Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google redirect malware


  • This topic is locked This topic is locked
18 replies to this topic

#1 Cruisermom

Cruisermom

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 25 March 2012 - 06:09 PM

Daughter's computer infected with Google Redirect malware. I am following the instructions given in the sticky. Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by owner at 19:00:17 on 2012-03-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1399 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\ProgramData\OfficeGuardianV2\UACProxy.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\lxdxcoms.exe
C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\windows\system32\DllHost.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mWinlogon: Userinit=userinit.exe
BHO: MRI_DISABLED - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [SacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AD986EF5-5691-4304-859A-9A0923A4C89D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AD986EF5-5691-4304-859A-9A0923A4C89D}\34F657274797162746 : DhcpNameServer = 4.2.2.2 4.2.2.1 8.8.8.8
TCP: Interfaces\{AD986EF5-5691-4304-859A-9A0923A4C89D}\84F6C6C6978496C6C6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AD986EF5-5691-4304-859A-9A0923A4C89D}\C696E6B6379737 : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Samsung BHO Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;C:\ProgramData\OfficeGuardianV2\UACProxy.exe [2011-7-31 83792]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 lxdx_device;lxdx_device;C:\windows\system32\lxdxcoms.exe -service --> C:\windows\system32\lxdxcoms.exe -service [?]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-25 22:47:57 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81D2CD79-1A8D-40BE-8746-D04B13C6D05A}\mpengine.dll
2012-03-25 20:07:03 20480 ----a-w- C:\windows\svchost.exe
2012-03-24 14:15:15 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9676.tmp
2012-03-24 14:15:15 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9637.tmp
2012-03-24 13:59:07 -------- d-----w- C:\Users\owner\AppData\Local\{864E63F8-0CB3-4E1C-9023-A88647F6D228}
2012-03-24 13:58:56 -------- d-----w- C:\Users\owner\AppData\Local\{4C643981-E265-47EB-BE92-390F6ADE07FE}
2012-03-24 13:47:20 -------- d-----w- C:\Users\owner\AppData\Local\{152988AA-B2D4-4281-9F02-C182A1914DF9}
2012-03-24 13:47:07 -------- d-----w- C:\Users\owner\AppData\Local\{575BAC33-3FCC-489B-9E4F-922E17780C3D}
2012-03-24 13:39:56 -------- d-----w- C:\Users\owner\AppData\Local\{F73E7E0F-B980-46C4-93A2-FD875D6E1B8C}
2012-03-24 13:39:39 -------- d-----w- C:\Users\owner\AppData\Local\{B5E4CDE6-2976-479E-826F-9C38A45B9523}
2012-03-24 13:37:31 -------- d-----w- C:\Users\owner\AppData\Local\{8E4A57D0-91AD-444D-9256-D78DF4C361E6}
2012-03-24 13:37:19 -------- d-----w- C:\Users\owner\AppData\Local\{35AE896A-9040-400C-83B1-AD778D561295}
2012-03-24 01:12:40 -------- d-----w- C:\Users\owner\AppData\Local\{CC1250B8-1DA1-4442-B109-669A5D07DE70}
2012-03-24 01:12:29 -------- d-----w- C:\Users\owner\AppData\Local\{7577E684-2EF8-4034-B3E9-A899F56F2178}
2012-03-24 01:04:41 -------- d-----w- C:\Users\owner\AppData\Local\{B003E66E-DC9C-495D-8263-089899BA994F}
2012-03-24 01:04:27 -------- d-----w- C:\Users\owner\AppData\Local\{21AA8FCA-6E27-472E-8DB7-BB4789E143E2}
2012-03-24 00:52:59 -------- d-----w- C:\Users\owner\AppData\Local\{D977A0B3-D4E5-4DFB-AAC4-4720D5CCFE0B}
2012-03-24 00:52:47 -------- d-----w- C:\Users\owner\AppData\Local\{03439E7D-C006-4319-88A7-615EFFF5A4E5}
2012-03-14 20:53:55 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-14 20:53:54 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 20:53:53 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-13 19:27:15 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-13 19:27:13 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-13 19:27:12 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-13 19:26:23 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-13 19:26:23 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-13 19:26:23 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-13 19:26:13 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-13 19:26:13 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-13 19:26:13 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-13 19:26:12 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-11 19:06:15 -------- d-----w- C:\Users\owner\AppData\Local\{D1B7A1EC-9940-469F-9CC0-B0E728BFA867}
2012-03-11 19:06:03 -------- d-----w- C:\Users\owner\AppData\Local\{FF98CF1C-CED5-46B1-997E-C33E5A26BD31}
2012-03-11 18:38:27 -------- d-----w- C:\Users\owner\AppData\Local\{CAF7D0C5-8D3B-42D6-ACD2-4381340F77EC}
2012-03-11 18:38:14 -------- d-----w- C:\Users\owner\AppData\Local\{124DD4BF-2D99-4310-89AA-DAD683BB43BD}
2012-03-11 18:37:22 -------- d-----w- C:\Users\owner\AppData\Local\{502C170F-0F40-428F-BB53-8CDD4AF23FD2}
2012-03-11 18:37:10 -------- d-----w- C:\Users\owner\AppData\Local\{53EC83AF-2D90-4309-B06A-D5CFD5313DB7}
2012-03-11 18:33:41 -------- d-----w- C:\Users\owner\AppData\Local\{8B16D7A8-6165-42FA-A97E-E14FC90B2DBB}
2012-03-11 18:33:29 -------- d-----w- C:\Users\owner\AppData\Local\{9204BB86-559F-4992-8750-BD63BEE6D00C}
2012-03-11 04:32:17 -------- d-----w- C:\Users\owner\AppData\Local\{B1CF8DCD-A2DA-4837-97EF-9A5C3F20C6E9}
2012-03-11 04:32:05 -------- d-----w- C:\Users\owner\AppData\Local\{27C3E4A0-DDBE-4193-999A-76A6433BE05C}
2012-03-11 04:15:36 -------- d-----w- C:\Users\owner\AppData\Local\{FBF3D893-8B71-4D62-8E71-FE3234A9DB40}
2012-03-11 04:15:18 -------- d-----w- C:\Users\owner\AppData\Local\{7936C1C4-6C65-448C-9F59-5A00A668D89D}
2012-03-06 00:25:27 -------- d-----w- C:\Users\owner\AppData\Local\{036E033C-528F-4CB0-8850-25A0F4FD5BFE}
2012-03-06 00:25:15 -------- d-----w- C:\Users\owner\AppData\Local\{C5206401-DC75-4978-A5C9-EC9D613CF753}
2012-03-04 21:04:08 -------- d-----w- C:\Users\owner\AppData\Local\{E2730B2B-CAC0-4B0A-B5AE-FB4C1CD5CE50}
2012-03-04 21:03:57 -------- d-----w- C:\Users\owner\AppData\Local\{A4281CD5-5341-4E03-BF4A-00577672F443}
2012-03-04 19:14:18 -------- d-----w- C:\Users\owner\AppData\Local\{D38348D6-D123-45A2-A001-4F9864777E5F}
2012-03-04 19:14:06 -------- d-----w- C:\Users\owner\AppData\Local\{3C1BDE6F-2564-4F50-9A66-C848F11E1522}
2012-02-27 21:35:10 -------- d-----w- C:\Users\owner\AppData\Local\{079DB303-AE3A-473F-A6B3-851B9B9D61E0}
2012-02-27 21:34:58 -------- d-----w- C:\Users\owner\AppData\Local\{5695A423-AB67-4D3D-868E-BA0A81A437A0}
2012-02-26 22:08:58 -------- d-----w- C:\Users\owner\AppData\Local\{9834ED7F-ABFC-450E-84B1-2A8601BEFE38}
2012-02-26 22:08:31 -------- d-----w- C:\Users\owner\AppData\Local\{0715DCAA-7A9D-40EE-B335-0C1417113A72}
2012-02-26 22:05:15 -------- d-----w- C:\Users\owner\AppData\Local\{C6DE26DC-AFBB-4588-99EA-5F847AFAD62E}
2012-02-26 22:05:03 -------- d-----w- C:\Users\owner\AppData\Local\{B01E1C4B-0DC6-43A9-B2AD-BCE1F8F6B4EE}
2012-02-26 22:04:23 -------- d-----w- C:\Users\owner\AppData\Local\{2E5B958A-1E38-4916-8563-9B3E833E244F}
2012-02-26 22:04:11 -------- d-----w- C:\Users\owner\AppData\Local\{D5AA99EF-03CF-41B7-9702-278BF28F43DE}
2012-02-26 21:50:56 -------- d-----w- C:\Users\owner\AppData\Local\{5CA2329F-CF2F-47BE-957D-8AC2F0A4FFA7}
2012-02-26 21:50:44 -------- d-----w- C:\Users\owner\AppData\Local\{4635B9E4-457E-4D1E-ADC4-6CB8E87B3D7A}
2012-02-26 21:11:24 -------- d-----w- C:\Users\owner\AppData\Local\{BC99DE93-08E7-46E3-87AC-0025A116EC87}
2012-02-26 21:11:11 -------- d-----w- C:\Users\owner\AppData\Local\{3361D662-CFA2-4D8A-A746-668B8D98809B}
2012-02-26 04:41:37 -------- d-----w- C:\Users\owner\AppData\Local\{4ABA5FF7-511D-4091-8BCD-1D48B3A0656C}
2012-02-26 04:41:26 -------- d-----w- C:\Users\owner\AppData\Local\{ECFD6BF8-1CD4-4D4A-8DFD-36FF0DEBEAD2}
2012-02-26 03:38:19 -------- d-----w- C:\Users\owner\AppData\Local\{8372F7E8-20AA-4EB0-BB5F-47901A59BF52}
2012-02-26 03:38:08 -------- d-----w- C:\Users\owner\AppData\Local\{6B642F69-6D25-4362-A4F3-0500D71C4250}
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH: 19:03:07.82 ===============

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:41 AM

Posted 25 March 2012 - 09:23 PM

Hello Cruisermom ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:41 AM

Posted 28 March 2012 - 04:26 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 Cruisermom

Cruisermom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 29 March 2012 - 02:19 PM

Still here! Sorry, didn't get the notification. I will follow your instructions ASAP and report back.

#5 Cruisermom

Cruisermom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 29 March 2012 - 02:38 PM

Here are the results of the TDSS scan. I will now do step 2 in your instructions.

