Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May be infected by ZeroAccess Rootkit.


  • This topic is locked This topic is locked
6 replies to this topic

#1 nightkids

nightkids

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 04 April 2012 - 11:47 PM

Chrome and Firefox were being redirected until Hitman Pro found and removed "consrv.dll". Upon restart, computer would BSOD with message of missing %hs. With some help from another forum, I was able to get into regedit and change something pointing to consrv.dll when it should have been winsrv.dll (original post here) Now my computer works fine with nothing showing up with MalwareBytes, Hitman Pro, or Avast. However, following suggestion from quietman7, I come here to make sure im completely clean. here's the log.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Jimmy at 0:16:48 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6055.3064 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\AsScrPro.exe
C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9CADE3F4-2C68-46CF-A5B9-F8661E5E7FA3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9CADE3F4-2C68-46CF-A5B9-F8661E5E7FA3}\2375942554039383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9CADE3F4-2C68-46CF-A5B9-F8661E5E7FA3}\355616C602455616D60264C65687 : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{9CADE3F4-2C68-46CF-A5B9-F8661E5E7FA3}\553464F575051423 : DhcpNameServer = 10.171.12.5 10.171.12.37 10.171.12.69
TCP: Interfaces\{9CADE3F4-2C68-46CF-A5B9-F8661E5E7FA3}\D49794E6475627E65647 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\4b681q23.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-2 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-10 2009704]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-27 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-27 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-02 16:45:32 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-02 16:45:32 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-02 16:45:32 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-02 15:43:42 27936 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-04-02 04:43:07 -------- d-----w- C:\Program Files\HitmanPro
2012-04-02 04:41:12 -------- d-----w- C:\ProgramData\HitmanPro
2012-04-02 03:28:38 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-02 03:27:44 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 03:27:31 -------- d-----we C:\Windows\system64
2012-03-30 14:48:34 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72D94839-AFF2-44DA-A88E-487E9848B066}\mpengine.dll
2012-03-24 16:13:21 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 16:13:21 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 13:07:30 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 13:07:30 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:07:29 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 21:47:03 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 21:47:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 21:47:01 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 21:46:08 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 21:46:08 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 21:46:08 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 21:46:08 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 21:46:08 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 21:46:07 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 21:46:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-02 05:09:35 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-04-02 03:27:44 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-27 09:58:24 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-01-27 09:32:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 0:17:30.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:53 PM

Posted 05 April 2012 - 06:26 AM

We are in the process of researching and investigating your log. Please be patient as we do this and a Helper will respond shortly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:53 AM

Posted 06 April 2012 - 06:36 PM

Hi Nightkids, my name is Mark and I will be helping you.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


Sorry for the delay I have been having problems with my internet connection.

Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

#4 nightkids

nightkids
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 April 2012 - 11:25 AM

hello mark,
thanks for your help. Looks like tdss killer didnt find anything too alarming. heres the log.


