 BrFiltUp - ok
00:34:14.0437 2464 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:34:14.0482 2464 Brserid - ok
00:34:14.0554 2464 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:34:14.0591 2464 BrSerWdm - ok
00:34:14.0649 2464 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:34:14.0695 2464 BrUsbMdm - ok
00:34:14.0763 2464 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:34:14.0780 2464 BrUsbSer - ok
00:34:14.0818 2464 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:34:14.0854 2464 BTHMODEM - ok
00:34:14.0966 2464 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:34:15.0011 2464 cdfs - ok
00:34:15.0110 2464 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:34:15.0145 2464 cdrom - ok
00:34:15.0216 2464 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:34:15.0234 2464 circlass - ok
00:34:15.0288 2464 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:34:15.0308 2464 CLFS - ok
00:34:15.0418 2464 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:34:15.0451 2464 CmBatt - ok
00:34:15.0513 2464 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:34:15.0526 2464 cmdide - ok
00:34:15.0617 2464 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
00:34:15.0644 2464 CNG - ok
00:34:15.0721 2464 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:34:15.0734 2464 Compbatt - ok
00:34:15.0762 2464 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:34:15.0799 2464 CompositeBus - ok
00:34:15.0874 2464 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:34:15.0887 2464 crcdisk - ok
00:34:16.0053 2464 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
00:34:16.0099 2464 DfsC - ok
00:34:16.0187 2464 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:34:16.0246 2464 discache - ok
00:34:16.0348 2464 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:34:16.0364 2464 Disk - ok
00:34:16.0413 2464 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:34:16.0446 2464 drmkaud - ok
00:34:16.0497 2464 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
00:34:16.0535 2464 DXGKrnl - ok
00:34:16.0637 2464 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:34:16.0764 2464 ebdrv - ok
00:34:16.0881 2464 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:34:16.0903 2464 elxstor - ok
00:34:16.0941 2464 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:34:16.0976 2464 ErrDev - ok
00:34:17.0076 2464 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:34:17.0125 2464 exfat - ok
00:34:17.0173 2464 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:34:17.0229 2464 fastfat - ok
00:34:17.0312 2464 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:34:17.0346 2464 fdc - ok
00:34:17.0442 2464 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:34:17.0455 2464 FileInfo - ok
00:34:17.0472 2464 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:34:17.0522 2464 Filetrace - ok
00:34:17.0546 2464 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:34:17.0586 2464 flpydisk - ok
00:34:17.0628 2464 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:34:17.0646 2464 FltMgr - ok
00:34:17.0688 2464 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:34:17.0700 2464 FsDepends - ok
00:34:17.0714 2464 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:34:17.0727 2464 Fs_Rec - ok
00:34:17.0779 2464 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:34:17.0798 2464 fvevol - ok
00:34:17.0828 2464 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:34:17.0841 2464 gagp30kx - ok
00:34:17.0896 2464 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:34:17.0905 2464 GEARAspiWDM - ok
00:34:17.0962 2464 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:34:18.0004 2464 hcw85cir - ok
00:34:18.0098 2464 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:34:18.0137 2464 HdAudAddService - ok
00:34:18.0285 2464 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:34:18.0317 2464 HDAudBus - ok
00:34:18.0388 2464 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:34:18.0398 2464 HECIx64 - ok
00:34:18.0433 2464 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:34:18.0463 2464 HidBatt - ok
00:34:18.0508 2464 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:34:18.0546 2464 HidBth - ok
00:34:18.0602 2464 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:34:18.0620 2464 HidIr - ok
00:34:18.0697 2464 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:34:18.0722 2464 HidUsb - ok
00:34:18.0796 2464 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:34:18.0811 2464 HpSAMD - ok
00:34:18.0874 2464 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:34:18.0931 2464 HTTP - ok
00:34:18.0962 2464 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:34:18.0975 2464 hwpolicy - ok
00:34:19.0015 2464 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:34:19.0030 2464 i8042prt - ok
00:34:19.0096 2464 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
00:34:19.0110 2464 iaStor - ok
00:34:19.0169 2464 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\DRIVERS\iaStorV.sys
00:34:19.0189 2464 iaStorV - ok
00:34:19.0214 2464 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:34:19.0225 2464 iirsp - ok