15:26:22.0462 4804 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:26:22.0832 4804 ============================================================
15:26:22.0832 4804 Current date / time: 2012/03/29 15:26:22.0832
15:26:22.0832 4804 SystemInfo:
15:26:22.0832 4804
15:26:22.0832 4804 OS Version: 6.1.7601 ServicePack: 1.0
15:26:22.0832 4804 Product type: Workstation
15:26:22.0832 4804 ComputerName: OWNER-PC
15:26:22.0832 4804 UserName: owner
15:26:22.0832 4804 Windows directory: C:\windows
15:26:22.0832 4804 System windows directory: C:\windows
15:26:22.0832 4804 Running under WOW64
15:26:22.0832 4804 Processor architecture: Intel x64
15:26:22.0832 4804 Number of processors: 2
15:26:22.0832 4804 Page size: 0x1000
15:26:22.0832 4804 Boot type: Normal boot
15:26:22.0832 4804 ============================================================
15:26:23.0658 4804 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:26:23.0668 4804 \Device\Harddisk0\DR0:
15:26:23.0668 4804 MBR used
15:26:23.0668 4804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:26:23.0668 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE200000
15:26:23.0691 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE233000, BlocksNum 0x14C1E800
15:26:23.0770 4804 Initialize success
15:26:23.0770 4804 ============================================================
15:26:29.0970 3572 ============================================================
15:26:29.0970 3572 Scan started
15:26:29.0970 3572 Mode: Manual;
15:26:29.0970 3572 ============================================================
15:26:30.0658 3572 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
15:26:30.0664 3572 1394ohci - ok
15:26:30.0847 3572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
15:26:30.0857 3572 ACPI - ok
15:26:31.0099 3572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
15:26:31.0099 3572 AcpiPmi - ok
15:26:31.0327 3572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
15:26:31.0336 3572 adp94xx - ok
15:26:31.0510 3572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
15:26:31.0517 3572 adpahci - ok
15:26:31.0652 3572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
15:26:31.0656 3572 adpu320 - ok
15:26:31.0763 3572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
15:26:31.0765 3572 AeLookupSvc - ok
15:26:31.0945 3572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
15:26:31.0955 3572 AFD - ok
15:26:32.0149 3572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
15:26:32.0149 3572 agp440 - ok
15:26:32.0212 3572 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
15:26:32.0215 3572 ALG - ok
15:26:32.0311 3572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
15:26:32.0321 3572 aliide - ok
15:26:32.0423 3572 AMD External Events Utility (14bd9450992551a5a58580b4ba85daa1) C:\windows\system32\atiesrxx.exe
15:26:32.0433 3572 AMD External Events Utility - ok
15:26:32.0577 3572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
15:26:32.0577 3572 amdide - ok
15:26:32.0709 3572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
15:26:32.0709 3572 AmdK8 - ok
15:26:33.0078 3572 amdkmdag (62b34ee19b5ecda129fadd10b7d2ea9c) C:\windows\system32\DRIVERS\atikmdag.sys
15:26:33.0300 3572 amdkmdag - ok
15:26:33.0505 3572 amdkmdap (7033caa5b9550e470c985815382744ff) C:\windows\system32\DRIVERS\atikmpag.sys
15:26:33.0515 3572 amdkmdap - ok
15:26:33.0657 3572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
15:26:33.0657 3572 AmdPPM - ok
15:26:33.0807 3572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
15:26:33.0807 3572 amdsata - ok
15:26:33.0979 3572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
15:26:33.0979 3572 amdsbs - ok
15:26:34.0151 3572 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
15:26:34.0161 3572 amdxata - ok
15:26:34.0295 3572 amd_sata (80a508d0c7a21bc13c01d4c671541203) C:\windows\system32\DRIVERS\amd_sata.sys
15:26:34.0305 3572 amd_sata - ok
15:26:34.0435 3572 amd_xata (2be940f3a632a1a301b22b096bf221f1) C:\windows\system32\DRIVERS\amd_xata.sys
15:26:34.0445 3572 amd_xata - ok
15:26:34.0597 3572 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
15:26:34.0607 3572 AppID - ok
15:26:34.0729 3572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
15:26:34.0729 3572 AppIDSvc - ok
15:26:34.0881 3572 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
15:26:34.0891 3572 Appinfo - ok
15:26:35.0023 3572 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
15:26:35.0023 3572 arc - ok
15:26:35.0245 3572 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
15:26:35.0257 3572 arcsas - ok
15:26:35.0517 3572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
15:26:35.0517 3572 AsyncMac - ok
15:26:35.0679 3572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
15:26:35.0689 3572 atapi - ok
15:26:35.0987 3572 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\windows\system32\DRIVERS\athrx.sys
15:26:36.0055 3572 athr - ok
15:26:36.0208 3572 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
15:26:36.0211 3572 AtiHDAudioService - ok
15:26:36.0333 3572 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:26:36.0343 3572 AudioEndpointBuilder - ok
15:26:36.0465 3572 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:26:36.0475 3572 AudioSrv - ok
15:26:36.0660 3572 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
15:26:36.0663 3572 AxInstSV - ok
15:26:36.0917 3572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
15:26:36.0937 3572 b06bdrv - ok
15:26:37.0079 3572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
15:26:37.0079 3572 b57nd60a - ok
15:26:37.0239 3572 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:26:37.0239 3572 BBSvc - ok
15:26:37.0331 3572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
15:26:37.0341 3572 BDESVC - ok
15:26:37.0665 3572 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
15:26:37.0665 3572 Beep - ok
15:26:37.0855 3572 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
15:26:37.0866 3572 BFE - ok
15:26:37.0959 3572 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
15:26:37.0974 3572 BITS - ok
15:26:38.0070 3572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
15:26:38.0072 3572 blbdrive - ok
15:26:38.0127 3572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
15:26:38.0127 3572 bowser - ok
15:26:38.0177 3572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
15:26:38.0177 3572 BrFiltLo - ok
15:26:38.0243 3572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
15:26:38.0245 3572 BrFiltUp - ok
15:26:38.0278 3572 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
15:26:38.0282 3572 Browser - ok
15:26:38.0316 3572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
15:26:38.0323 3572 Brserid - ok
15:26:38.0349 3572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
15:26:38.0349 3572 BrSerWdm - ok
15:26:38.0379 3572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
15:26:38.0379 3572 BrUsbMdm - ok
15:26:38.0441 3572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
15:26:38.0441 3572 BrUsbSer - ok
15:26:38.0531 3572 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
15:26:38.0537 3572 BthEnum - ok
15:26:38.0562 3572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
15:26:38.0565 3572 BTHMODEM - ok
15:26:38.0602 3572 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
15:26:38.0605 3572 BthPan - ok
15:26:38.0673 3572 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
15:26:38.0683 3572 BTHPORT - ok
15:26:38.0713 3572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
15:26:38.0713 3572 bthserv - ok
15:26:38.0746 3572 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
15:26:38.0753 3572 BTHUSB - ok
15:26:38.0855 3572 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
15:26:38.0855 3572 cdfs - ok
15:26:38.0933 3572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
15:26:38.0937 3572 cdrom - ok
15:26:39.0017 3572 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:26:39.0017 3572 CertPropSvc - ok
15:26:39.0149 3572 CFUACProxy_officeguardianv2 (c149fe6e95025fd731d89abba5bb182f) C:\ProgramData\OfficeGuardianV2\UACProxy.exe
15:26:39.0279 3572 CFUACProxy_officeguardianv2 - ok
15:26:39.0399 3572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
15:26:39.0399 3572 circlass - ok
15:26:39.0439 3572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
15:26:39.0449 3572 CLFS - ok
15:26:39.0539 3572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:26:39.0549 3572 clr_optimization_v2.0.50727_32 - ok
15:26:39.0629 3572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:26:39.0639 3572 clr_optimization_v2.0.50727_64 - ok
15:26:39.0729 3572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:26:39.0729 3572 clr_optimization_v4.0.30319_32 - ok
15:26:39.0829 3572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:26:39.0839 3572 clr_optimization_v4.0.30319_64 - ok
15:26:39.0899 3572 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
15:26:39.0899 3572 clwvd - ok
15:26:39.0969 3572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
15:26:39.0969 3572 CmBatt - ok
15:26:40.0001 3572 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
15:26:40.0001 3572 cmdide - ok
15:26:40.0061 3572 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
15:26:40.0061 3572 CNG - ok
15:26:40.0123 3572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
15:26:40.0133 3572 Compbatt - ok
15:26:40.0183 3572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
15:26:40.0183 3572 CompositeBus - ok
15:26:40.0223 3572 COMSysApp - ok
15:26:40.0280 3572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
15:26:40.0285 3572 crcdisk - ok
15:26:40.0375 3572 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
15:26:40.0375 3572 CryptSvc - ok
15:26:40.0595 3572 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:26:40.0605 3572 cvhsvc - ok
15:26:40.0685 3572 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:26:40.0695 3572 DcomLaunch - ok
15:26:40.0755 3572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
15:26:40.0755 3572 defragsvc - ok
15:26:40.0855 3572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
15:26:40.0855 3572 DfsC - ok
15:26:40.0927 3572 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
15:26:40.0937 3572 Dhcp - ok
15:26:40.0967 3572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
15:26:40.0977 3572 discache - ok
15:26:41.0059 3572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
15:26:41.0069 3572 Disk - ok
15:26:41.0151 3572 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
15:26:41.0161 3572 Dnscache - ok
15:26:41.0207 3572 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
15:26:41.0213 3572 dot3svc - ok
15:26:41.0244 3572 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
15:26:41.0248 3572 DPS - ok
15:26:41.0313 3572 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
15:26:41.0315 3572 drmkaud - ok
15:26:41.0376 3572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
15:26:41.0390 3572 DXGKrnl - ok
15:26:41.0453 3572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
15:26:41.0457 3572 EapHost - ok
15:26:41.0583 3572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
15:26:41.0631 3572 ebdrv - ok
15:26:41.0682 3572 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
15:26:41.0688 3572 EFS - ok
15:26:41.0749 3572 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
15:26:41.0759 3572 ehRecvr - ok
15:26:41.0786 3572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
15:26:41.0789 3572 ehSched - ok
15:26:41.0923 3572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
15:26:41.0933 3572 elxstor - ok
15:26:41.0953 3572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
15:26:41.0953 3572 ErrDev - ok
15:26:42.0035 3572 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\windows\system32\DRIVERS\ETD.sys
15:26:42.0035 3572 ETD - ok
15:26:42.0105 3572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
15:26:42.0115 3572 EventSystem - ok
15:26:42.0145 3572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
15:26:42.0145 3572 exfat - ok
15:26:42.0177 3572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
15:26:42.0181 3572 fastfat - ok
15:26:42.0247 3572 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
15:26:42.0267 3572 Fax - ok
15:26:42.0327 3572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
15:26:42.0337 3572 fdc - ok
15:26:42.0449 3572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
15:26:42.0459 3572 fdPHost - ok
15:26:42.0479 3572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
15:26:42.0479 3572 FDResPub - ok
15:26:42.0509 3572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
15:26:42.0509 3572 FileInfo - ok
15:26:42.0555 3572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
15:26:42.0557 3572 Filetrace - ok
15:26:42.0571 3572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
15:26:42.0573 3572 flpydisk - ok
15:26:42.0623 3572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
15:26:42.0629 3572 FltMgr - ok
15:26:42.0705 3572 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
15:26:42.0724 3572 FontCache - ok
15:26:42.0875 3572 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:26:42.0878 3572 FontCache3.0.0.0 - ok
15:26:42.0949 3572 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
15:26:42.0954 3572 FsDepends - ok
15:26:42.0990 3572 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
15:26:42.0994 3572 Fs_Rec - ok
15:26:43.0065 3572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
15:26:43.0070 3572 fvevol - ok
15:26:43.0133 3572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
15:26:43.0133 3572 gagp30kx - ok
15:26:43.0295 3572 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
15:26:43.0305 3572 GameConsoleService - ok
15:26:43.0370 3572 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
15:26:43.0394 3572 gpsvc - ok
15:26:43.0589 3572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
15:26:43.0589 3572 hcw85cir - ok
15:26:43.0669 3572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
15:26:43.0683 3572 HdAudAddService - ok
15:26:43.0741 3572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
15:26:43.0741 3572 HDAudBus - ok
15:26:43.0778 3572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
15:26:43.0780 3572 HidBatt - ok
15:26:43.0833 3572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
15:26:43.0833 3572 HidBth - ok
15:26:43.0863 3572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
15:26:43.0873 3572 HidIr - ok
15:26:43.0913 3572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
15:26:43.0917 3572 hidserv - ok
15:26:43.0978 3572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
15:26:43.0981 3572 HidUsb - ok
15:26:44.0058 3572 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
15:26:44.0062 3572 hkmsvc - ok
15:26:44.0104 3572 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
15:26:44.0111 3572 HomeGroupListener - ok
15:26:44.0167 3572 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
15:26:44.0173 3572 HomeGroupProvider - ok
15:26:44.0255 3572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
15:26:44.0265 3572 HpSAMD - ok
15:26:44.0329 3572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
15:26:44.0340 3572 HTTP - ok
15:26:44.0356 3572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
15:26:44.0357 3572 hwpolicy - ok
15:26:44.0422 3572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
15:26:44.0425 3572 i8042prt - ok
15:26:44.0469 3572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
15:26:44.0477 3572 iaStorV - ok
15:26:44.0629 3572 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:26:44.0659 3572 idsvc - ok
15:26:44.0883 3572 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
15:26:45.0172 3572 igfx - ok
15:26:45.0292 3572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
15:26:45.0294 3572 iirsp - ok
15:26:45.0346 3572 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
15:26:45.0363 3572 IKEEXT - ok
15:26:45.0558 3572 IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\windows\system32\drivers\RTKVHD64.sys
15:26:45.0601 3572 IntcAzAudAddService - ok
15:26:45.0737 3572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
15:26:45.0739 3572 intelide - ok
15:26:45.0793 3572 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
15:26:45.0796 3572 intelppm - ok
15:26:45.0867 3572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
15:26:45.0871 3572 IPBusEnum - ok
15:26:45.0897 3572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:26:45.0900 3572 IpFilterDriver - ok
15:26:45.0930 3572 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
15:26:45.0941 3572 iphlpsvc - ok
15:26:45.0963 3572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
15:26:45.0966 3572 IPMIDRV - ok
15:26:45.0997 3572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
15:26:46.0001 3572 IPNAT - ok
15:26:46.0045 3572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
15:26:46.0047 3572 IRENUM - ok
15:26:46.0094 3572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
15:26:46.0096 3572 isapnp - ok
15:26:46.0181 3572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
15:26:46.0186 3572 iScsiPrt - ok
15:26:46.0215 3572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
15:26:46.0217 3572 kbdclass - ok
15:26:46.0269 3572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
15:26:46.0271 3572 kbdhid - ok
15:26:46.0318 3572 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:26:46.0321 3572 KeyIso - ok
15:26:46.0372 3572 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
15:26:46.0377 3572 KSecDD - ok
15:26:46.0438 3572 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
15:26:46.0442 3572 KSecPkg - ok
15:26:46.0465 3572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
15:26:46.0466 3572 ksthunk - ok
15:26:46.0510 3572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
15:26:46.0519 3572 KtmRm - ok
15:26:46.0588 3572 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
15:26:46.0595 3572 LanmanServer - ok
15:26:46.0633 3572 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
15:26:46.0639 3572 LanmanWorkstation - ok
15:26:46.0765 3572 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
15:26:46.0765 3572 lltdio - ok
15:26:46.0842 3572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
15:26:46.0851 3572 lltdsvc - ok
15:26:46.0882 3572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
15:26:46.0886 3572 lmhosts - ok
15:26:46.0959 3572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
15:26:46.0963 3572 LSI_FC - ok
15:26:46.0983 3572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
15:26:46.0987 3572 LSI_SAS - ok
15:26:47.0003 3572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
15:26:47.0006 3572 LSI_SAS2 - ok
15:26:47.0047 3572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
15:26:47.0054 3572 LSI_SCSI - ok
15:26:47.0131 3572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
15:26:47.0135 3572 luafv - ok
15:26:47.0149 3572 lxdx_device - ok
15:26:47.0226 3572 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
15:26:47.0241 3572 Mcx2Svc - ok
15:26:47.0270 3572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
15:26:47.0272 3572 megasas - ok
15:26:47.0304 3572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
15:26:47.0310 3572 MegaSR - ok
15:26:47.0342 3572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:26:47.0345 3572 MMCSS - ok
15:26:47.0372 3572 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
15:26:47.0374 3572 Modem - ok
15:26:47.0462 3572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
15:26:47.0463 3572 monitor - ok
15:26:47.0519 3572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
15:26:47.0521 3572 mouclass - ok
15:26:47.0578 3572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
15:26:47.0580 3572 mouhid - ok
15:26:47.0599 3572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
15:26:47.0599 3572 mountmgr - ok
15:26:47.0659 3572 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
15:26:47.0669 3572 MpFilter - ok
15:26:47.0689 3572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
15:26:47.0709 3572 mpio - ok
15:26:47.0729 3572 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
15:26:47.0731 3572 MpNWMon - ok
15:26:47.0751 3572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
15:26:47.0751 3572 mpsdrv - ok
15:26:47.0803 3572 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
15:26:47.0823 3572 MpsSvc - ok
15:26:47.0853 3572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
15:26:47.0857 3572 MRxDAV - ok
15:26:47.0895 3572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
15:26:47.0899 3572 mrxsmb - ok
15:26:47.0959 3572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:26:47.0965 3572 mrxsmb10 - ok
15:26:47.0997 3572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:26:47.0997 3572 mrxsmb20 - ok
15:26:48.0021 3572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
15:26:48.0023 3572 msahci - ok
15:26:48.0053 3572 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
15:26:48.0056 3572 msdsm - ok
15:26:48.0086 3572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
15:26:48.0115 3572 MSDTC - ok
15:26:48.0146 3572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
15:26:48.0151 3572 Msfs - ok
15:26:48.0176 3572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
15:26:48.0178 3572 mshidkmdf - ok
15:26:48.0196 3572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
15:26:48.0198 3572 msisadrv - ok
15:26:48.0281 3572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
15:26:48.0316 3572 MSiSCSI - ok
15:26:48.0327 3572 msiserver - ok
15:26:48.0419 3572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
15:26:48.0437 3572 MSKSSRV - ok
15:26:48.0549 3572 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:26:48.0549 3572 MsMpSvc - ok
15:26:48.0631 3572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
15:26:48.0633 3572 MSPCLOCK - ok
15:26:48.0661 3572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
15:26:48.0661 3572 MSPQM - ok
15:26:48.0681 3572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
15:26:48.0691 3572 MsRPC - ok
15:26:48.0746 3572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
15:26:48.0747 3572 mssmbios - ok
15:26:48.0764 3572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
15:26:48.0766 3572 MSTEE - ok
15:26:48.0788 3572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
15:26:48.0789 3572 MTConfig - ok
15:26:48.0837 3572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
15:26:48.0840 3572 Mup - ok
15:26:48.0913 3572 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
15:26:48.0924 3572 napagent - ok
15:26:48.0995 3572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
15:26:49.0000 3572 NativeWifiP - ok
15:26:49.0115 3572 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
15:26:49.0143 3572 NDIS - ok
15:26:49.0187 3572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
15:26:49.0190 3572 NdisCap - ok
15:26:49.0245 3572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
15:26:49.0247 3572 NdisTapi - ok
15:26:49.0265 3572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
15:26:49.0268 3572 Ndisuio - ok
15:26:49.0296 3572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
15:26:49.0299 3572 NdisWan - ok
15:26:49.0323 3572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
15:26:49.0326 3572 NDProxy - ok
15:26:49.0383 3572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
15:26:49.0385 3572 NetBIOS - ok
15:26:49.0451 3572 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
15:26:49.0457 3572 NetBT - ok
15:26:49.0513 3572 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:26:49.0515 3572 Netlogon - ok
15:26:49.0592 3572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
15:26:49.0601 3572 Netman - ok
15:26:49.0628 3572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
15:26:49.0642 3572 netprofm - ok
15:26:49.0723 3572 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:26:49.0733 3572 NetTcpPortSharing - ok