12:17:46.0572 4172 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
12:17:46.0902 4172 ============================================================
12:17:46.0902 4172 Current date / time: 2012/04/07 12:17:46.0902
12:17:46.0902 4172 SystemInfo:
12:17:46.0902 4172
12:17:46.0902 4172 OS Version: 6.1.7601 ServicePack: 1.0
12:17:46.0902 4172 Product type: Workstation
12:17:46.0902 4172 ComputerName: COMPUTERBLUE
12:17:46.0902 4172 UserName: Jimmy
12:17:46.0902 4172 Windows directory: C:\Windows
12:17:46.0902 4172 System windows directory: C:\Windows
12:17:46.0902 4172 Running under WOW64
12:17:46.0902 4172 Processor architecture: Intel x64
12:17:46.0902 4172 Number of processors: 8
12:17:46.0902 4172 Page size: 0x1000
12:17:46.0902 4172 Boot type: Normal boot
12:17:46.0902 4172 ============================================================
12:17:47.0352 4172 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:17:47.0362 4172 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:17:50.0846 4172 \Device\Harddisk0\DR0:
12:17:50.0846 4172 MBR used
12:17:50.0846 4172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x37184800
12:17:50.0846 4172 \Device\Harddisk1\DR1:
12:17:50.0846 4172 MBR used
12:17:50.0846 4172 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
12:17:51.0116 4172 Initialize success
12:17:51.0116 4172 ============================================================
12:19:34.0670 4676 ============================================================
12:19:34.0670 4676 Scan started
12:19:34.0670 4676 Mode: Manual; SigCheck; TDLFS;
12:19:34.0670 4676 ============================================================
12:19:35.0580 4676 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:19:35.0650 4676 1394ohci - ok
12:19:35.0680 4676 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:19:35.0710 4676 ACPI - ok
12:19:35.0750 4676 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:19:35.0780 4676 AcpiPmi - ok
12:19:35.0840 4676 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:19:35.0850 4676 AdobeFlashPlayerUpdateSvc - ok
12:19:35.0880 4676 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:19:35.0900 4676 adp94xx - ok
12:19:35.0930 4676 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:19:35.0950 4676 adpahci - ok
12:19:35.0960 4676 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:19:35.0970 4676 adpu320 - ok
12:19:36.0010 4676 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:19:36.0060 4676 AeLookupSvc - ok
12:19:36.0100 4676 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
12:19:36.0130 4676 AFBAgent - ok
12:19:36.0170 4676 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:19:36.0200 4676 AFD - ok
12:19:36.0220 4676 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:19:36.0230 4676 agp440 - ok
12:19:36.0240 4676 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:19:36.0280 4676 ALG - ok
12:19:36.0300 4676 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:19:36.0310 4676 aliide - ok
12:19:36.0320 4676 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:19:36.0330 4676 amdide - ok
12:19:36.0340 4676 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:19:36.0370 4676 AmdK8 - ok
12:19:36.0380 4676 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:19:36.0410 4676 AmdPPM - ok
12:19:36.0440 4676 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:19:36.0450 4676 amdsata - ok
12:19:36.0460 4676 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:19:36.0471 4676 amdsbs - ok
12:19:36.0481 4676 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:19:36.0491 4676 amdxata - ok
12:19:36.0501 4676 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:19:36.0541 4676 AppID - ok
12:19:36.0551 4676 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:19:36.0591 4676 AppIDSvc - ok
12:19:36.0601 4676 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:19:36.0651 4676 Appinfo - ok
12:19:36.0711 4676 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:19:36.0711 4676 Apple Mobile Device - ok
12:19:36.0741 4676 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:19:36.0761 4676 arc - ok
12:19:36.0771 4676 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:19:36.0781 4676 arcsas - ok
12:19:36.0851 4676 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
12:19:36.0861 4676 ASLDRService - ok
12:19:36.0871 4676 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:19:36.0871 4676 ASMMAP64 - ok
12:19:36.0901 4676 asmthub3 (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\DRIVERS\asmthub3.sys
12:19:36.0931 4676 asmthub3 - ok
12:19:36.0951 4676 asmtxhci (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\DRIVERS\asmtxhci.sys
12:19:36.0981 4676 asmtxhci - ok
12:19:37.0041 4676 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
12:19:37.0051 4676 aswFsBlk - ok
12:19:37.0101 4676 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
12:19:37.0111 4676 aswMonFlt - ok
12:19:37.0131 4676 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
12:19:37.0141 4676 aswRdr - ok
12:19:37.0181 4676 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
12:19:37.0201 4676 aswSnx - ok