00:34:19.0316 2464 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
00:34:19.0408 2464 IntcAzAudAddService - ok
00:34:19.0480 2464 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:34:19.0492 2464 intelide - ok
00:34:19.0515 2464 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:34:19.0539 2464 intelppm - ok
00:34:19.0660 2464 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:34:19.0698 2464 IpFilterDriver - ok
00:34:19.0815 2464 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:34:19.0848 2464 IPMIDRV - ok
00:34:19.0873 2464 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:34:19.0922 2464 IPNAT - ok
00:34:20.0007 2464 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:34:20.0069 2464 IRENUM - ok
00:34:20.0091 2464 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:34:20.0103 2464 isapnp - ok
00:34:20.0128 2464 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:34:20.0146 2464 iScsiPrt - ok
00:34:20.0179 2464 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:34:20.0192 2464 kbdclass - ok
00:34:20.0253 2464 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:34:20.0283 2464 kbdhid - ok
00:34:20.0314 2464 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
00:34:20.0324 2464 kbfiltr - ok
00:34:20.0434 2464 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
00:34:20.0453 2464 KL1 - ok
00:34:20.0495 2464 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
00:34:20.0504 2464 kl2 - ok
00:34:20.0548 2464 KLIF (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
00:34:20.0568 2464 KLIF - ok
00:34:20.0637 2464 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
00:34:20.0647 2464 KLIM6 - ok
00:34:20.0675 2464 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
00:34:20.0685 2464 klmouflt - ok
00:34:20.0720 2464 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
00:34:20.0735 2464 KSecDD - ok
00:34:20.0759 2464 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
00:34:20.0777 2464 KSecPkg - ok
00:34:20.0802 2464 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:34:20.0854 2464 ksthunk - ok
00:34:20.0940 2464 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:34:20.0951 2464 L1C - ok
00:34:20.0997 2464 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:34:21.0053 2464 lltdio - ok
00:34:21.0177 2464 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:34:21.0191 2464 LSI_FC - ok
00:34:21.0215 2464 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:34:21.0229 2464 LSI_SAS - ok
00:34:21.0250 2464 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:34:21.0264 2464 LSI_SAS2 - ok
00:34:21.0293 2464 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:34:21.0307 2464 LSI_SCSI - ok
00:34:21.0335 2464 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:34:21.0381 2464 luafv - ok
00:34:21.0497 2464 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:34:21.0509 2464 MBAMProtector - ok
00:34:21.0612 2464 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:34:21.0625 2464 megasas - ok
00:34:21.0651 2464 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:34:21.0668 2464 MegaSR - ok
00:34:21.0705 2464 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:34:21.0756 2464 Modem - ok
00:34:21.0845 2464 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:34:21.0877 2464 monitor - ok
00:34:21.0906 2464 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:34:21.0920 2464 mouclass - ok
00:34:22.0004 2464 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:34:22.0038 2464 mouhid - ok
00:34:22.0134 2464 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:34:22.0147 2464 mountmgr - ok
00:34:22.0172 2464 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:34:22.0187 2464 mpio - ok
00:34:22.0213 2464 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:34:22.0261 2464 mpsdrv - ok
00:34:22.0282 2464 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:34:22.0313 2464 MRxDAV - ok
00:34:22.0345 2464 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:34:22.0389 2464 mrxsmb - ok
00:34:22.0470 2464 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:34:22.0507 2464 mrxsmb10 - ok
00:34:22.0540 2464 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:34:22.0570 2464 mrxsmb20 - ok
00:34:22.0596 2464 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
00:34:22.0609 2464 msahci - ok
00:34:22.0628 2464 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:34:22.0644 2464 msdsm - ok
00:34:22.0683 2464 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:34:22.0719 2464 Msfs - ok
00:34:22.0792 2464 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:34:22.0827 2464 mshidkmdf - ok
00:34:22.0844 2464 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:34:22.0857 2464 msisadrv - ok
00:34:22.0902 2464 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:34:22.0953 2464 MSKSSRV - ok
00:34:22.0975 2464 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:34:23.0029 2464 MSPCLOCK - ok
00:34:23.0103 2464 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:34:23.0151 2464 MSPQM - ok