15:26:49.0825 3572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
15:26:49.0835 3572 nfrd960 - ok
15:26:49.0879 3572 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
15:26:49.0881 3572 NisDrv - ok
15:26:49.0958 3572 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
15:26:49.0965 3572 NisSrv - ok
15:26:50.0029 3572 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
15:26:50.0037 3572 NlaSvc - ok
15:26:50.0243 3572 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:26:50.0289 3572 NOBU - ok
15:26:50.0421 3572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
15:26:50.0423 3572 Npfs - ok
15:26:50.0501 3572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
15:26:50.0506 3572 nsi - ok
15:26:50.0541 3572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
15:26:50.0542 3572 nsiproxy - ok
15:26:50.0623 3572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
15:26:50.0662 3572 Ntfs - ok
15:26:50.0681 3572 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
15:26:50.0683 3572 Null - ok
15:26:50.0742 3572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
15:26:50.0748 3572 nvraid - ok
15:26:50.0771 3572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
15:26:50.0775 3572 nvstor - ok
15:26:50.0800 3572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
15:26:50.0804 3572 nv_agp - ok
15:26:50.0967 3572 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:26:50.0978 3572 odserv - ok
15:26:51.0093 3572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
15:26:51.0096 3572 ohci1394 - ok
15:26:51.0200 3572 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:26:51.0298 3572 ose - ok
15:26:51.0516 3572 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:26:51.0661 3572 osppsvc - ok
15:26:51.0843 3572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:26:51.0853 3572 p2pimsvc - ok
15:26:51.0931 3572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
15:26:51.0941 3572 p2psvc - ok
15:26:52.0027 3572 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
15:26:52.0027 3572 Parport - ok
15:26:52.0082 3572 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
15:26:52.0086 3572 partmgr - ok
15:26:52.0127 3572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
15:26:52.0133 3572 PcaSvc - ok
15:26:52.0168 3572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
15:26:52.0172 3572 pci - ok
15:26:52.0208 3572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
15:26:52.0210 3572 pciide - ok
15:26:52.0262 3572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
15:26:52.0267 3572 pcmcia - ok
15:26:52.0311 3572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
15:26:52.0321 3572 pcw - ok
15:26:52.0351 3572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
15:26:52.0371 3572 PEAUTH - ok
15:26:52.0463 3572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
15:26:52.0463 3572 PerfHost - ok
15:26:52.0583 3572 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
15:26:52.0613 3572 pla - ok
15:26:52.0683 3572 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
15:26:52.0703 3572 PlugPlay - ok
15:26:52.0743 3572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
15:26:52.0743 3572 PNRPAutoReg - ok
15:26:52.0833 3572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:26:52.0843 3572 PNRPsvc - ok
15:26:52.0915 3572 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
15:26:52.0925 3572 PolicyAgent - ok
15:26:52.0997 3572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
15:26:52.0997 3572 Power - ok
15:26:53.0097 3572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
15:26:53.0107 3572 PptpMiniport - ok
15:26:53.0157 3572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
15:26:53.0157 3572 Processor - ok
15:26:53.0267 3572 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
15:26:53.0274 3572 ProfSvc - ok
15:26:53.0319 3572 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:26:53.0329 3572 ProtectedStorage - ok
15:26:53.0389 3572 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
15:26:53.0389 3572 Psched - ok
15:26:53.0499 3572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
15:26:53.0519 3572 ql2300 - ok
15:26:53.0589 3572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
15:26:53.0589 3572 ql40xx - ok
15:26:53.0629 3572 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
15:26:53.0639 3572 QWAVE - ok
15:26:53.0659 3572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
15:26:53.0659 3572 QWAVEdrv - ok
15:26:53.0709 3572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
15:26:53.0711 3572 RasAcd - ok
15:26:53.0778 3572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
15:26:53.0780 3572 RasAgileVpn - ok
15:26:53.0801 3572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
15:26:53.0801 3572 RasAuto - ok
15:26:53.0850 3572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
15:26:53.0853 3572 Rasl2tp - ok
15:26:53.0883 3572 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
15:26:53.0893 3572 RasMan - ok
15:26:53.0923 3572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
15:26:53.0923 3572 RasPppoe - ok
15:26:53.0953 3572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
15:26:53.0953 3572 RasSstp - ok
15:26:54.0003 3572 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
15:26:54.0009 3572 rdbss - ok
15:26:54.0034 3572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
15:26:54.0035 3572 rdpbus - ok
15:26:54.0055 3572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
15:26:54.0055 3572 RDPCDD - ok
15:26:54.0129 3572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
15:26:54.0131 3572 RDPENCDD - ok
15:26:54.0157 3572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
15:26:54.0157 3572 RDPREFMP - ok
15:26:54.0227 3572 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
15:26:54.0227 3572 RDPWD - ok
15:26:54.0292 3572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
15:26:54.0297 3572 rdyboost - ok
15:26:54.0329 3572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
15:26:54.0339 3572 RemoteAccess - ok
15:26:54.0399 3572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
15:26:54.0409 3572 RemoteRegistry - ok
15:26:54.0489 3572 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
15:26:54.0489 3572 RFCOMM - ok
15:26:54.0599 3572 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:26:54.0609 3572 RichVideo - ok
15:26:54.0679 3572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
15:26:54.0689 3572 RpcEptMapper - ok
15:26:54.0719 3572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
15:26:54.0729 3572 RpcLocator - ok
15:26:54.0760 3572 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:26:54.0772 3572 RpcSs - ok
15:26:54.0881 3572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
15:26:54.0881 3572 rspndr - ok
15:26:54.0941 3572 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\windows\system32\DRIVERS\Rt64win7.sys
15:26:54.0941 3572 RTL8167 - ok
15:26:55.0031 3572 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
15:26:55.0031 3572 rtport - ok
15:26:55.0071 3572 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
15:26:55.0071 3572 SABI - ok
15:26:55.0141 3572 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:26:55.0151 3572 SamSs - ok
15:26:55.0241 3572 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
15:26:55.0251 3572 Samsung UPD Service - ok
15:26:55.0291 3572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
15:26:55.0291 3572 sbp2port - ok
15:26:55.0363 3572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
15:26:55.0373 3572 SCardSvr - ok
15:26:55.0403 3572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
15:26:55.0403 3572 scfilter - ok
15:26:55.0483 3572 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
15:26:55.0503 3572 Schedule - ok
15:26:55.0555 3572 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:26:55.0555 3572 SCPolicySvc - ok
15:26:55.0585 3572 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
15:26:55.0609 3572 SDRSVC - ok
15:26:55.0727 3572 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:26:55.0737 3572 SeaPort - ok
15:26:55.0827 3572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
15:26:55.0827 3572 secdrv - ok
15:26:55.0867 3572 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
15:26:55.0887 3572 seclogon - ok
15:26:55.0921 3572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
15:26:55.0927 3572 SENS - ok
15:26:55.0999 3572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
15:26:56.0009 3572 SensrSvc - ok
15:26:56.0039 3572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
15:26:56.0049 3572 Serenum - ok
15:26:56.0106 3572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
15:26:56.0110 3572 Serial - ok
15:26:56.0174 3572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
15:26:56.0180 3572 sermouse - ok
15:26:56.0260 3572 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
15:26:56.0266 3572 SessionEnv - ok
15:26:56.0294 3572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
15:26:56.0300 3572 sffdisk - ok
15:26:56.0354 3572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
15:26:56.0359 3572 sffp_mmc - ok
15:26:56.0421 3572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
15:26:56.0421 3572 sffp_sd - ok
15:26:56.0441 3572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
15:26:56.0441 3572 sfloppy - ok
15:26:56.0511 3572 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
15:26:56.0528 3572 Sftfs - ok
15:26:56.0623 3572 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:26:56.0633 3572 sftlist - ok
15:26:56.0697 3572 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
15:26:56.0703 3572 Sftplay - ok
15:26:56.0715 3572 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
15:26:56.0715 3572 Sftredir - ok
15:26:56.0745 3572 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
15:26:56.0745 3572 Sftvol - ok
15:26:56.0771 3572 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:26:56.0789 3572 sftvsa - ok
15:26:56.0863 3572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
15:26:56.0873 3572 SharedAccess - ok
15:26:56.0917 3572 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
15:26:56.0926 3572 ShellHWDetection - ok
15:26:57.0017 3572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
15:26:57.0027 3572 SiSRaid2 - ok
15:26:57.0057 3572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
15:26:57.0057 3572 SiSRaid4 - ok
15:26:57.0119 3572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
15:26:57.0119 3572 Smb - ok
15:26:57.0201 3572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
15:26:57.0201 3572 SNMPTRAP - ok
15:26:57.0248 3572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
15:26:57.0250 3572 spldr - ok
15:26:57.0293 3572 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
15:26:57.0303 3572 Spooler - ok
15:26:57.0435 3572 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
15:26:57.0485 3572 sppsvc - ok
15:26:57.0605 3572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
15:26:57.0605 3572 sppuinotify - ok
15:26:57.0706 3572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
15:26:57.0716 3572 srv - ok
15:26:57.0764 3572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
15:26:57.0775 3572 srv2 - ok
15:26:57.0823 3572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
15:26:57.0827 3572 srvnet - ok
15:26:57.0927 3572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
15:26:57.0934 3572 SSDPSRV - ok
15:26:57.0969 3572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
15:26:57.0974 3572 SstpSvc - ok
15:26:58.0007 3572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
15:26:58.0013 3572 stexstor - ok
15:26:58.0092 3572 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
15:26:58.0093 3572 StillCam - ok
15:26:58.0157 3572 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
15:26:58.0167 3572 stisvc - ok
15:26:58.0197 3572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
15:26:58.0197 3572 swenum - ok
15:26:58.0249 3572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
15:26:58.0259 3572 swprv - ok
15:26:58.0320 3572 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
15:26:58.0349 3572 SysMain - ok
15:26:58.0377 3572 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
15:26:58.0386 3572 TabletInputService - ok
15:26:58.0431 3572 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
15:26:58.0451 3572 TapiSrv - ok
15:26:58.0501 3572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
15:26:58.0511 3572 TBS - ok
15:26:58.0661 3572 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
15:26:58.0691 3572 Tcpip - ok
15:26:58.0771 3572 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
15:26:58.0813 3572 TCPIP6 - ok
15:26:58.0863 3572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
15:26:58.0873 3572 tcpipreg - ok
15:26:58.0921 3572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
15:26:58.0923 3572 TDPIPE - ok
15:26:58.0975 3572 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
15:26:58.0975 3572 TDTCP - ok
15:26:59.0025 3572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
15:26:59.0025 3572 tdx - ok
15:26:59.0055 3572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
15:26:59.0055 3572 TermDD - ok
15:26:59.0157 3572 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
15:26:59.0167 3572 TermService - ok
15:26:59.0197 3572 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
15:26:59.0197 3572 Themes - ok
15:26:59.0249 3572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:26:59.0249 3572 THREADORDER - ok
15:26:59.0279 3572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
15:26:59.0279 3572 TrkWks - ok
15:26:59.0331 3572 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
15:26:59.0341 3572 TrustedInstaller - ok
15:26:59.0411 3572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
15:26:59.0421 3572 tssecsrv - ok
15:26:59.0501 3572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
15:26:59.0501 3572 TsUsbFlt - ok
15:26:59.0521 3572 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
15:26:59.0521 3572 TsUsbGD - ok
15:26:59.0579 3572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
15:26:59.0582 3572 tunnel - ok
15:26:59.0606 3572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
15:26:59.0609 3572 uagp35 - ok
15:26:59.0632 3572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
15:26:59.0639 3572 udfs - ok
15:26:59.0686 3572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
15:26:59.0691 3572 UI0Detect - ok
15:26:59.0727 3572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
15:26:59.0730 3572 uliagpkx - ok
15:26:59.0784 3572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
15:26:59.0784 3572 umbus - ok
15:26:59.0814 3572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
15:26:59.0814 3572 UmPass - ok
15:26:59.0846 3572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
15:26:59.0856 3572 upnphost - ok
15:26:59.0906 3572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
15:26:59.0906 3572 usbccgp - ok
15:26:59.0966 3572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
15:26:59.0976 3572 usbcir - ok
15:26:59.0996 3572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
15:26:59.0996 3572 usbehci - ok
15:27:00.0068 3572 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\windows\system32\DRIVERS\usbfilter.sys
15:27:00.0068 3572 usbfilter - ok
15:27:00.0138 3572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
15:27:00.0138 3572 usbhub - ok
15:27:00.0168 3572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
15:27:00.0168 3572 usbohci - ok
15:27:00.0196 3572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
15:27:00.0199 3572 usbprint - ok
15:27:00.0242 3572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:27:00.0245 3572 USBSTOR - ok
15:27:00.0271 3572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
15:27:00.0273 3572 usbuhci - ok
15:27:00.0330 3572 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
15:27:00.0340 3572 usbvideo - ok
15:27:00.0422 3572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
15:27:00.0432 3572 UxSms - ok
15:27:00.0482 3572 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:27:00.0482 3572 VaultSvc - ok
15:27:00.0544 3572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
15:27:00.0544 3572 vdrvroot - ok
15:27:00.0591 3572 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
15:27:00.0613 3572 vds - ok
15:27:00.0631 3572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
15:27:00.0634 3572 vga - ok
15:27:00.0661 3572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
15:27:00.0663 3572 VgaSave - ok
15:27:00.0688 3572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
15:27:00.0693 3572 vhdmp - ok
15:27:00.0714 3572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
15:27:00.0717 3572 viaide - ok
15:27:00.0774 3572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
15:27:00.0778 3572 volmgr - ok
15:27:00.0814 3572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
15:27:00.0822 3572 volmgrx - ok
15:27:00.0846 3572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
15:27:00.0856 3572 volsnap - ok
15:27:00.0918 3572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
15:27:00.0918 3572 vsmraid - ok
15:27:01.0025 3572 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
15:27:01.0050 3572 VSS - ok
15:27:01.0080 3572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
15:27:01.0080 3572 vwifibus - ok
15:27:01.0152 3572 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
15:27:01.0152 3572 vwififlt - ok
15:27:01.0212 3572 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
15:27:01.0212 3572 vwifimp - ok
15:27:01.0264 3572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
15:27:01.0284 3572 W32Time - ok
15:27:01.0326 3572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
15:27:01.0328 3572 WacomPen - ok
15:27:01.0413 3572 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:27:01.0416 3572 WANARP - ok
15:27:01.0456 3572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:27:01.0456 3572 Wanarpv6 - ok
15:27:01.0554 3572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
15:27:01.0615 3572 WatAdminSvc - ok
15:27:01.0683 3572 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
15:27:01.0708 3572 wbengine - ok
15:27:01.0739 3572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
15:27:01.0746 3572 WbioSrvc - ok
15:27:01.0779 3572 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
15:27:01.0789 3572 wcncsvc - ok
15:27:01.0816 3572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
15:27:01.0822 3572 WcsPlugInService - ok
15:27:01.0879 3572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
15:27:01.0881 3572 Wd - ok
15:27:01.0921 3572 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
15:27:01.0923 3572 WDC_SAM - ok
15:27:01.0962 3572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
15:27:01.0973 3572 Wdf01000 - ok
15:27:02.0022 3572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:27:02.0027 3572 WdiServiceHost - ok
15:27:02.0051 3572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:27:02.0056 3572 WdiSystemHost - ok
15:27:02.0133 3572 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
15:27:02.0138 3572 WebClient - ok
15:27:02.0188 3572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
15:27:02.0198 3572 Wecsvc - ok
15:27:02.0258 3572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
15:27:02.0264 3572 wercplsupport - ok
15:27:02.0320 3572 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
15:27:02.0330 3572 WerSvc - ok
15:27:02.0460 3572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
15:27:02.0460 3572 WfpLwf - ok
15:27:02.0500 3572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
15:27:02.0500 3572 WIMMount - ok
15:27:02.0550 3572 WinDefend - ok
15:27:02.0570 3572 WinHttpAutoProxySvc - ok
15:27:02.0652 3572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
15:27:02.0662 3572 Winmgmt - ok
15:27:02.0732 3572 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
15:27:02.0772 3572 WinRM - ok
15:27:02.0914 3572 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
15:27:02.0924 3572 WinUsb - ok
15:27:02.0994 3572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
15:27:03.0024 3572 Wlansvc - ok
15:27:03.0114 3572 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:27:03.0114 3572 wlcrasvc - ok
15:27:03.0214 3572 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:27:03.0269 3572 wlidsvc - ok
15:27:03.0461 3572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
15:27:03.0463 3572 WmiAcpi - ok
15:27:03.0557 3572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
15:27:03.0561 3572 wmiApSrv - ok
15:27:03.0644 3572 WMPNetworkSvc - ok
15:27:03.0697 3572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
15:27:03.0702 3572 WPCSvc - ok
15:27:03.0725 3572 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
15:27:03.0735 3572 WPDBusEnum - ok
15:27:03.0798 3572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
15:27:03.0798 3572 ws2ifsl - ok
15:27:03.0868 3572 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
15:27:03.0868 3572 wscsvc - ok
15:27:03.0925 3572 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
15:27:03.0927 3572 WSDPrintDevice - ok
15:27:03.0957 3572 WSearch - ok
15:27:04.0060 3572 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
15:27:04.0100 3572 wuauserv - ok
15:27:04.0160 3572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
15:27:04.0160 3572 WudfPf - ok
15:27:04.0220 3572 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
15:27:04.0230 3572 WUDFRd - ok
15:27:04.0270 3572 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
15:27:04.0280 3572 wudfsvc - ok
15:27:04.0333 3572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
15:27:04.0342 3572 WwanSvc - ok
15:27:04.0452 3572 MBR (0x1B8) (e5f32f9935722f6bb54fba6d20c7e835) \Device\Harddisk0\DR0
15:27:04.0482 3572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:27:04.0482 3572 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:27:04.0532 3572 Boot (0x1200) (563344d84f0102eedc1c3ade84a4b888) \Device\Harddisk0\DR0\Partition0
15:27:04.0532 3572 \Device\Harddisk0\DR0\Partition0 - ok
15:27:04.0552 3572 Boot (0x1200) (c9d84c8300f4478a3ee279b59160e6d2) \Device\Harddisk0\DR0\Partition1
15:27:04.0552 3572 \Device\Harddisk0\DR0\Partition1 - ok
15:27:04.0582 3572 Boot (0x1200) (ddc13268dacca650803f4c05417799d0) \Device\Harddisk0\DR0\Partition2
15:27:04.0592 3572 \Device\Harddisk0\DR0\Partition2 - ok
15:27:04.0592 3572 ============================================================
15:27:04.0592 3572 Scan finished
15:27:04.0592 3572 ============================================================
15:27:04.0647 3816 Detected object count: 1
15:27:04.0647 3816 Actual detected object count: 1
15:27:22.0746 3816 \Device\Harddisk0\DR0\# - copied to quarantine
15:27:23.0652 3816 \Device\Harddisk0\DR0 - copied to quarantine
15:27:25.0053 3816 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:27:25.0453 3816 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:27:25.0488 3816 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:27:25.0728 3816 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:27:25.0966 3816 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:27:29.0942 3816 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:27:30.0002 3816 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:27:30.0023 3816 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:27:30.0049 3816 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:27:30.0059 3816 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:27:30.0441 3816 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:27:30.0546 3816 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:27:30.0728 3816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:27:30.0729 3816 \Device\Harddisk0\DR0 - ok
15:27:31.0227 3816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:27:46.0149 7060 Deinitialize success