12:19:37.0231 4676 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
12:19:37.0241 4676 aswSP - ok
12:19:37.0261 4676 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
12:19:37.0271 4676 aswTdi - ok
12:19:37.0301 4676 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:19:37.0351 4676 AsyncMac - ok
12:19:37.0371 4676 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:19:37.0371 4676 atapi - ok
12:19:37.0421 4676 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
12:19:37.0482 4676 athr - ok
12:19:37.0532 4676 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
12:19:37.0542 4676 ATKGFNEXSrv - ok
12:19:37.0562 4676 ATKWMIACPIIO (ac31727f9946e9009480708e4d1b9986) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
12:19:37.0572 4676 ATKWMIACPIIO - ok
12:19:37.0612 4676 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:19:37.0662 4676 AudioEndpointBuilder - ok
12:19:37.0672 4676 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:19:37.0712 4676 AudioSrv - ok
12:19:37.0792 4676 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:19:37.0802 4676 avast! Antivirus - ok
12:19:37.0832 4676 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:19:37.0862 4676 AxInstSV - ok
12:19:37.0882 4676 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:19:37.0912 4676 b06bdrv - ok
12:19:37.0932 4676 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:19:37.0962 4676 b57nd60a - ok
12:19:37.0982 4676 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:19:38.0012 4676 BDESVC - ok
12:19:38.0022 4676 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:19:38.0072 4676 Beep - ok
12:19:38.0112 4676 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:19:38.0172 4676 BITS - ok
12:19:38.0192 4676 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:19:38.0222 4676 blbdrive - ok
12:19:38.0262 4676 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:19:38.0282 4676 Bonjour Service - ok
12:19:38.0312 4676 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:19:38.0332 4676 bowser - ok
12:19:38.0352 4676 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:19:38.0372 4676 BrFiltLo - ok
12:19:38.0382 4676 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:19:38.0402 4676 BrFiltUp - ok
12:19:38.0422 4676 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:19:38.0472 4676 Browser - ok
12:19:38.0493 4676 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:19:38.0523 4676 Brserid - ok
12:19:38.0543 4676 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:19:38.0573 4676 BrSerWdm - ok
12:19:38.0583 4676 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:19:38.0603 4676 BrUsbMdm - ok
12:19:38.0613 4676 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:19:38.0633 4676 BrUsbSer - ok
12:19:38.0683 4676 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:19:38.0703 4676 BthEnum - ok
12:19:38.0723 4676 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:19:38.0743 4676 BTHMODEM - ok
12:19:38.0763 4676 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:19:38.0793 4676 BthPan - ok
12:19:38.0823 4676 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:19:38.0853 4676 BTHPORT - ok
12:19:38.0903 4676 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:19:38.0933 4676 bthserv - ok
12:19:38.0963 4676 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:19:39.0013 4676 BTHUSB - ok
12:19:39.0033 4676 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:19:39.0073 4676 cdfs - ok
12:19:39.0103 4676 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:19:39.0113 4676 cdrom - ok
12:19:39.0143 4676 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:19:39.0183 4676 CertPropSvc - ok
12:19:39.0203 4676 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:19:39.0213 4676 circlass - ok
12:19:39.0233 4676 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:19:39.0253 4676 CLFS - ok
12:19:39.0293 4676 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:19:39.0303 4676 clr_optimization_v2.0.50727_32 - ok
12:19:39.0333 4676 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:19:39.0343 4676 clr_optimization_v2.0.50727_64 - ok
12:19:39.0413 4676 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:19:39.0423 4676 clr_optimization_v4.0.30319_32 - ok
12:19:39.0473 4676 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:19:39.0483 4676 clr_optimization_v4.0.30319_64 - ok
12:19:39.0503 4676 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:19:39.0523 4676 CmBatt - ok
12:19:39.0543 4676 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:19:39.0553 4676 cmdide - ok
12:19:39.0593 4676 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:19:39.0613 4676 CNG - ok
12:19:39.0643 4676 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:19:39.0653 4676 Compbatt - ok
12:19:39.0673 4676 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:19:39.0693 4676 CompositeBus - ok
12:19:39.0703 4676 COMSysApp - ok
12:19:39.0713 4676 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:19:39.0723 4676 crcdisk - ok
12:19:39.0753 4676 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:19:39.0793 4676 CryptSvc - ok