00:34:23.0180 2464 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:34:23.0198 2464 MsRPC - ok
00:34:23.0220 2464 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:34:23.0233 2464 mssmbios - ok
00:34:23.0254 2464 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:34:23.0299 2464 MSTEE - ok
00:34:23.0321 2464 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:34:23.0350 2464 MTConfig - ok
00:34:23.0433 2464 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
00:34:23.0445 2464 MTsensor - ok
00:34:23.0473 2464 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:34:23.0488 2464 Mup - ok
00:34:23.0534 2464 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:34:23.0570 2464 NativeWifiP - ok
00:34:23.0675 2464 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:34:23.0713 2464 NDIS - ok
00:34:23.0786 2464 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:34:23.0835 2464 NdisCap - ok
00:34:23.0916 2464 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:34:23.0965 2464 NdisTapi - ok
00:34:24.0034 2464 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:34:24.0082 2464 Ndisuio - ok
00:34:24.0113 2464 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:34:24.0162 2464 NdisWan - ok
00:34:24.0251 2464 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:34:24.0300 2464 NDProxy - ok
00:34:24.0366 2464 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:34:24.0415 2464 NetBIOS - ok
00:34:24.0445 2464 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:34:24.0496 2464 NetBT - ok
00:34:24.0731 2464 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
00:34:24.0943 2464 NETw5s64 - ok
00:34:25.0025 2464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:34:25.0037 2464 nfrd960 - ok
00:34:25.0168 2464 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:34:25.0217 2464 Npfs - ok
00:34:25.0244 2464 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:34:25.0293 2464 nsiproxy - ok
00:34:25.0403 2464 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
00:34:25.0468 2464 Ntfs - ok
00:34:25.0518 2464 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:34:25.0565 2464 Null - ok
00:34:25.0620 2464 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\DRIVERS\nvraid.sys
00:34:25.0635 2464 nvraid - ok
00:34:25.0660 2464 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\DRIVERS\nvstor.sys
00:34:25.0676 2464 nvstor - ok
00:34:25.0712 2464 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:34:25.0725 2464 nv_agp - ok
00:34:25.0757 2464 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:34:25.0790 2464 ohci1394 - ok
00:34:25.0882 2464 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:34:25.0898 2464 Parport - ok
00:34:25.0931 2464 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:34:25.0946 2464 partmgr - ok
00:34:25.0981 2464 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:34:25.0995 2464 pci - ok
00:34:26.0005 2464 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:34:26.0016 2464 pciide - ok
00:34:26.0051 2464 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:34:26.0067 2464 pcmcia - ok
00:34:26.0089 2464 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:34:26.0103 2464 pcw - ok
00:34:26.0136 2464 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:34:26.0196 2464 PEAUTH - ok
00:34:26.0357 2464 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:34:26.0412 2464 PptpMiniport - ok
00:34:26.0438 2464 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:34:26.0469 2464 Processor - ok
00:34:26.0583 2464 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:34:26.0633 2464 Psched - ok
00:34:26.0741 2464 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:34:26.0794 2464 ql2300 - ok
00:34:26.0888 2464 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:34:26.0913 2464 ql40xx - ok
00:34:26.0936 2464 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:34:26.0965 2464 QWAVEdrv - ok
00:34:27.0059 2464 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:34:27.0096 2464 RasAcd - ok
00:34:27.0135 2464 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:34:27.0182 2464 RasAgileVpn - ok
00:34:27.0263 2464 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:34:27.0315 2464 Rasl2tp - ok
00:34:27.0429 2464 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:34:27.0482 2464 RasPppoe - ok
00:34:27.0522 2464 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:34:27.0571 2464 RasSstp - ok
00:34:27.0653 2464 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:34:27.0710 2464 rdbss - ok
00:34:27.0734 2464 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:34:27.0766 2464 rdpbus - ok
00:34:27.0864 2464 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:34:27.0910 2464 RDPCDD - ok
00:34:28.0004 2464 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:34:28.0058 2464 RDPENCDD - ok
00:34:28.0151 2464 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:34:28.0189 2464 RDPREFMP - ok
00:34:28.0210 2464 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
00:34:28.0264 2464 RDPWD - ok
00:34:28.0324 2464 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
00:34:28.0340 2464 rdyboost - ok