#6 Cruisermom

Cruisermom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 29 March 2012 - 03:06 PM

I am not getting any more re-directs!

Combo fix log:

ComboFix 12-03-29.02 - owner 03/29/2012 15:49:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2546 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\owner\Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 19:58 . 2012-03-29 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 19:39 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700526DC-BC5E-43F2-A0A9-552E420AA57A}\mpengine.dll
2012-03-29 19:27 . 2012-03-29 19:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-25 20:07 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-03-25 02:35 . 2012-03-25 02:35 -------- d-----w- c:\windows\Sun
2012-03-24 14:15 . 2012-03-24 14:15 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\9676.tmp
2012-03-24 14:15 . 2012-03-24 14:15 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\9637.tmp
2012-03-14 20:53 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 20:53 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 20:53 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 19:27 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 19:27 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:27 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 19:26 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:26 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:26 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 19:26 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2011-10-13 00:42 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-11 04:13 . 2012-02-11 04:14 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50F41061-7987-4AC9-814B-C537986BD2DA}\gapaengine.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-15 01:32 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 01:32 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2"="c:\programdata\OfficeGuardianV2\reminder\SacReminder.exe" [2010-12-21 522064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\OfficeGuardianV2\UACProxy.exe [2010-12-21 83792]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-29 16:02:06
ComboFix-quarantined-files.txt 2012-03-29 20:02
.
Pre-Run: 5,978,435,584 bytes free
Post-Run: 6,507,847,680 bytes free
.
- - End Of File - - 8275457470C399A8953CB5464CD8696F

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:41 AM

Posted 29 March 2012 - 03:37 PM

Hello,

Looks like we got the main infection now let's look for the leftovers.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Things to include in your next reply::
MBAM log
ESET log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Cruisermom

Cruisermom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 29 March 2012 - 04:04 PM

When I click on the link to download the Malwarebytes program, it takes me to instructions to download ARO 2012 trial version. I ran it and it now says the trial version cleaned 100 errors and in order to clean the rest I have to Buy and Download the program. ????


ETA: I see my mistake, I was tricked into clicking an ad for ARO. What do I do now? I downloaded and ran ARO instead of Malwarebytes.

Edited by Cruisermom, 29 March 2012 - 04:07 PM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:41 AM

Posted 29 March 2012 - 06:33 PM

Hello,

Please run TddsKiller again along with Combofix and post their logs.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Cruisermom

Cruisermom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 29 March 2012 - 08:13 PM

TDSS killer log:

19:59:15.0059 3224 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
19:59:15.0386 3224 ============================================================
19:59:15.0386 3224 Current date / time: 2012/03/29 19:59:15.0386
19:59:15.0386 3224 SystemInfo:
19:59:15.0386 3224
19:59:15.0386 3224 OS Version: 6.1.7601 ServicePack: 1.0
19:59:15.0386 3224 Product type: Workstation
19:59:15.0386 3224 ComputerName: OWNER-PC
19:59:15.0386 3224 UserName: owner
19:59:15.0386 3224 Windows directory: C:\windows
19:59:15.0386 3224 System windows directory: C:\windows
19:59:15.0386 3224 Running under WOW64
19:59:15.0386 3224 Processor architecture: Intel x64
19:59:15.0386 3224 Number of processors: 2
19:59:15.0386 3224 Page size: 0x1000
19:59:15.0386 3224 Boot type: Normal boot
19:59:15.0386 3224 ============================================================
19:59:16.0010 3224 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:59:16.0026 3224 \Device\Harddisk0\DR0:
19:59:16.0026 3224 MBR used
19:59:16.0026 3224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:59:16.0026 3224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE200000
19:59:16.0041 3224 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE233000, BlocksNum 0x14C1E800
19:59:16.0166 3224 Initialize success
19:59:16.0166 3224 ============================================================
19:59:19.0427 4356 ============================================================
19:59:19.0427 4356 Scan started
19:59:19.0427 4356 Mode: Manual;
19:59:19.0427 4356 ============================================================
19:59:20.0097 4356 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:59:20.0097 4356 1394ohci - ok
19:59:20.0144 4356 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:59:20.0144 4356 ACPI - ok
19:59:20.0160 4356 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:59:20.0160 4356 AcpiPmi - ok
19:59:20.0238 4356 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:59:20.0238 4356 adp94xx - ok
19:59:20.0316 4356 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:59:20.0316 4356 adpahci - ok
19:59:20.0347 4356 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:59:20.0347 4356 adpu320 - ok
19:59:20.0378 4356 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:59:20.0378 4356 AeLookupSvc - ok
19:59:20.0472 4356 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:59:20.0472 4356 AFD - ok
19:59:20.0534 4356 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:59:20.0550 4356 agp440 - ok
19:59:20.0565 4356 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:59:20.0565 4356 ALG - ok
19:59:20.0597 4356 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:59:20.0597 4356 aliide - ok
19:59:20.0706 4356 AMD External Events Utility (14bd9450992551a5a58580b4ba85daa1) C:\windows\system32\atiesrxx.exe
19:59:20.0706 4356 AMD External Events Utility - ok
19:59:20.0721 4356 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:59:20.0721 4356 amdide - ok
19:59:20.0753 4356 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:59:20.0753 4356 AmdK8 - ok
19:59:21.0018 4356 amdkmdag (62b34ee19b5ecda129fadd10b7d2ea9c) C:\windows\system32\DRIVERS\atikmdag.sys
19:59:21.0096 4356 amdkmdag - ok
19:59:21.0221 4356 amdkmdap (7033caa5b9550e470c985815382744ff) C:\windows\system32\DRIVERS\atikmpag.sys
19:59:21.0221 4356 amdkmdap - ok
19:59:21.0267 4356 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:59:21.0267 4356 AmdPPM - ok
19:59:21.0314 4356 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:59:21.0314 4356 amdsata - ok
19:59:21.0345 4356 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:59:21.0345 4356 amdsbs - ok
19:59:21.0377 4356 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:59:21.0377 4356 amdxata - ok
19:59:21.0408 4356 amd_sata (80a508d0c7a21bc13c01d4c671541203) C:\windows\system32\DRIVERS\amd_sata.sys
19:59:21.0408 4356 amd_sata - ok
19:59:21.0439 4356 amd_xata (2be940f3a632a1a301b22b096bf221f1) C:\windows\system32\DRIVERS\amd_xata.sys
19:59:21.0455 4356 amd_xata - ok
19:59:21.0486 4356 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:59:21.0486 4356 AppID - ok
19:59:21.0517 4356 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:59:21.0517 4356 AppIDSvc - ok
19:59:21.0533 4356 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:59:21.0533 4356 Appinfo - ok
19:59:21.0626 4356 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:59:21.0626 4356 arc - ok
19:59:21.0657 4356 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:59:21.0657 4356 arcsas - ok
19:59:21.0689 4356 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:59:21.0689 4356 AsyncMac - ok
19:59:21.0735 4356 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:59:21.0735 4356 atapi - ok
19:59:21.0829 4356 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\windows\system32\DRIVERS\athrx.sys
19:59:21.0845 4356 athr - ok
19:59:21.0907 4356 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
19:59:21.0907 4356 AtiHDAudioService - ok
19:59:22.0001 4356 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:59:22.0001 4356 AudioEndpointBuilder - ok
19:59:22.0016 4356 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:59:22.0032 4356 AudioSrv - ok
19:59:22.0110 4356 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:59:22.0110 4356 AxInstSV - ok
19:59:22.0188 4356 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:59:22.0203 4356 b06bdrv - ok
19:59:22.0266 4356 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:59:22.0266 4356 b57nd60a - ok
19:59:22.0406 4356 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:59:22.0406 4356 BBSvc - ok
19:59:22.0437 4356 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:59:22.0437 4356 BDESVC - ok
19:59:22.0469 4356 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:59:22.0469 4356 Beep - ok
19:59:22.0515 4356 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:59:22.0531 4356 BFE - ok
19:59:22.0593 4356 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
19:59:22.0609 4356 BITS - ok
19:59:22.0640 4356 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:59:22.0640 4356 blbdrive - ok
19:59:22.0703 4356 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:59:22.0703 4356 bowser - ok
19:59:22.0718 4356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:59:22.0718 4356 BrFiltLo - ok
19:59:22.0749 4356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:59:22.0749 4356 BrFiltUp - ok
19:59:22.0874 4356 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:59:22.0890 4356 BridgeMP - ok
19:59:22.0921 4356 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:59:22.0921 4356 Browser - ok
19:59:22.0952 4356 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:59:22.0968 4356 Brserid - ok
19:59:22.0983 4356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:59:22.0983 4356 BrSerWdm - ok
19:59:22.0999 4356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:59:22.0999 4356 BrUsbMdm - ok
19:59:23.0015 4356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:59:23.0030 4356 BrUsbSer - ok
19:59:23.0077 4356 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
19:59:23.0077 4356 BthEnum - ok
19:59:23.0139 4356 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:59:23.0139 4356 BTHMODEM - ok
19:59:23.0217 4356 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:59:23.0217 4356 BthPan - ok
19:59:23.0264 4356 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
19:59:23.0264 4356 BTHPORT - ok
19:59:23.0342 4356 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:59:23.0342 4356 bthserv - ok
19:59:23.0358 4356 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
19:59:23.0358 4356 BTHUSB - ok
19:59:23.0405 4356 catchme - ok
19:59:23.0483 4356 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:59:23.0483 4356 cdfs - ok
19:59:23.0514 4356 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:59:23.0514 4356 cdrom - ok
19:59:23.0561 4356 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:59:23.0576 4356 CertPropSvc - ok
19:59:23.0685 4356 CFUACProxy_officeguardianv2 (c149fe6e95025fd731d89abba5bb182f) C:\ProgramData\OfficeGuardianV2\UACProxy.exe
19:59:23.0685 4356 CFUACProxy_officeguardianv2 - ok
19:59:23.0717 4356 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:59:23.0717 4356 circlass - ok
19:59:23.0748 4356 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:59:23.0748 4356 CLFS - ok
19:59:23.0810 4356 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:59:23.0810 4356 clr_optimization_v2.0.50727_32 - ok
19:59:23.0904 4356 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:59:23.0904 4356 clr_optimization_v2.0.50727_64 - ok
19:59:23.0966 4356 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:59:23.0966 4356 clr_optimization_v4.0.30319_32 - ok
19:59:24.0044 4356 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:59:24.0044 4356 clr_optimization_v4.0.30319_64 - ok
19:59:24.0169 4356 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
19:59:24.0169 4356 clwvd - ok
19:59:24.0216 4356 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:59:24.0216 4356 CmBatt - ok
19:59:24.0263 4356 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:59:24.0263 4356 cmdide - ok
19:59:24.0309 4356 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:59:24.0325 4356 CNG - ok
19:59:24.0356 4356 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:59:24.0356 4356 Compbatt - ok
19:59:24.0419 4356 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
19:59:24.0419 4356 CompositeBus - ok
19:59:24.0434 4356 COMSysApp - ok
19:59:24.0465 4356 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:59:24.0465 4356 crcdisk - ok
19:59:24.0543 4356 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
19:59:24.0543 4356 CryptSvc - ok
19:59:24.0699 4356 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:59:24.0699 4356 cvhsvc - ok
19:59:24.0762 4356 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:59:24.0777 4356 DcomLaunch - ok
19:59:24.0855 4356 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:59:24.0855 4356 defragsvc - ok
19:59:24.0965 4356 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:59:24.0965 4356 DfsC - ok
19:59:25.0011 4356 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:59:25.0011 4356 Dhcp - ok
19:59:25.0043 4356 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:59:25.0043 4356 discache - ok
19:59:25.0121 4356 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:59:25.0121 4356 Disk - ok
19:59:25.0152 4356 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:59:25.0152 4356 Dnscache - ok
19:59:25.0245 4356 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:59:25.0245 4356 dot3svc - ok
19:59:25.0261 4356 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:59:25.0261 4356 DPS - ok
19:59:25.0292 4356 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:59:25.0308 4356 drmkaud - ok
19:59:25.0339 4356 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:59:25.0355 4356 DXGKrnl - ok
19:59:25.0401 4356 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:59:25.0401 4356 EapHost - ok
19:59:25.0495 4356 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:59:25.0526 4356 ebdrv - ok
19:59:25.0573 4356 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:59:25.0573 4356 EFS - ok
19:59:25.0651 4356 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:59:25.0651 4356 ehRecvr - ok
19:59:25.0667 4356 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:59:25.0667 4356 ehSched - ok
19:59:25.0791 4356 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:59:25.0807 4356 elxstor - ok
19:59:25.0838 4356 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:59:25.0838 4356 ErrDev - ok
19:59:25.0901 4356 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\windows\system32\DRIVERS\ETD.sys
19:59:25.0901 4356 ETD - ok
19:59:25.0979 4356 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:59:25.0979 4356 EventSystem - ok
19:59:26.0010 4356 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:59:26.0010 4356 exfat - ok
19:59:26.0041 4356 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:59:26.0041 4356 fastfat - ok
19:59:26.0119 4356 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:59:26.0135 4356 Fax - ok
19:59:26.0150 4356 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:59:26.0150 4356 fdc - ok
19:59:26.0213 4356 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:59:26.0213 4356 fdPHost - ok
19:59:26.0228 4356 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:59:26.0228 4356 FDResPub - ok
19:59:26.0259 4356 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:59:26.0259 4356 FileInfo - ok
19:59:26.0275 4356 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:59:26.0275 4356 Filetrace - ok
19:59:26.0291 4356 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:59:26.0291 4356 flpydisk - ok
19:59:26.0337 4356 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:59:26.0353 4356 FltMgr - ok
19:59:26.0415 4356 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:59:26.0431 4356 FontCache - ok
19:59:26.0525 4356 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:59:26.0525 4356 FontCache3.0.0.0 - ok
19:59:26.0556 4356 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:59:26.0556 4356 FsDepends - ok
19:59:26.0587 4356 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:59:26.0587 4356 Fs_Rec - ok
19:59:26.0634 4356 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:59:26.0634 4356 fvevol - ok
19:59:26.0665 4356 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:59:26.0665 4356 gagp30kx - ok
19:59:26.0805 4356 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
19:59:26.0805 4356 GameConsoleService - ok
19:59:26.0852 4356 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:59:26.0868 4356 gpsvc - ok
19:59:26.0883 4356 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:59:26.0883 4356 hcw85cir - ok
19:59:26.0946 4356 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:59:26.0946 4356 HdAudAddService - ok
19:59:26.0977 4356 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:59:26.0977 4356 HDAudBus - ok
19:59:26.0993 4356 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:59:26.0993 4356 HidBatt - ok
19:59:27.0024 4356 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:59:27.0024 4356 HidBth - ok
19:59:27.0055 4356 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:59:27.0055 4356 HidIr - ok
19:59:27.0086 4356 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:59:27.0086 4356 hidserv - ok
19:59:27.0149 4356 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:59:27.0149 4356 HidUsb - ok
19:59:27.0211 4356 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:59:27.0211 4356 hkmsvc - ok
19:59:27.0242 4356 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:59:27.0258 4356 HomeGroupListener - ok
19:59:27.0289 4356 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:59:27.0289 4356 HomeGroupProvider - ok
19:59:27.0320 4356 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:59:27.0320 4356 HpSAMD - ok
19:59:27.0367 4356 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:59:27.0383 4356 HTTP - ok
19:59:27.0414 4356 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:59:27.0429 4356 hwpolicy - ok
19:59:27.0461 4356 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:59:27.0461 4356 i8042prt - ok
19:59:27.0507 4356 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:59:27.0507 4356 iaStorV - ok
19:59:27.0617 4356 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:59:27.0632 4356 idsvc - ok
19:59:27.0897 4356 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
19:59:27.0960 4356 igfx - ok
19:59:28.0085 4356 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:59:28.0085 4356 iirsp - ok
19:59:28.0147 4356 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:59:28.0147 4356 IKEEXT - ok
19:59:28.0319 4356 IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\windows\system32\drivers\RTKVHD64.sys
19:59:28.0350 4356 IntcAzAudAddService - ok
19:59:28.0381 4356 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:59:28.0381 4356 intelide - ok
19:59:28.0412 4356 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
19:59:28.0412 4356 intelppm - ok
19:59:28.0490 4356 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:59:28.0490 4356 IPBusEnum - ok
19:59:28.0521 4356 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:59:28.0521 4356 IpFilterDriver - ok
19:59:28.0553 4356 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:59:28.0553 4356 iphlpsvc - ok
19:59:28.0584 4356 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:59:28.0599 4356 IPMIDRV - ok
19:59:28.0615 4356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:59:28.0615 4356 IPNAT - ok
19:59:28.0662 4356 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:59:28.0662 4356 IRENUM - ok
19:59:28.0693 4356 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:59:28.0693 4356 isapnp - ok
19:59:28.0740 4356 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:59:28.0740 4356 iScsiPrt - ok
19:59:28.0771 4356 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:59:28.0771 4356 kbdclass - ok
19:59:28.0833 4356 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:59:28.0833 4356 kbdhid - ok
19:59:28.0880 4356 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:28.0880 4356 KeyIso - ok
19:59:28.0911 4356 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:59:28.0911 4356 KSecDD - ok
19:59:28.0927 4356 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:59:28.0927 4356 KSecPkg - ok
19:59:28.0958 4356 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:59:28.0974 4356 ksthunk - ok
19:59:29.0005 4356 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:59:29.0021 4356 KtmRm - ok
19:59:29.0067 4356 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
19:59:29.0067 4356 LanmanServer - ok
19:59:29.0130 4356 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:59:29.0145 4356 LanmanWorkstation - ok
19:59:29.0255 4356 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:59:29.0255 4356 lltdio - ok
19:59:29.0301 4356 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:59:29.0317 4356 lltdsvc - ok
19:59:29.0333 4356 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:59:29.0333 4356 lmhosts - ok
19:59:29.0411 4356 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:59:29.0411 4356 LSI_FC - ok
19:59:29.0426 4356 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:59:29.0426 4356 LSI_SAS - ok
19:59:29.0442 4356 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:59:29.0442 4356 LSI_SAS2 - ok
19:59:29.0473 4356 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:59:29.0473 4356 LSI_SCSI - ok
19:59:29.0535 4356 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:59:29.0551 4356 luafv - ok
19:59:29.0551 4356 lxdx_device - ok
19:59:29.0613 4356 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:59:29.0613 4356 Mcx2Svc - ok
19:59:29.0660 4356 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:59:29.0660 4356 megasas - ok
19:59:29.0691 4356 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:59:29.0691 4356 MegaSR - ok
19:59:29.0738 4356 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:59:29.0738 4356 MMCSS - ok
19:59:29.0754 4356 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:59:29.0769 4356 Modem - ok
19:59:29.0816 4356 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:59:29.0816 4356 monitor - ok
19:59:29.0847 4356 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:59:29.0847 4356 mouclass - ok
19:59:29.0941 4356 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:59:29.0941 4356 mouhid - ok
19:59:29.0957 4356 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:59:29.0957 4356 mountmgr - ok
19:59:30.0003 4356 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
19:59:30.0019 4356 MpFilter - ok
19:59:30.0050 4356 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:59:30.0050 4356 mpio - ok
19:59:30.0081 4356 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
19:59:30.0081 4356 MpNWMon - ok
19:59:30.0097 4356 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:59:30.0097 4356 mpsdrv - ok
19:59:30.0159 4356 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:59:30.0159 4356 MpsSvc - ok
19:59:30.0191 4356 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:59:30.0206 4356 MRxDAV - ok
19:59:30.0237 4356 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:59:30.0237 4356 mrxsmb - ok
19:59:30.0300 4356 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:59:30.0300 4356 mrxsmb10 - ok
19:59:30.0347 4356 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:59:30.0347 4356 mrxsmb20 - ok
19:59:30.0362 4356 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:59:30.0362 4356 msahci - ok
19:59:30.0393 4356 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:59:30.0393 4356 msdsm - ok
19:59:30.0425 4356 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:59:30.0425 4356 MSDTC - ok
19:59:30.0456 4356 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:59:30.0456 4356 Msfs - ok
19:59:30.0487 4356 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:59:30.0487 4356 mshidkmdf - ok
19:59:30.0503 4356 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:59:30.0503 4356 msisadrv - ok
19:59:30.0549 4356 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:59:30.0549 4356 MSiSCSI - ok
19:59:30.0565 4356 msiserver - ok
19:59:30.0596 4356 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:59:30.0596 4356 MSKSSRV - ok
19:59:30.0705 4356 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:59:30.0705 4356 MsMpSvc - ok
19:59:30.0721 4356 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:59:30.0721 4356 MSPCLOCK - ok
19:59:30.0752 4356 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:59:30.0752 4356 MSPQM - ok
19:59:30.0783 4356 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:59:30.0783 4356 MsRPC - ok
19:59:30.0846 4356 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:59:30.0846 4356 mssmbios - ok
19:59:30.0861 4356 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:59:30.0861 4356 MSTEE - ok
19:59:30.0893 4356 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:59:30.0893 4356 MTConfig - ok
19:59:30.0924 4356 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:59:30.0924 4356 Mup - ok
19:59:31.0002 4356 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:59:31.0017 4356 napagent - ok
19:59:31.0049 4356 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:59:31.0049 4356 NativeWifiP - ok
19:59:31.0158 4356 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
19:59:31.0173 4356 NDIS - ok
19:59:31.0205 4356 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:59:31.0205 4356 NdisCap - ok
19:59:31.0267 4356 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:59:31.0267 4356 NdisTapi - ok
19:59:31.0283 4356 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:59:31.0283 4356 Ndisuio - ok
19:59:31.0314 4356 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:59:31.0314 4356 NdisWan - ok
19:59:31.0329 4356 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:59:31.0329 4356 NDProxy - ok
19:59:31.0392 4356 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:59:31.0392 4356 NetBIOS - ok
19:59:31.0423 4356 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:59:31.0423 4356 NetBT - ok
19:59:31.0454 4356 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:31.0454 4356 Netlogon - ok
19:59:31.0517 4356 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:59:31.0517 4356 Netman - ok
19:59:31.0548 4356 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:59:31.0563 4356 netprofm - ok
19:59:31.0657 4356 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:59:31.0657 4356 NetTcpPortSharing - ok
19:59:31.0751 4356 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:59:31.0751 4356 nfrd960 - ok
19:59:31.0797 4356 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:59:31.0797 4356 NisDrv - ok
19:59:31.0907 4356 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:59:31.0907 4356 NisSrv - ok
19:59:32.0031 4356 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:59:32.0031 4356 NlaSvc - ok
19:59:32.0172 4356 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:59:32.0203 4356 NOBU - ok
19:59:32.0281 4356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:59:32.0281 4356 Npfs - ok
19:59:32.0328 4356 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:59:32.0328 4356 nsi - ok
19:59:32.0343 4356 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:59:32.0343 4356 nsiproxy - ok
19:59:32.0406 4356 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:59:32.0421 4356 Ntfs - ok
19:59:32.0453 4356 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:59:32.0453 4356 Null - ok
19:59:32.0484 4356 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:59:32.0484 4356 nvraid - ok
19:59:32.0499 4356 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:59:32.0499 4356 nvstor - ok
19:59:32.0546 4356 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:59:32.0546 4356 nv_agp - ok
19:59:32.0687 4356 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:59:32.0702 4356 odserv - ok
19:59:32.0718 4356 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:59:32.0718 4356 ohci1394 - ok
19:59:32.0811 4356 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:59:32.0811 4356 ose - ok
19:59:32.0967 4356 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:59:33.0014 4356 osppsvc - ok
19:59:33.0123 4356 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:59:33.0123 4356 p2pimsvc - ok
19:59:33.0170 4356 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:59:33.0170 4356 p2psvc - ok
19:59:33.0248 4356 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:59:33.0248 4356 Parport - ok
19:59:33.0279 4356 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
19:59:33.0279 4356 partmgr - ok
19:59:33.0295 4356 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:59:33.0295 4356 PcaSvc - ok
19:59:33.0326 4356 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:59:33.0326 4356 pci - ok
19:59:33.0357 4356 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:59:33.0357 4356 pciide - ok
19:59:33.0373 4356 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:59:33.0373 4356 pcmcia - ok
19:59:33.0404 4356 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:59:33.0404 4356 pcw - ok
19:59:33.0451 4356 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:59:33.0451 4356 PEAUTH - ok
19:59:33.0529 4356 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:59:33.0529 4356 PerfHost - ok
19:59:33.0607 4356 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:59:33.0623 4356 pla - ok
19:59:33.0685 4356 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:59:33.0685 4356 PlugPlay - ok
19:59:33.0716 4356 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:59:33.0716 4356 PNRPAutoReg - ok
19:59:33.0747 4356 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:59:33.0763 4356 PNRPsvc - ok
19:59:33.0794 4356 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:59:33.0810 4356 PolicyAgent - ok
19:59:33.0872 4356 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:59:33.0872 4356 Power - ok
19:59:33.0950 4356 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:59:33.0950 4356 PptpMiniport - ok
19:59:33.0966 4356 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:59:33.0966 4356 Processor - ok
19:59:34.0044 4356 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
19:59:34.0044 4356 ProfSvc - ok
19:59:34.0091 4356 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:34.0091 4356 ProtectedStorage - ok
19:59:34.0122 4356 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:59:34.0122 4356 Psched - ok
19:59:34.0200 4356 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:59:34.0215 4356 ql2300 - ok
19:59:34.0231 4356 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:59:34.0231 4356 ql40xx - ok
19:59:34.0278 4356 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:59:34.0278 4356 QWAVE - ok
19:59:34.0293 4356 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:59:34.0293 4356 QWAVEdrv - ok
19:59:34.0325 4356 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:59:34.0325 4356 RasAcd - ok
19:59:34.0371 4356 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:59:34.0371 4356 RasAgileVpn - ok
19:59:34.0387 4356 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:59:34.0403 4356 RasAuto - ok
19:59:34.0418 4356 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:59:34.0418 4356 Rasl2tp - ok
19:59:34.0465 4356 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:59:34.0465 4356 RasMan - ok
19:59:34.0496 4356 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:59:34.0496 4356 RasPppoe - ok
19:59:34.0512 4356 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:59:34.0512 4356 RasSstp - ok
19:59:34.0543 4356 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:59:34.0543 4356 rdbss - ok
19:59:34.0559 4356 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:59:34.0559 4356 rdpbus - ok
19:59:34.0590 4356 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:59:34.0590 4356 RDPCDD - ok
19:59:34.0621 4356 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:59:34.0621 4356 RDPENCDD - ok
19:59:34.0652 4356 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:59:34.0652 4356 RDPREFMP - ok
19:59:34.0715 4356 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
19:59:34.0730 4356 RDPWD - ok
19:59:34.0777 4356 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:59:34.0777 4356 rdyboost - ok
19:59:34.0808 4356 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:59:34.0824 4356 RemoteAccess - ok
19:59:34.0855 4356 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:59:34.0855 4356 RemoteRegistry - ok
19:59:34.0933 4356 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:59:34.0933 4356 RFCOMM - ok
19:59:35.0073 4356 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:59:35.0073 4356 RichVideo - ok
19:59:35.0120 4356 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:59:35.0120 4356 RpcEptMapper - ok
19:59:35.0183 4356 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:59:35.0183 4356 RpcLocator - ok
19:59:35.0214 4356 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:59:35.0229 4356 RpcSs - ok
19:59:35.0323 4356 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:59:35.0323 4356 rspndr - ok
19:59:35.0370 4356 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\windows\system32\DRIVERS\Rt64win7.sys
19:59:35.0370 4356 RTL8167 - ok
19:59:35.0463 4356 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
19:59:35.0463 4356 rtport - ok
19:59:35.0495 4356 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
19:59:35.0495 4356 SABI - ok
19:59:35.0526 4356 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:35.0526 4356 SamSs - ok
19:59:35.0619 4356 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
19:59:35.0619 4356 Samsung UPD Service - ok
19:59:35.0651 4356 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:59:35.0651 4356 sbp2port - ok
19:59:35.0729 4356 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:59:35.0729 4356 SCardSvr - ok
19:59:35.0744 4356 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:59:35.0760 4356 scfilter - ok
19:59:35.0791 4356 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:59:35.0807 4356 Schedule - ok
19:59:35.0838 4356 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:59:35.0838 4356 SCPolicySvc - ok
19:59:35.0869 4356 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:59:35.0869 4356 SDRSVC - ok
19:59:35.0994 4356 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:59:35.0994 4356 SeaPort - ok
19:59:36.0072 4356 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:59:36.0087 4356 secdrv - ok
19:59:36.0103 4356 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:59:36.0103 4356 seclogon - ok
19:59:36.0134 4356 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:59:36.0134 4356 SENS - ok
19:59:36.0212 4356 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:59:36.0212 4356 SensrSvc - ok
19:59:36.0228 4356 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:59:36.0228 4356 Serenum - ok
19:59:36.0259 4356 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:59:36.0259 4356 Serial - ok
19:59:36.0275 4356 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:59:36.0275 4356 sermouse - ok
19:59:36.0321 4356 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:59:36.0321 4356 SessionEnv - ok
19:59:36.0337 4356 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:59:36.0337 4356 sffdisk - ok
19:59:36.0353 4356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:59:36.0368 4356 sffp_mmc - ok
19:59:36.0384 4356 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:59:36.0384 4356 sffp_sd - ok
19:59:36.0399 4356 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:59:36.0399 4356 sfloppy - ok
19:59:36.0477 4356 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:59:36.0493 4356 Sftfs - ok
19:59:36.0602 4356 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:59:36.0602 4356 sftlist - ok
19:59:36.0649 4356 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:59:36.0649 4356 Sftplay - ok
19:59:36.0665 4356 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:59:36.0665 4356 Sftredir - ok
19:59:36.0696 4356 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:59:36.0696 4356 Sftvol - ok
19:59:36.0711 4356 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:59:36.0727 4356 sftvsa - ok
19:59:36.0774 4356 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:59:36.0774 4356 SharedAccess - ok
19:59:36.0821 4356 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:59:36.0821 4356 ShellHWDetection - ok
19:59:36.0914 4356 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:59:36.0914 4356 SiSRaid2 - ok
19:59:36.0945 4356 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:59:36.0945 4356 SiSRaid4 - ok
19:59:36.0977 4356 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:59:36.0977 4356 Smb - ok
19:59:37.0023 4356 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:59:37.0039 4356 SNMPTRAP - ok
19:59:37.0086 4356 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:59:37.0086 4356 spldr - ok
19:59:37.0117 4356 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:59:37.0133 4356 Spooler - ok
19:59:37.0226 4356 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:59:37.0257 4356 sppsvc - ok
19:59:37.0289 4356 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:59:37.0289 4356 sppuinotify - ok
19:59:37.0382 4356 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:59:37.0382 4356 srv - ok
19:59:37.0413 4356 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:59:37.0413 4356 srv2 - ok
19:59:37.0445 4356 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:59:37.0445 4356 srvnet - ok
19:59:37.0507 4356 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:59:37.0507 4356 SSDPSRV - ok
19:59:37.0538 4356 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:59:37.0538 4356 SstpSvc - ok
19:59:37.0585 4356 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:59:37.0585 4356 stexstor - ok
19:59:37.0663 4356 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
19:59:37.0663 4356 StillCam - ok
19:59:37.0710 4356 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:59:37.0725 4356 stisvc - ok
19:59:37.0757 4356 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:59:37.0757 4356 swenum - ok
19:59:37.0788 4356 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:59:37.0803 4356 swprv - ok
19:59:37.0850 4356 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:59:37.0881 4356 SysMain - ok
19:59:37.0897 4356 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:59:37.0913 4356 TabletInputService - ok
19:59:37.0944 4356 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:59:37.0944 4356 TapiSrv - ok
19:59:38.0006 4356 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:59:38.0006 4356 TBS - ok
19:59:38.0131 4356 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
19:59:38.0147 4356 Tcpip - ok
19:59:38.0209 4356 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
19:59:38.0225 4356 TCPIP6 - ok
19:59:38.0256 4356 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:59:38.0256 4356 tcpipreg - ok
19:59:38.0287 4356 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:59:38.0287 4356 TDPIPE - ok
19:59:38.0318 4356 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:59:38.0318 4356 TDTCP - ok
19:59:38.0365 4356 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:59:38.0365 4356 tdx - ok
19:59:38.0381 4356 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
19:59:38.0396 4356 TermDD - ok
19:59:38.0443 4356 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:59:38.0459 4356 TermService - ok
19:59:38.0490 4356 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:59:38.0490 4356 Themes - ok
19:59:38.0537 4356 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:59:38.0537 4356 THREADORDER - ok
19:59:38.0568 4356 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:59:38.0568 4356 TrkWks - ok
19:59:38.0661 4356 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:59:38.0661 4356 TrustedInstaller - ok
19:59:38.0739 4356 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:59:38.0755 4356 tssecsrv - ok
19:59:38.0786 4356 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:59:38.0786 4356 TsUsbFlt - ok
19:59:38.0802 4356 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:59:38.0802 4356 TsUsbGD - ok
19:59:38.0833 4356 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:59:38.0833 4356 tunnel - ok
19:59:38.0864 4356 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:59:38.0864 4356 uagp35 - ok
19:59:38.0911 4356 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:59:38.0911 4356 udfs - ok
19:59:38.0942 4356 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:59:38.0958 4356 UI0Detect - ok
19:59:39.0036 4356 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:59:39.0036 4356 uliagpkx - ok
19:59:39.0067 4356 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:59:39.0067 4356 umbus - ok
19:59:39.0083 4356 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:59:39.0098 4356 UmPass - ok
19:59:39.0129 4356 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:59:39.0129 4356 upnphost - ok
19:59:39.0176 4356 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:59:39.0176 4356 usbccgp - ok
19:59:39.0207 4356 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:59:39.0207 4356 usbcir - ok
19:59:39.0223 4356 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:59:39.0223 4356 usbehci - ok
19:59:39.0301 4356 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\windows\system32\DRIVERS\usbfilter.sys
19:59:39.0301 4356 usbfilter - ok
19:59:39.0348 4356 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:59:39.0348 4356 usbhub - ok
19:59:39.0363 4356 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
19:59:39.0363 4356 usbohci - ok
19:59:39.0379 4356 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
19:59:39.0395 4356 usbprint - ok
19:59:39.0410 4356 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:59:39.0410 4356 USBSTOR - ok
19:59:39.0441 4356 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:59:39.0441 4356 usbuhci - ok
19:59:39.0488 4356 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:59:39.0488 4356 usbvideo - ok
19:59:39.0519 4356 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:59:39.0519 4356 UxSms - ok
19:59:39.0566 4356 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:39.0566 4356 VaultSvc - ok
19:59:39.0629 4356 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:59:39.0629 4356 vdrvroot - ok
19:59:39.0660 4356 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:59:39.0675 4356 vds - ok
19:59:39.0691 4356 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:59:39.0691 4356 vga - ok
19:59:39.0722 4356 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:59:39.0722 4356 VgaSave - ok
19:59:39.0769 4356 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:59:39.0769 4356 vhdmp - ok
19:59:39.0800 4356 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:59:39.0800 4356 viaide - ok
19:59:39.0831 4356 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:59:39.0831 4356 volmgr - ok
19:59:39.0847 4356 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:59:39.0863 4356 volmgrx - ok
19:59:39.0894 4356 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:59:39.0894 4356 volsnap - ok
19:59:39.0941 4356 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:59:39.0941 4356 vsmraid - ok
19:59:40.0034 4356 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:59:40.0050 4356 VSS - ok
19:59:40.0097 4356 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:59:40.0097 4356 vwifibus - ok
19:59:40.0143 4356 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
19:59:40.0143 4356 vwififlt - ok
19:59:40.0175 4356 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
19:59:40.0175 4356 vwifimp - ok
19:59:40.0206 4356 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:59:40.0221 4356 W32Time - ok
19:59:40.0237 4356 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:59:40.0237 4356 WacomPen - ok
19:59:40.0268 4356 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:59:40.0268 4356 WANARP - ok
19:59:40.0284 4356 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:59:40.0284 4356 Wanarpv6 - ok
19:59:40.0377 4356 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:59:40.0377 4356 WatAdminSvc - ok
19:59:40.0440 4356 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:59:40.0455 4356 wbengine - ok
19:59:40.0487 4356 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:59:40.0502 4356 WbioSrvc - ok
19:59:40.0533 4356 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:59:40.0533 4356 wcncsvc - ok
19:59:40.0549 4356 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:59:40.0565 4356 WcsPlugInService - ok
19:59:40.0611 4356 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:59:40.0611 4356 Wd - ok
19:59:40.0689 4356 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
19:59:40.0689 4356 WDC_SAM - ok
19:59:40.0721 4356 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:59:40.0736 4356 Wdf01000 - ok
19:59:40.0752 4356 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:59:40.0767 4356 WdiServiceHost - ok
19:59:40.0767 4356 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:59:40.0767 4356 WdiSystemHost - ok
19:59:40.0799 4356 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:59:40.0814 4356 WebClient - ok
19:59:40.0845 4356 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:59:40.0861 4356 Wecsvc - ok
19:59:40.0892 4356 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:59:40.0892 4356 wercplsupport - ok
19:59:40.0955 4356 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:59:40.0955 4356 WerSvc - ok
19:59:41.0017 4356 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:59:41.0017 4356 WfpLwf - ok
19:59:41.0048 4356 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:59:41.0048 4356 WIMMount - ok
19:59:41.0111 4356 WinDefend - ok
19:59:41.0126 4356 WinHttpAutoProxySvc - ok
19:59:41.0189 4356 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:59:41.0189 4356 Winmgmt - ok
19:59:41.0251 4356 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:59:41.0282 4356 WinRM - ok
19:59:41.0376 4356 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:59:41.0376 4356 WinUsb - ok
19:59:41.0423 4356 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:59:41.0423 4356 Wlansvc - ok
19:59:41.0532 4356 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:59:41.0532 4356 wlcrasvc - ok
19:59:41.0610 4356 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:59:41.0625 4356 wlidsvc - ok
19:59:41.0703 4356 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:59:41.0703 4356 WmiAcpi - ok
19:59:41.0797 4356 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:59:41.0797 4356 wmiApSrv - ok
19:59:41.0891 4356 WMPNetworkSvc - ok
19:59:41.0937 4356 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:59:41.0937 4356 WPCSvc - ok
19:59:41.0969 4356 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:59:41.0969 4356 WPDBusEnum - ok
19:59:42.0031 4356 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:59:42.0031 4356 ws2ifsl - ok
19:59:42.0062 4356 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
19:59:42.0078 4356 wscsvc - ok
19:59:42.0093 4356 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
19:59:42.0093 4356 WSDPrintDevice - ok
19:59:42.0109 4356 WSearch - ok
19:59:42.0187 4356 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
19:59:42.0218 4356 wuauserv - ok
19:59:42.0249 4356 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:59:42.0249 4356 WudfPf - ok
19:59:42.0281 4356 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:59:42.0281 4356 WUDFRd - ok
19:59:42.0312 4356 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:59:42.0312 4356 wudfsvc - ok
19:59:42.0359 4356 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:59:42.0359 4356 WwanSvc - ok
19:59:42.0421 4356 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
19:59:42.0749 4356 \Device\Harddisk0\DR0 - ok
19:59:42.0749 4356 Boot (0x1200) (563344d84f0102eedc1c3ade84a4b888) \Device\Harddisk0\DR0\Partition0
19:59:42.0749 4356 \Device\Harddisk0\DR0\Partition0 - ok
19:59:42.0764 4356 Boot (0x1200) (c9d84c8300f4478a3ee279b59160e6d2) \Device\Harddisk0\DR0\Partition1
19:59:42.0780 4356 \Device\Harddisk0\DR0\Partition1 - ok
19:59:42.0827 4356 Boot (0x1200) (ddc13268dacca650803f4c05417799d0) \Device\Harddisk0\DR0\Partition2
19:59:42.0827 4356 \Device\Harddisk0\DR0\Partition2 - ok
19:59:42.0827 4356 ============================================================
19:59:42.0827 4356 Scan finished
19:59:42.0827 4356 ============================================================
19:59:42.0842 3720 Detected object count: 0
19:59:42.0842 3720 Actual detected object count: 0
20:00:09.0487 2996 Deinitialize success