12:19:39.0863 4676 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:19:39.0893 4676 cvhsvc - ok
12:19:39.0923 4676 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:19:39.0963 4676 DcomLaunch - ok
12:19:39.0983 4676 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:19:40.0023 4676 defragsvc - ok
12:19:40.0043 4676 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:19:40.0083 4676 DfsC - ok
12:19:40.0093 4676 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:19:40.0153 4676 Dhcp - ok
12:19:40.0163 4676 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:19:40.0213 4676 discache - ok
12:19:40.0233 4676 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:19:40.0243 4676 Disk - ok
12:19:40.0263 4676 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:19:40.0293 4676 Dnscache - ok
12:19:40.0313 4676 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:19:40.0363 4676 dot3svc - ok
12:19:40.0383 4676 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:19:40.0423 4676 DPS - ok
12:19:40.0443 4676 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:19:40.0473 4676 drmkaud - ok
12:19:40.0504 4676 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:19:40.0524 4676 DXGKrnl - ok
12:19:40.0564 4676 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:19:40.0594 4676 EapHost - ok
12:19:40.0694 4676 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:19:40.0784 4676 ebdrv - ok
12:19:40.0824 4676 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:19:40.0844 4676 EFS - ok
12:19:40.0894 4676 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:19:40.0934 4676 ehRecvr - ok
12:19:40.0944 4676 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:19:40.0964 4676 ehSched - ok
12:19:41.0004 4676 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:19:41.0014 4676 ElbyCDIO - ok
12:19:41.0044 4676 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:19:41.0064 4676 elxstor - ok
12:19:41.0084 4676 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:19:41.0094 4676 ErrDev - ok
12:19:41.0134 4676 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:19:41.0194 4676 EventSystem - ok
12:19:41.0294 4676 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:19:41.0334 4676 EvtEng - ok
12:19:41.0364 4676 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:19:41.0404 4676 exfat - ok
12:19:41.0414 4676 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:19:41.0464 4676 fastfat - ok
12:19:41.0484 4676 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:19:41.0514 4676 Fax - ok
12:19:41.0534 4676 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:19:41.0564 4676 fdc - ok
12:19:41.0574 4676 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:19:41.0614 4676 fdPHost - ok
12:19:41.0634 4676 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:19:41.0674 4676 FDResPub - ok
12:19:41.0694 4676 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:19:41.0704 4676 FileInfo - ok
12:19:41.0724 4676 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:19:41.0764 4676 Filetrace - ok
12:19:41.0784 4676 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:19:41.0804 4676 flpydisk - ok
12:19:41.0814 4676 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:19:41.0824 4676 FltMgr - ok
12:19:41.0854 4676 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:19:41.0904 4676 FontCache - ok
12:19:41.0944 4676 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:19:41.0954 4676 FontCache3.0.0.0 - ok
12:19:41.0974 4676 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:19:41.0984 4676 FsDepends - ok
12:19:42.0014 4676 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
12:19:42.0024 4676 fssfltr - ok
12:19:42.0144 4676 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:19:42.0164 4676 fsssvc - ok
12:19:42.0174 4676 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:19:42.0184 4676 Fs_Rec - ok
12:19:42.0204 4676 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:19:42.0224 4676 fvevol - ok
12:19:42.0244 4676 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:19:42.0254 4676 gagp30kx - ok
12:19:42.0284 4676 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:19:42.0294 4676 GEARAspiWDM - ok
12:19:42.0334 4676 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:19:42.0374 4676 gpsvc - ok
12:19:42.0424 4676 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:19:42.0434 4676 gupdate - ok
12:19:42.0444 4676 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:19:42.0444 4676 gupdatem - ok
12:19:42.0464 4676 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:19:42.0484 4676 hcw85cir - ok
12:19:42.0525 4676 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:19:42.0545 4676 HdAudAddService - ok
12:19:42.0565 4676 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:19:42.0595 4676 HDAudBus - ok
12:19:42.0615 4676 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:19:42.0635 4676 HidBatt - ok
12:19:42.0655 4676 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:19:42.0685 4676 HidBth - ok
12:19:42.0705 4676 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:19:42.0715 4676 HidIr - ok