00:34:28.0382 2464 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:34:28.0430 2464 rspndr - ok
00:34:28.0524 2464 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:34:28.0538 2464 sbp2port - ok
00:34:28.0560 2464 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:34:28.0606 2464 scfilter - ok
00:34:28.0637 2464 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:34:28.0683 2464 secdrv - ok
00:34:28.0779 2464 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:34:28.0807 2464 Serenum - ok
00:34:28.0903 2464 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:34:28.0921 2464 Serial - ok
00:34:28.0959 2464 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:34:28.0984 2464 sermouse - ok
00:34:29.0012 2464 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:34:29.0057 2464 sffdisk - ok
00:34:29.0137 2464 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:34:29.0167 2464 sffp_mmc - ok
00:34:29.0187 2464 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:34:29.0217 2464 sffp_sd - ok
00:34:29.0294 2464 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:34:29.0312 2464 sfloppy - ok
00:34:29.0387 2464 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
00:34:29.0411 2464 Sftfs - ok
00:34:29.0507 2464 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:34:29.0523 2464 Sftplay - ok
00:34:29.0588 2464 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:34:29.0598 2464 Sftredir - ok
00:34:29.0624 2464 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
00:34:29.0634 2464 Sftvol - ok
00:34:29.0741 2464 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
00:34:29.0770 2464 SiSGbeLH - ok
00:34:29.0815 2464 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:34:29.0828 2464 SiSRaid2 - ok
00:34:29.0850 2464 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:34:29.0863 2464 SiSRaid4 - ok
00:34:29.0919 2464 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:34:29.0955 2464 Smb - ok
00:34:30.0059 2464 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
00:34:30.0112 2464 SNP2UVC - ok
00:34:30.0157 2464 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:34:30.0169 2464 spldr - ok
00:34:30.0226 2464 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
00:34:30.0255 2464 srv - ok
00:34:30.0348 2464 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
00:34:30.0368 2464 srv2 - ok
00:34:30.0403 2464 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
00:34:30.0436 2464 srvnet - ok
00:34:30.0519 2464 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:34:30.0531 2464 stexstor - ok
00:34:30.0574 2464 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:34:30.0587 2464 swenum - ok
00:34:30.0650 2464 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
00:34:30.0665 2464 SynTP - ok
00:34:30.0765 2464 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
00:34:30.0831 2464 Tcpip - ok
00:34:30.0942 2464 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
00:34:30.0974 2464 TCPIP6 - ok
00:34:31.0005 2464 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:34:31.0040 2464 tcpipreg - ok
00:34:31.0103 2464 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:34:31.0172 2464 TDPIPE - ok
00:34:31.0201 2464 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:34:31.0236 2464 TDTCP - ok
00:34:31.0315 2464 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:34:31.0352 2464 tdx - ok
00:34:31.0369 2464 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:34:31.0383 2464 TermDD - ok
00:34:31.0469 2464 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:34:31.0504 2464 tssecsrv - ok
00:34:31.0603 2464 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:34:31.0638 2464 tunnel - ok
00:34:31.0665 2464 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
00:34:31.0676 2464 TurboB - ok
00:34:31.0699 2464 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:34:31.0713 2464 uagp35 - ok
00:34:31.0741 2464 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
00:34:31.0794 2464 udfs - ok
00:34:31.0892 2464 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:34:31.0905 2464 uliagpkx - ok
00:34:31.0924 2464 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:34:31.0957 2464 umbus - ok
00:34:31.0980 2464 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:34:32.0007 2464 UmPass - ok
00:34:32.0112 2464 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
00:34:32.0148 2464 usbccgp - ok
00:34:32.0178 2464 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:34:32.0197 2464 usbcir - ok
00:34:32.0216 2464 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
00:34:32.0232 2464 usbehci - ok
00:34:32.0274 2464 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
00:34:32.0313 2464 usbhub - ok
00:34:32.0394 2464 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:34:32.0412 2464 usbohci - ok
00:34:32.0442 2464 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:34:32.0470 2464 usbprint - ok
00:34:32.0505 2464 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:34:32.0556 2464 USBSTOR - ok
00:34:32.0645 2464 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:34:32.0661 2464 usbuhci - ok