#11 Cruisermom

Cruisermom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 29 March 2012 - 08:14 PM

Combo fix log:

19:59:15.0059 3224 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
19:59:15.0386 3224 ============================================================
19:59:15.0386 3224 Current date / time: 2012/03/29 19:59:15.0386
19:59:15.0386 3224 SystemInfo:
19:59:15.0386 3224
19:59:15.0386 3224 OS Version: 6.1.7601 ServicePack: 1.0
19:59:15.0386 3224 Product type: Workstation
19:59:15.0386 3224 ComputerName: OWNER-PC
19:59:15.0386 3224 UserName: owner
19:59:15.0386 3224 Windows directory: C:\windows
19:59:15.0386 3224 System windows directory: C:\windows
19:59:15.0386 3224 Running under WOW64
19:59:15.0386 3224 Processor architecture: Intel x64
19:59:15.0386 3224 Number of processors: 2
19:59:15.0386 3224 Page size: 0x1000
19:59:15.0386 3224 Boot type: Normal boot
19:59:15.0386 3224 ============================================================
19:59:16.0010 3224 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:59:16.0026 3224 \Device\Harddisk0\DR0:
19:59:16.0026 3224 MBR used
19:59:16.0026 3224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:59:16.0026 3224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE200000
19:59:16.0041 3224 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE233000, BlocksNum 0x14C1E800
19:59:16.0166 3224 Initialize success
19:59:16.0166 3224 ============================================================
19:59:19.0427 4356 ============================================================
19:59:19.0427 4356 Scan started
19:59:19.0427 4356 Mode: Manual;
19:59:19.0427 4356 ============================================================
19:59:20.0097 4356 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:59:20.0097 4356 1394ohci - ok
19:59:20.0144 4356 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:59:20.0144 4356 ACPI - ok
19:59:20.0160 4356 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:59:20.0160 4356 AcpiPmi - ok
19:59:20.0238 4356 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:59:20.0238 4356 adp94xx - ok
19:59:20.0316 4356 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:59:20.0316 4356 adpahci - ok
19:59:20.0347 4356 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:59:20.0347 4356 adpu320 - ok
19:59:20.0378 4356 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:59:20.0378 4356 AeLookupSvc - ok
19:59:20.0472 4356 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:59:20.0472 4356 AFD - ok
19:59:20.0534 4356 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:59:20.0550 4356 agp440 - ok
19:59:20.0565 4356 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:59:20.0565 4356 ALG - ok
19:59:20.0597 4356 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:59:20.0597 4356 aliide - ok
19:59:20.0706 4356 AMD External Events Utility (14bd9450992551a5a58580b4ba85daa1) C:\windows\system32\atiesrxx.exe
19:59:20.0706 4356 AMD External Events Utility - ok
19:59:20.0721 4356 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:59:20.0721 4356 amdide - ok
19:59:20.0753 4356 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:59:20.0753 4356 AmdK8 - ok
19:59:21.0018 4356 amdkmdag (62b34ee19b5ecda129fadd10b7d2ea9c) C:\windows\system32\DRIVERS\atikmdag.sys
19:59:21.0096 4356 amdkmdag - ok
19:59:21.0221 4356 amdkmdap (7033caa5b9550e470c985815382744ff) C:\windows\system32\DRIVERS\atikmpag.sys
19:59:21.0221 4356 amdkmdap - ok
19:59:21.0267 4356 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:59:21.0267 4356 AmdPPM - ok
19:59:21.0314 4356 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:59:21.0314 4356 amdsata - ok
19:59:21.0345 4356 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:59:21.0345 4356 amdsbs - ok
19:59:21.0377 4356 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:59:21.0377 4356 amdxata - ok
19:59:21.0408 4356 amd_sata (80a508d0c7a21bc13c01d4c671541203) C:\windows\system32\DRIVERS\amd_sata.sys
19:59:21.0408 4356 amd_sata - ok
19:59:21.0439 4356 amd_xata (2be940f3a632a1a301b22b096bf221f1) C:\windows\system32\DRIVERS\amd_xata.sys
19:59:21.0455 4356 amd_xata - ok
19:59:21.0486 4356 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:59:21.0486 4356 AppID - ok
19:59:21.0517 4356 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:59:21.0517 4356 AppIDSvc - ok
19:59:21.0533 4356 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:59:21.0533 4356 Appinfo - ok
19:59:21.0626 4356 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:59:21.0626 4356 arc - ok
19:59:21.0657 4356 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:59:21.0657 4356 arcsas - ok
19:59:21.0689 4356 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:59:21.0689 4356 AsyncMac - ok
19:59:21.0735 4356 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:59:21.0735 4356 atapi - ok
19:59:21.0829 4356 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\windows\system32\DRIVERS\athrx.sys
19:59:21.0845 4356 athr - ok
19:59:21.0907 4356 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
19:59:21.0907 4356 AtiHDAudioService - ok
19:59:22.0001 4356 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:59:22.0001 4356 AudioEndpointBuilder - ok
19:59:22.0016 4356 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:59:22.0032 4356 AudioSrv - ok
19:59:22.0110 4356 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:59:22.0110 4356 AxInstSV - ok
19:59:22.0188 4356 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:59:22.0203 4356 b06bdrv - ok
19:59:22.0266 4356 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:59:22.0266 4356 b57nd60a - ok
19:59:22.0406 4356 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:59:22.0406 4356 BBSvc - ok
19:59:22.0437 4356 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:59:22.0437 4356 BDESVC - ok
19:59:22.0469 4356 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:59:22.0469 4356 Beep - ok
19:59:22.0515 4356 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:59:22.0531 4356 BFE - ok
19:59:22.0593 4356 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
19:59:22.0609 4356 BITS - ok
19:59:22.0640 4356 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:59:22.0640 4356 blbdrive - ok
19:59:22.0703 4356 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:59:22.0703 4356 bowser - ok
19:59:22.0718 4356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:59:22.0718 4356 BrFiltLo - ok
19:59:22.0749 4356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:59:22.0749 4356 BrFiltUp - ok
19:59:22.0874 4356 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:59:22.0890 4356 BridgeMP - ok
19:59:22.0921 4356 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:59:22.0921 4356 Browser - ok
19:59:22.0952 4356 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:59:22.0968 4356 Brserid - ok
19:59:22.0983 4356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:59:22.0983 4356 BrSerWdm - ok
19:59:22.0999 4356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:59:22.0999 4356 BrUsbMdm - ok
19:59:23.0015 4356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:59:23.0030 4356 BrUsbSer - ok
19:59:23.0077 4356 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
19:59:23.0077 4356 BthEnum - ok
19:59:23.0139 4356 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:59:23.0139 4356 BTHMODEM - ok
19:59:23.0217 4356 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:59:23.0217 4356 BthPan - ok
19:59:23.0264 4356 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
19:59:23.0264 4356 BTHPORT - ok
19:59:23.0342 4356 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:59:23.0342 4356 bthserv - ok
19:59:23.0358 4356 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
19:59:23.0358 4356 BTHUSB - ok
19:59:23.0405 4356 catchme - ok
19:59:23.0483 4356 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:59:23.0483 4356 cdfs - ok
19:59:23.0514 4356 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:59:23.0514 4356 cdrom - ok
19:59:23.0561 4356 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:59:23.0576 4356 CertPropSvc - ok
19:59:23.0685 4356 CFUACProxy_officeguardianv2 (c149fe6e95025fd731d89abba5bb182f) C:\ProgramData\OfficeGuardianV2\UACProxy.exe
19:59:23.0685 4356 CFUACProxy_officeguardianv2 - ok
19:59:23.0717 4356 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:59:23.0717 4356 circlass - ok
19:59:23.0748 4356 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:59:23.0748 4356 CLFS - ok
19:59:23.0810 4356 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:59:23.0810 4356 clr_optimization_v2.0.50727_32 - ok
19:59:23.0904 4356 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:59:23.0904 4356 clr_optimization_v2.0.50727_64 - ok
19:59:23.0966 4356 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:59:23.0966 4356 clr_optimization_v4.0.30319_32 - ok
19:59:24.0044 4356 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:59:24.0044 4356 clr_optimization_v4.0.30319_64 - ok
19:59:24.0169 4356 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
19:59:24.0169 4356 clwvd - ok
19:59:24.0216 4356 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:59:24.0216 4356 CmBatt - ok
19:59:24.0263 4356 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:59:24.0263 4356 cmdide - ok
19:59:24.0309 4356 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:59:24.0325 4356 CNG - ok
19:59:24.0356 4356 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:59:24.0356 4356 Compbatt - ok
19:59:24.0419 4356 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
19:59:24.0419 4356 CompositeBus - ok
19:59:24.0434 4356 COMSysApp - ok
19:59:24.0465 4356 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:59:24.0465 4356 crcdisk - ok
19:59:24.0543 4356 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
19:59:24.0543 4356 CryptSvc - ok
19:59:24.0699 4356 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:59:24.0699 4356 cvhsvc - ok
19:59:24.0762 4356 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:59:24.0777 4356 DcomLaunch - ok
19:59:24.0855 4356 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:59:24.0855 4356 defragsvc - ok
19:59:24.0965 4356 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:59:24.0965 4356 DfsC - ok
19:59:25.0011 4356 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:59:25.0011 4356 Dhcp - ok
19:59:25.0043 4356 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:59:25.0043 4356 discache - ok
19:59:25.0121 4356 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:59:25.0121 4356 Disk - ok
19:59:25.0152 4356 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:59:25.0152 4356 Dnscache - ok
19:59:25.0245 4356 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:59:25.0245 4356 dot3svc - ok
19:59:25.0261 4356 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:59:25.0261 4356 DPS - ok
19:59:25.0292 4356 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:59:25.0308 4356 drmkaud - ok
19:59:25.0339 4356 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:59:25.0355 4356 DXGKrnl - ok
19:59:25.0401 4356 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:59:25.0401 4356 EapHost - ok
19:59:25.0495 4356 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:59:25.0526 4356 ebdrv - ok
19:59:25.0573 4356 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:59:25.0573 4356 EFS - ok
19:59:25.0651 4356 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:59:25.0651 4356 ehRecvr - ok
19:59:25.0667 4356 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:59:25.0667 4356 ehSched - ok
19:59:25.0791 4356 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:59:25.0807 4356 elxstor - ok
19:59:25.0838 4356 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:59:25.0838 4356 ErrDev - ok
19:59:25.0901 4356 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\windows\system32\DRIVERS\ETD.sys
19:59:25.0901 4356 ETD - ok
19:59:25.0979 4356 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:59:25.0979 4356 EventSystem - ok
19:59:26.0010 4356 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:59:26.0010 4356 exfat - ok
19:59:26.0041 4356 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:59:26.0041 4356 fastfat - ok
19:59:26.0119 4356 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:59:26.0135 4356 Fax - ok
19:59:26.0150 4356 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:59:26.0150 4356 fdc - ok
19:59:26.0213 4356 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:59:26.0213 4356 fdPHost - ok
19:59:26.0228 4356 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:59:26.0228 4356 FDResPub - ok
19:59:26.0259 4356 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:59:26.0259 4356 FileInfo - ok
19:59:26.0275 4356 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:59:26.0275 4356 Filetrace - ok
19:59:26.0291 4356 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:59:26.0291 4356 flpydisk - ok
19:59:26.0337 4356 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:59:26.0353 4356 FltMgr - ok
19:59:26.0415 4356 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:59:26.0431 4356 FontCache - ok
19:59:26.0525 4356 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:59:26.0525 4356 FontCache3.0.0.0 - ok
19:59:26.0556 4356 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:59:26.0556 4356 FsDepends - ok
19:59:26.0587 4356 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:59:26.0587 4356 Fs_Rec - ok
19:59:26.0634 4356 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:59:26.0634 4356 fvevol - ok
19:59:26.0665 4356 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:59:26.0665 4356 gagp30kx - ok
19:59:26.0805 4356 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
19:59:26.0805 4356 GameConsoleService - ok
19:59:26.0852 4356 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:59:26.0868 4356 gpsvc - ok
19:59:26.0883 4356 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:59:26.0883 4356 hcw85cir - ok
19:59:26.0946 4356 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:59:26.0946 4356 HdAudAddService - ok
19:59:26.0977 4356 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:59:26.0977 4356 HDAudBus - ok
19:59:26.0993 4356 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:59:26.0993 4356 HidBatt - ok
19:59:27.0024 4356 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:59:27.0024 4356 HidBth - ok
19:59:27.0055 4356 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:59:27.0055 4356 HidIr - ok
19:59:27.0086 4356 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:59:27.0086 4356 hidserv - ok
19:59:27.0149 4356 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:59:27.0149 4356 HidUsb - ok
19:59:27.0211 4356 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:59:27.0211 4356 hkmsvc - ok
19:59:27.0242 4356 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:59:27.0258 4356 HomeGroupListener - ok
19:59:27.0289 4356 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:59:27.0289 4356 HomeGroupProvider - ok
19:59:27.0320 4356 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:59:27.0320 4356 HpSAMD - ok
19:59:27.0367 4356 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:59:27.0383 4356 HTTP - ok
19:59:27.0414 4356 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:59:27.0429 4356 hwpolicy - ok
19:59:27.0461 4356 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:59:27.0461 4356 i8042prt - ok
19:59:27.0507 4356 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:59:27.0507 4356 iaStorV - ok
19:59:27.0617 4356 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:59:27.0632 4356 idsvc - ok
19:59:27.0897 4356 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
19:59:27.0960 4356 igfx - ok
19:59:28.0085 4356 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:59:28.0085 4356 iirsp - ok
19:59:28.0147 4356 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:59:28.0147 4356 IKEEXT - ok
19:59:28.0319 4356 IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\windows\system32\drivers\RTKVHD64.sys
19:59:28.0350 4356 IntcAzAudAddService - ok
19:59:28.0381 4356 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:59:28.0381 4356 intelide - ok
19:59:28.0412 4356 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
19:59:28.0412 4356 intelppm - ok
19:59:28.0490 4356 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:59:28.0490 4356 IPBusEnum - ok
19:59:28.0521 4356 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:59:28.0521 4356 IpFilterDriver - ok
19:59:28.0553 4356 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:59:28.0553 4356 iphlpsvc - ok
19:59:28.0584 4356 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:59:28.0599 4356 IPMIDRV - ok
19:59:28.0615 4356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:59:28.0615 4356 IPNAT - ok
19:59:28.0662 4356 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:59:28.0662 4356 IRENUM - ok
19:59:28.0693 4356 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:59:28.0693 4356 isapnp - ok
19:59:28.0740 4356 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:59:28.0740 4356 iScsiPrt - ok
19:59:28.0771 4356 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:59:28.0771 4356 kbdclass - ok
19:59:28.0833 4356 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:59:28.0833 4356 kbdhid - ok
19:59:28.0880 4356 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:28.0880 4356 KeyIso - ok
19:59:28.0911 4356 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:59:28.0911 4356 KSecDD - ok
19:59:28.0927 4356 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:59:28.0927 4356 KSecPkg - ok
19:59:28.0958 4356 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:59:28.0974 4356 ksthunk - ok
19:59:29.0005 4356 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:59:29.0021 4356 KtmRm - ok
19:59:29.0067 4356 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
19:59:29.0067 4356 LanmanServer - ok
19:59:29.0130 4356 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:59:29.0145 4356 LanmanWorkstation - ok
19:59:29.0255 4356 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:59:29.0255 4356 lltdio - ok
19:59:29.0301 4356 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:59:29.0317 4356 lltdsvc - ok
19:59:29.0333 4356 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:59:29.0333 4356 lmhosts - ok
19:59:29.0411 4356 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:59:29.0411 4356 LSI_FC - ok
19:59:29.0426 4356 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:59:29.0426 4356 LSI_SAS - ok
19:59:29.0442 4356 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:59:29.0442 4356 LSI_SAS2 - ok
19:59:29.0473 4356 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:59:29.0473 4356 LSI_SCSI - ok
19:59:29.0535 4356 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:59:29.0551 4356 luafv - ok
19:59:29.0551 4356 lxdx_device - ok
19:59:29.0613 4356 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:59:29.0613 4356 Mcx2Svc - ok
19:59:29.0660 4356 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:59:29.0660 4356 megasas - ok
19:59:29.0691 4356 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:59:29.0691 4356 MegaSR - ok
19:59:29.0738 4356 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:59:29.0738 4356 MMCSS - ok
19:59:29.0754 4356 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:59:29.0769 4356 Modem - ok
19:59:29.0816 4356 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:59:29.0816 4356 monitor - ok
19:59:29.0847 4356 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:59:29.0847 4356 mouclass - ok
19:59:29.0941 4356 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:59:29.0941 4356 mouhid - ok
19:59:29.0957 4356 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:59:29.0957 4356 mountmgr - ok
19:59:30.0003 4356 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
19:59:30.0019 4356 MpFilter - ok
19:59:30.0050 4356 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:59:30.0050 4356 mpio - ok
19:59:30.0081 4356 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
19:59:30.0081 4356 MpNWMon - ok
19:59:30.0097 4356 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:59:30.0097 4356 mpsdrv - ok
19:59:30.0159 4356 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:59:30.0159 4356 MpsSvc - ok
19:59:30.0191 4356 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:59:30.0206 4356 MRxDAV - ok
19:59:30.0237 4356 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:59:30.0237 4356 mrxsmb - ok
19:59:30.0300 4356 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:59:30.0300 4356 mrxsmb10 - ok
19:59:30.0347 4356 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:59:30.0347 4356 mrxsmb20 - ok
19:59:30.0362 4356 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:59:30.0362 4356 msahci - ok
19:59:30.0393 4356 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:59:30.0393 4356 msdsm - ok
19:59:30.0425 4356 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:59:30.0425 4356 MSDTC - ok
19:59:30.0456 4356 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:59:30.0456 4356 Msfs - ok
19:59:30.0487 4356 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:59:30.0487 4356 mshidkmdf - ok
19:59:30.0503 4356 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:59:30.0503 4356 msisadrv - ok
19:59:30.0549 4356 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:59:30.0549 4356 MSiSCSI - ok
19:59:30.0565 4356 msiserver - ok
19:59:30.0596 4356 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:59:30.0596 4356 MSKSSRV - ok
19:59:30.0705 4356 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:59:30.0705 4356 MsMpSvc - ok
19:59:30.0721 4356 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:59:30.0721 4356 MSPCLOCK - ok
19:59:30.0752 4356 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:59:30.0752 4356 MSPQM - ok
19:59:30.0783 4356 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:59:30.0783 4356 MsRPC - ok
19:59:30.0846 4356 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:59:30.0846 4356 mssmbios - ok
19:59:30.0861 4356 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:59:30.0861 4356 MSTEE - ok
19:59:30.0893 4356 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:59:30.0893 4356 MTConfig - ok
19:59:30.0924 4356 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:59:30.0924 4356 Mup - ok
19:59:31.0002 4356 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:59:31.0017 4356 napagent - ok
19:59:31.0049 4356 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:59:31.0049 4356 NativeWifiP - ok
19:59:31.0158 4356 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
19:59:31.0173 4356 NDIS - ok
19:59:31.0205 4356 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:59:31.0205 4356 NdisCap - ok
19:59:31.0267 4356 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:59:31.0267 4356 NdisTapi - ok
19:59:31.0283 4356 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:59:31.0283 4356 Ndisuio - ok