00:34:32.0708 2464 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
00:34:32.0754 2464 usbvideo - ok
00:34:32.0851 2464 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:34:32.0866 2464 vdrvroot - ok
00:34:32.0903 2464 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:34:32.0922 2464 vga - ok
00:34:32.0948 2464 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:34:33.0001 2464 VgaSave - ok
00:34:33.0023 2464 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:34:33.0039 2464 vhdmp - ok
00:34:33.0062 2464 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:34:33.0076 2464 viaide - ok
00:34:33.0093 2464 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:34:33.0107 2464 volmgr - ok
00:34:33.0138 2464 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:34:33.0155 2464 volmgrx - ok
00:34:33.0187 2464 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:34:33.0203 2464 volsnap - ok
00:34:33.0252 2464 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:34:33.0269 2464 vsmraid - ok
00:34:33.0325 2464 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:34:33.0356 2464 vwifibus - ok
00:34:33.0384 2464 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:34:33.0415 2464 vwififlt - ok
00:34:33.0506 2464 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:34:33.0523 2464 vwifimp - ok
00:34:33.0560 2464 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:34:33.0584 2464 WacomPen - ok
00:34:33.0681 2464 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:34:33.0732 2464 WANARP - ok
00:34:33.0752 2464 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:34:33.0788 2464 Wanarpv6 - ok
00:34:33.0882 2464 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:34:33.0894 2464 Wd - ok
00:34:33.0922 2464 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:34:33.0946 2464 Wdf01000 - ok
00:34:34.0029 2464 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:34:34.0065 2464 WfpLwf - ok
00:34:34.0137 2464 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
00:34:34.0154 2464 WimFltr - ok
00:34:34.0212 2464 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:34:34.0225 2464 WIMMount - ok
00:34:34.0413 2464 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:34:34.0447 2464 WinUsb - ok
00:34:34.0504 2464 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:34:34.0533 2464 WmiAcpi - ok
00:34:34.0622 2464 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:34:34.0657 2464 ws2ifsl - ok
00:34:34.0687 2464 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:34:34.0733 2464 WudfPf - ok
00:34:34.0822 2464 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:34:34.0861 2464 WUDFRd - ok
00:34:34.0906 2464 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
00:34:34.0917 2464 xusb21 - ok
00:34:34.0958 2464 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:34:35.0145 2464 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:34:35.0145 2464 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:34:35.0149 2464 Boot (0x1200) (ac59ec3643cd53dda4d2f65ece9141de) \Device\Harddisk0\DR0\Partition0
00:34:35.0150 2464 \Device\Harddisk0\DR0\Partition0 - ok
00:34:35.0151 2464 ============================================================
00:34:35.0151 2464 Scan finished
00:34:35.0151 2464 ============================================================
00:34:35.0162 3884 Detected object count: 1
00:34:35.0162 3884 Actual detected object count: 1
00:34:44.0707 3884 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:34:44.0711 3884 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
00:34:44.0720 3884 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
00:34:44.0729 3884 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
00:34:44.0753 3884 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
00:34:44.0770 3884 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
00:34:44.0772 3884 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
00:34:44.0773 3884 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
00:34:44.0776 3884 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
00:34:44.0780 3884 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
00:34:44.0784 3884 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
00:34:44.0786 3884 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
00:34:44.0787 3884 \Device\Harddisk0\DR0\TDLFS - deleted
00:34:44.0787 3884 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
00:34:48.0956 2300 Deinitialize success

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:35 AM

Posted 29 February 2012 - 03:39 PM

Good evening. :)

Will you run the PC for 24 hours, having MalwareBytes scan and delete anything it finds at some point, and let me have that log and a fresh DDS log - i'd like to check for any stragglers before you leave.

So long, and thanks for all the fish.

 

 


#9 kclayto2

kclayto2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 29 February 2012 - 05:07 PM

Will do :)

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:35 AM

Posted 05 March 2012 - 03:12 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users