19:59:31.0314 4356 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:59:31.0314 4356 NdisWan - ok
19:59:31.0329 4356 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:59:31.0329 4356 NDProxy - ok
19:59:31.0392 4356 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:59:31.0392 4356 NetBIOS - ok
19:59:31.0423 4356 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:59:31.0423 4356 NetBT - ok
19:59:31.0454 4356 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:31.0454 4356 Netlogon - ok
19:59:31.0517 4356 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:59:31.0517 4356 Netman - ok
19:59:31.0548 4356 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:59:31.0563 4356 netprofm - ok
19:59:31.0657 4356 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:59:31.0657 4356 NetTcpPortSharing - ok
19:59:31.0751 4356 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:59:31.0751 4356 nfrd960 - ok
19:59:31.0797 4356 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:59:31.0797 4356 NisDrv - ok
19:59:31.0907 4356 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:59:31.0907 4356 NisSrv - ok
19:59:32.0031 4356 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:59:32.0031 4356 NlaSvc - ok
19:59:32.0172 4356 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:59:32.0203 4356 NOBU - ok
19:59:32.0281 4356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:59:32.0281 4356 Npfs - ok
19:59:32.0328 4356 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:59:32.0328 4356 nsi - ok
19:59:32.0343 4356 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:59:32.0343 4356 nsiproxy - ok
19:59:32.0406 4356 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:59:32.0421 4356 Ntfs - ok
19:59:32.0453 4356 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:59:32.0453 4356 Null - ok
19:59:32.0484 4356 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:59:32.0484 4356 nvraid - ok
19:59:32.0499 4356 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:59:32.0499 4356 nvstor - ok
19:59:32.0546 4356 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:59:32.0546 4356 nv_agp - ok
19:59:32.0687 4356 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:59:32.0702 4356 odserv - ok
19:59:32.0718 4356 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:59:32.0718 4356 ohci1394 - ok
19:59:32.0811 4356 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:59:32.0811 4356 ose - ok
19:59:32.0967 4356 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:59:33.0014 4356 osppsvc - ok
19:59:33.0123 4356 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:59:33.0123 4356 p2pimsvc - ok
19:59:33.0170 4356 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:59:33.0170 4356 p2psvc - ok
19:59:33.0248 4356 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:59:33.0248 4356 Parport - ok
19:59:33.0279 4356 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
19:59:33.0279 4356 partmgr - ok
19:59:33.0295 4356 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:59:33.0295 4356 PcaSvc - ok
19:59:33.0326 4356 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:59:33.0326 4356 pci - ok
19:59:33.0357 4356 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:59:33.0357 4356 pciide - ok
19:59:33.0373 4356 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:59:33.0373 4356 pcmcia - ok
19:59:33.0404 4356 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:59:33.0404 4356 pcw - ok
19:59:33.0451 4356 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:59:33.0451 4356 PEAUTH - ok
19:59:33.0529 4356 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:59:33.0529 4356 PerfHost - ok
19:59:33.0607 4356 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:59:33.0623 4356 pla - ok
19:59:33.0685 4356 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:59:33.0685 4356 PlugPlay - ok
19:59:33.0716 4356 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:59:33.0716 4356 PNRPAutoReg - ok
19:59:33.0747 4356 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:59:33.0763 4356 PNRPsvc - ok
19:59:33.0794 4356 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:59:33.0810 4356 PolicyAgent - ok
19:59:33.0872 4356 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:59:33.0872 4356 Power - ok
19:59:33.0950 4356 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:59:33.0950 4356 PptpMiniport - ok
19:59:33.0966 4356 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:59:33.0966 4356 Processor - ok
19:59:34.0044 4356 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
19:59:34.0044 4356 ProfSvc - ok
19:59:34.0091 4356 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:34.0091 4356 ProtectedStorage - ok
19:59:34.0122 4356 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:59:34.0122 4356 Psched - ok
19:59:34.0200 4356 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:59:34.0215 4356 ql2300 - ok
19:59:34.0231 4356 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:59:34.0231 4356 ql40xx - ok
19:59:34.0278 4356 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:59:34.0278 4356 QWAVE - ok
19:59:34.0293 4356 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:59:34.0293 4356 QWAVEdrv - ok
19:59:34.0325 4356 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:59:34.0325 4356 RasAcd - ok
19:59:34.0371 4356 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:59:34.0371 4356 RasAgileVpn - ok
19:59:34.0387 4356 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:59:34.0403 4356 RasAuto - ok
19:59:34.0418 4356 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:59:34.0418 4356 Rasl2tp - ok
19:59:34.0465 4356 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:59:34.0465 4356 RasMan - ok
19:59:34.0496 4356 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:59:34.0496 4356 RasPppoe - ok
19:59:34.0512 4356 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:59:34.0512 4356 RasSstp - ok
19:59:34.0543 4356 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:59:34.0543 4356 rdbss - ok
19:59:34.0559 4356 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:59:34.0559 4356 rdpbus - ok
19:59:34.0590 4356 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:59:34.0590 4356 RDPCDD - ok
19:59:34.0621 4356 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:59:34.0621 4356 RDPENCDD - ok
19:59:34.0652 4356 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:59:34.0652 4356 RDPREFMP - ok
19:59:34.0715 4356 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
19:59:34.0730 4356 RDPWD - ok
19:59:34.0777 4356 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:59:34.0777 4356 rdyboost - ok
19:59:34.0808 4356 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:59:34.0824 4356 RemoteAccess - ok
19:59:34.0855 4356 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:59:34.0855 4356 RemoteRegistry - ok
19:59:34.0933 4356 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:59:34.0933 4356 RFCOMM - ok
19:59:35.0073 4356 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:59:35.0073 4356 RichVideo - ok
19:59:35.0120 4356 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:59:35.0120 4356 RpcEptMapper - ok
19:59:35.0183 4356 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:59:35.0183 4356 RpcLocator - ok
19:59:35.0214 4356 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:59:35.0229 4356 RpcSs - ok
19:59:35.0323 4356 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:59:35.0323 4356 rspndr - ok
19:59:35.0370 4356 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\windows\system32\DRIVERS\Rt64win7.sys
19:59:35.0370 4356 RTL8167 - ok
19:59:35.0463 4356 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
19:59:35.0463 4356 rtport - ok
19:59:35.0495 4356 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
19:59:35.0495 4356 SABI - ok
19:59:35.0526 4356 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:35.0526 4356 SamSs - ok
19:59:35.0619 4356 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
19:59:35.0619 4356 Samsung UPD Service - ok
19:59:35.0651 4356 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:59:35.0651 4356 sbp2port - ok
19:59:35.0729 4356 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:59:35.0729 4356 SCardSvr - ok
19:59:35.0744 4356 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:59:35.0760 4356 scfilter - ok
19:59:35.0791 4356 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:59:35.0807 4356 Schedule - ok
19:59:35.0838 4356 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:59:35.0838 4356 SCPolicySvc - ok
19:59:35.0869 4356 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:59:35.0869 4356 SDRSVC - ok
19:59:35.0994 4356 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:59:35.0994 4356 SeaPort - ok
19:59:36.0072 4356 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:59:36.0087 4356 secdrv - ok
19:59:36.0103 4356 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:59:36.0103 4356 seclogon - ok
19:59:36.0134 4356 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:59:36.0134 4356 SENS - ok
19:59:36.0212 4356 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:59:36.0212 4356 SensrSvc - ok
19:59:36.0228 4356 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:59:36.0228 4356 Serenum - ok
19:59:36.0259 4356 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:59:36.0259 4356 Serial - ok
19:59:36.0275 4356 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:59:36.0275 4356 sermouse - ok
19:59:36.0321 4356 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:59:36.0321 4356 SessionEnv - ok
19:59:36.0337 4356 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:59:36.0337 4356 sffdisk - ok
19:59:36.0353 4356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:59:36.0368 4356 sffp_mmc - ok
19:59:36.0384 4356 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:59:36.0384 4356 sffp_sd - ok
19:59:36.0399 4356 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:59:36.0399 4356 sfloppy - ok
19:59:36.0477 4356 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:59:36.0493 4356 Sftfs - ok
19:59:36.0602 4356 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:59:36.0602 4356 sftlist - ok
19:59:36.0649 4356 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:59:36.0649 4356 Sftplay - ok
19:59:36.0665 4356 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:59:36.0665 4356 Sftredir - ok
19:59:36.0696 4356 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:59:36.0696 4356 Sftvol - ok
19:59:36.0711 4356 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:59:36.0727 4356 sftvsa - ok
19:59:36.0774 4356 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:59:36.0774 4356 SharedAccess - ok
19:59:36.0821 4356 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:59:36.0821 4356 ShellHWDetection - ok
19:59:36.0914 4356 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:59:36.0914 4356 SiSRaid2 - ok
19:59:36.0945 4356 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:59:36.0945 4356 SiSRaid4 - ok
19:59:36.0977 4356 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:59:36.0977 4356 Smb - ok
19:59:37.0023 4356 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:59:37.0039 4356 SNMPTRAP - ok
19:59:37.0086 4356 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:59:37.0086 4356 spldr - ok
19:59:37.0117 4356 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:59:37.0133 4356 Spooler - ok
19:59:37.0226 4356 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:59:37.0257 4356 sppsvc - ok
19:59:37.0289 4356 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:59:37.0289 4356 sppuinotify - ok
19:59:37.0382 4356 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:59:37.0382 4356 srv - ok
19:59:37.0413 4356 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:59:37.0413 4356 srv2 - ok
19:59:37.0445 4356 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:59:37.0445 4356 srvnet - ok
19:59:37.0507 4356 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:59:37.0507 4356 SSDPSRV - ok
19:59:37.0538 4356 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:59:37.0538 4356 SstpSvc - ok
19:59:37.0585 4356 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:59:37.0585 4356 stexstor - ok
19:59:37.0663 4356 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
19:59:37.0663 4356 StillCam - ok
19:59:37.0710 4356 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:59:37.0725 4356 stisvc - ok
19:59:37.0757 4356 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:59:37.0757 4356 swenum - ok
19:59:37.0788 4356 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:59:37.0803 4356 swprv - ok
19:59:37.0850 4356 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:59:37.0881 4356 SysMain - ok
19:59:37.0897 4356 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:59:37.0913 4356 TabletInputService - ok
19:59:37.0944 4356 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:59:37.0944 4356 TapiSrv - ok
19:59:38.0006 4356 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:59:38.0006 4356 TBS - ok
19:59:38.0131 4356 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
19:59:38.0147 4356 Tcpip - ok
19:59:38.0209 4356 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
19:59:38.0225 4356 TCPIP6 - ok
19:59:38.0256 4356 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:59:38.0256 4356 tcpipreg - ok
19:59:38.0287 4356 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:59:38.0287 4356 TDPIPE - ok
19:59:38.0318 4356 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:59:38.0318 4356 TDTCP - ok
19:59:38.0365 4356 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:59:38.0365 4356 tdx - ok
19:59:38.0381 4356 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
19:59:38.0396 4356 TermDD - ok
19:59:38.0443 4356 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:59:38.0459 4356 TermService - ok
19:59:38.0490 4356 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:59:38.0490 4356 Themes - ok
19:59:38.0537 4356 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:59:38.0537 4356 THREADORDER - ok
19:59:38.0568 4356 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:59:38.0568 4356 TrkWks - ok
19:59:38.0661 4356 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:59:38.0661 4356 TrustedInstaller - ok
19:59:38.0739 4356 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:59:38.0755 4356 tssecsrv - ok
19:59:38.0786 4356 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:59:38.0786 4356 TsUsbFlt - ok
19:59:38.0802 4356 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:59:38.0802 4356 TsUsbGD - ok
19:59:38.0833 4356 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:59:38.0833 4356 tunnel - ok
19:59:38.0864 4356 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:59:38.0864 4356 uagp35 - ok
19:59:38.0911 4356 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:59:38.0911 4356 udfs - ok
19:59:38.0942 4356 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:59:38.0958 4356 UI0Detect - ok
19:59:39.0036 4356 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:59:39.0036 4356 uliagpkx - ok
19:59:39.0067 4356 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:59:39.0067 4356 umbus - ok
19:59:39.0083 4356 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:59:39.0098 4356 UmPass - ok
19:59:39.0129 4356 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:59:39.0129 4356 upnphost - ok
19:59:39.0176 4356 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:59:39.0176 4356 usbccgp - ok
19:59:39.0207 4356 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:59:39.0207 4356 usbcir - ok
19:59:39.0223 4356 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:59:39.0223 4356 usbehci - ok
19:59:39.0301 4356 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\windows\system32\DRIVERS\usbfilter.sys
19:59:39.0301 4356 usbfilter - ok
19:59:39.0348 4356 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:59:39.0348 4356 usbhub - ok
19:59:39.0363 4356 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
19:59:39.0363 4356 usbohci - ok
19:59:39.0379 4356 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
19:59:39.0395 4356 usbprint - ok
19:59:39.0410 4356 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:59:39.0410 4356 USBSTOR - ok
19:59:39.0441 4356 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:59:39.0441 4356 usbuhci - ok
19:59:39.0488 4356 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:59:39.0488 4356 usbvideo - ok
19:59:39.0519 4356 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:59:39.0519 4356 UxSms - ok
19:59:39.0566 4356 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:39.0566 4356 VaultSvc - ok
19:59:39.0629 4356 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:59:39.0629 4356 vdrvroot - ok
19:59:39.0660 4356 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:59:39.0675 4356 vds - ok
19:59:39.0691 4356 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:59:39.0691 4356 vga - ok
19:59:39.0722 4356 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:59:39.0722 4356 VgaSave - ok
19:59:39.0769 4356 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:59:39.0769 4356 vhdmp - ok
19:59:39.0800 4356 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:59:39.0800 4356 viaide - ok
19:59:39.0831 4356 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:59:39.0831 4356 volmgr - ok
19:59:39.0847 4356 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:59:39.0863 4356 volmgrx - ok
19:59:39.0894 4356 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:59:39.0894 4356 volsnap - ok
19:59:39.0941 4356 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:59:39.0941 4356 vsmraid - ok
19:59:40.0034 4356 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:59:40.0050 4356 VSS - ok
19:59:40.0097 4356 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:59:40.0097 4356 vwifibus - ok
19:59:40.0143 4356 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
19:59:40.0143 4356 vwififlt - ok
19:59:40.0175 4356 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
19:59:40.0175 4356 vwifimp - ok
19:59:40.0206 4356 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:59:40.0221 4356 W32Time - ok
19:59:40.0237 4356 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:59:40.0237 4356 WacomPen - ok
19:59:40.0268 4356 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:59:40.0268 4356 WANARP - ok
19:59:40.0284 4356 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:59:40.0284 4356 Wanarpv6 - ok
19:59:40.0377 4356 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:59:40.0377 4356 WatAdminSvc - ok
19:59:40.0440 4356 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:59:40.0455 4356 wbengine - ok
19:59:40.0487 4356 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:59:40.0502 4356 WbioSrvc - ok
19:59:40.0533 4356 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:59:40.0533 4356 wcncsvc - ok
19:59:40.0549 4356 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:59:40.0565 4356 WcsPlugInService - ok
19:59:40.0611 4356 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:59:40.0611 4356 Wd - ok
19:59:40.0689 4356 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
19:59:40.0689 4356 WDC_SAM - ok
19:59:40.0721 4356 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:59:40.0736 4356 Wdf01000 - ok
19:59:40.0752 4356 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:59:40.0767 4356 WdiServiceHost - ok
19:59:40.0767 4356 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:59:40.0767 4356 WdiSystemHost - ok
19:59:40.0799 4356 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:59:40.0814 4356 WebClient - ok
19:59:40.0845 4356 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:59:40.0861 4356 Wecsvc - ok
19:59:40.0892 4356 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:59:40.0892 4356 wercplsupport - ok
19:59:40.0955 4356 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:59:40.0955 4356 WerSvc - ok
19:59:41.0017 4356 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:59:41.0017 4356 WfpLwf - ok
19:59:41.0048 4356 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:59:41.0048 4356 WIMMount - ok
19:59:41.0111 4356 WinDefend - ok
19:59:41.0126 4356 WinHttpAutoProxySvc - ok
19:59:41.0189 4356 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:59:41.0189 4356 Winmgmt - ok
19:59:41.0251 4356 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:59:41.0282 4356 WinRM - ok
19:59:41.0376 4356 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:59:41.0376 4356 WinUsb - ok
19:59:41.0423 4356 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:59:41.0423 4356 Wlansvc - ok
19:59:41.0532 4356 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:59:41.0532 4356 wlcrasvc - ok
19:59:41.0610 4356 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:59:41.0625 4356 wlidsvc - ok
19:59:41.0703 4356 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:59:41.0703 4356 WmiAcpi - ok
19:59:41.0797 4356 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:59:41.0797 4356 wmiApSrv - ok
19:59:41.0891 4356 WMPNetworkSvc - ok
19:59:41.0937 4356 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:59:41.0937 4356 WPCSvc - ok
19:59:41.0969 4356 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:59:41.0969 4356 WPDBusEnum - ok
19:59:42.0031 4356 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:59:42.0031 4356 ws2ifsl - ok
19:59:42.0062 4356 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
19:59:42.0078 4356 wscsvc - ok
19:59:42.0093 4356 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
19:59:42.0093 4356 WSDPrintDevice - ok
19:59:42.0109 4356 WSearch - ok
19:59:42.0187 4356 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
19:59:42.0218 4356 wuauserv - ok
19:59:42.0249 4356 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:59:42.0249 4356 WudfPf - ok
19:59:42.0281 4356 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:59:42.0281 4356 WUDFRd - ok
19:59:42.0312 4356 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:59:42.0312 4356 wudfsvc - ok
19:59:42.0359 4356 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:59:42.0359 4356 WwanSvc - ok
19:59:42.0421 4356 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
19:59:42.0749 4356 \Device\Harddisk0\DR0 - ok
19:59:42.0749 4356 Boot (0x1200) (563344d84f0102eedc1c3ade84a4b888) \Device\Harddisk0\DR0\Partition0
19:59:42.0749 4356 \Device\Harddisk0\DR0\Partition0 - ok
19:59:42.0764 4356 Boot (0x1200) (c9d84c8300f4478a3ee279b59160e6d2) \Device\Harddisk0\DR0\Partition1
19:59:42.0780 4356 \Device\Harddisk0\DR0\Partition1 - ok
19:59:42.0827 4356 Boot (0x1200) (ddc13268dacca650803f4c05417799d0) \Device\Harddisk0\DR0\Partition2
19:59:42.0827 4356 \Device\Harddisk0\DR0\Partition2 - ok
19:59:42.0827 4356 ============================================================
19:59:42.0827 4356 Scan finished
19:59:42.0827 4356 ============================================================
19:59:42.0842 3720 Detected object count: 0
19:59:42.0842 3720 Actual detected object count: 0
20:00:09.0487 2996 Deinitialize success

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:41 AM

Posted 30 March 2012 - 10:19 AM

Hello,

You posted the TddsKIller log instead of the Combofix log. It should be located at C:\Combofix.2txt

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Cruisermom

Cruisermom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 30 March 2012 - 11:34 AM

ComboFix 12-03-29.02 - owner 03/29/2012 20:18:48.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2498 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 01:06 . 2012-03-30 01:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 20:44 . 2012-03-29 20:44 -------- d-----w- c:\users\owner\AppData\Roaming\Sammsoft
2012-03-29 20:44 . 2012-03-29 20:44 -------- d-----w- c:\program files (x86)\ARO 2012
2012-03-29 20:44 . 2012-03-29 20:44 -------- d-----w- c:\program files (x86)\Ask.com
2012-03-29 19:39 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700526DC-BC5E-43F2-A0A9-552E420AA57A}\mpengine.dll
2012-03-29 19:27 . 2012-03-29 19:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-25 20:07 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-03-25 02:35 . 2012-03-25 02:35 -------- d-----w- c:\windows\Sun
2012-03-24 14:15 . 2012-03-24 14:15 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\9676.tmp
2012-03-24 14:15 . 2012-03-24 14:15 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\9637.tmp
2012-03-14 20:53 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 20:53 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 20:53 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 19:27 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 19:27 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:27 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 19:26 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:26 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:26 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 19:26 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2011-10-13 00:42 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-11 04:13 . 2012-02-11 04:14 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50F41061-7987-4AC9-814B-C537986BD2DA}\gapaengine.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-15 01:32 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 01:32 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-29_19.58.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-29 20:44 . 2012-03-29 20:44 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2012-03-29 20:44 . 2012-03-29 20:44 3745280 c:\windows\Installer\457e2c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2"="c:\programdata\OfficeGuardianV2\reminder\SacReminder.exe" [2010-12-21 522064]
"AROReminder"="c:\program files (x86)\ARO 2012\aro.exe" [2012-01-06 2552688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\OfficeGuardianV2\UACProxy.exe [2010-12-21 83792]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 87688619
*Deregistered* - 87688619
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-29 21:10:18
ComboFix-quarantined-files.txt 2012-03-30 01:10
ComboFix2.txt 2012-03-29 20:02
.
Pre-Run: 7,407,263,744 bytes free
Post-Run: 7,126,880,256 bytes free
.
- - End Of File - - D1CED76B426E85987C76C00CCAADA38D

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:41 AM

Posted 30 March 2012 - 01:48 PM

Hello,


Lets go ahead and run MBAM

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Cruisermom

Cruisermom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 30 March 2012 - 02:58 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
owner :: OWNER-PC [administrator]

3/30/2012 3:46:58 PM
mbam-log-2012-03-30 (15-46-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199395
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


Running ESET now...

Edited by Cruisermom, 30 March 2012 - 04:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users