12:19:42.0745 4676 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:19:42.0775 4676 hidserv - ok
12:19:42.0795 4676 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:19:42.0815 4676 HidUsb - ok
12:19:42.0855 4676 hitmanpro35 (461f1ca9b00f7142480c21a22efa7288) C:\Windows\system32\drivers\hitmanpro36.sys
12:19:42.0865 4676 hitmanpro35 - ok
12:19:42.0885 4676 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:19:42.0935 4676 hkmsvc - ok
12:19:42.0955 4676 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:19:42.0975 4676 HomeGroupListener - ok
12:19:43.0005 4676 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:19:43.0035 4676 HomeGroupProvider - ok
12:19:43.0055 4676 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:19:43.0065 4676 HpSAMD - ok
12:19:43.0095 4676 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:19:43.0155 4676 HTTP - ok
12:19:43.0165 4676 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:19:43.0175 4676 hwpolicy - ok
12:19:43.0185 4676 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:19:43.0205 4676 i8042prt - ok
12:19:43.0235 4676 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
12:19:43.0255 4676 iaStor - ok
12:19:43.0315 4676 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:19:43.0335 4676 iaStorV - ok
12:19:43.0415 4676 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:19:43.0435 4676 idsvc - ok
12:19:43.0625 4676 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:19:43.0855 4676 igfx - ok
12:19:43.0875 4676 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:19:43.0885 4676 iirsp - ok
12:19:43.0915 4676 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:19:43.0965 4676 IKEEXT - ok
12:19:44.0045 4676 IntcAzAudAddService (9f573c952961f444f400489e81eca381) C:\Windows\system32\drivers\RTKVHD64.sys
12:19:44.0115 4676 IntcAzAudAddService - ok
12:19:44.0165 4676 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:19:44.0195 4676 IntcDAud - ok
12:19:44.0205 4676 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:19:44.0215 4676 intelide - ok
12:19:44.0245 4676 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:19:44.0265 4676 intelppm - ok
12:19:44.0285 4676 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:19:44.0315 4676 IPBusEnum - ok
12:19:44.0335 4676 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:19:44.0375 4676 IpFilterDriver - ok
12:19:44.0375 4676 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:19:44.0395 4676 IPMIDRV - ok
12:19:44.0435 4676 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:19:44.0465 4676 IPNAT - ok
12:19:44.0576 4676 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
12:19:44.0596 4676 iPod Service - ok
12:19:44.0616 4676 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:19:44.0636 4676 IRENUM - ok
12:19:44.0646 4676 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:19:44.0656 4676 isapnp - ok
12:19:44.0676 4676 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:19:44.0686 4676 iScsiPrt - ok
12:19:44.0706 4676 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:19:44.0716 4676 kbdclass - ok
12:19:44.0746 4676 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:19:44.0776 4676 kbdhid - ok
12:19:44.0806 4676 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
12:19:44.0806 4676 kbfiltr - ok
12:19:44.0846 4676 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:44.0856 4676 KeyIso - ok
12:19:44.0866 4676 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:19:44.0876 4676 KSecDD - ok
12:19:44.0896 4676 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:19:44.0906 4676 KSecPkg - ok
12:19:44.0916 4676 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:19:44.0946 4676 ksthunk - ok
12:19:44.0986 4676 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:19:45.0046 4676 KtmRm - ok
12:19:45.0066 4676 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:19:45.0086 4676 L1C - ok
12:19:45.0116 4676 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:19:45.0156 4676 LanmanServer - ok
12:19:45.0176 4676 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:19:45.0216 4676 LanmanWorkstation - ok
12:19:45.0276 4676 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
12:19:45.0306 4676 LkCitadelServer - ok
12:19:45.0336 4676 lkClassAds (78b0a5aa493995c7409b3168e8be3e90) C:\Windows\SysWOW64\lkads.exe
12:19:45.0346 4676 lkClassAds - ok
12:19:45.0356 4676 lkTimeSync (53a2a034aa22696b05a1ec722187e811) C:\Windows\SysWOW64\lktsrv.exe
12:19:45.0366 4676 lkTimeSync - ok
12:19:45.0406 4676 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:19:45.0446 4676 lltdio - ok
12:19:45.0476 4676 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:19:45.0526 4676 lltdsvc - ok
12:19:45.0546 4676 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:19:45.0576 4676 lmhosts - ok
12:19:45.0596 4676 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:19:45.0606 4676 LSI_FC - ok
12:19:45.0626 4676 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:19:45.0636 4676 LSI_SAS - ok
12:19:45.0656 4676 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:19:45.0666 4676 LSI_SAS2 - ok
12:19:45.0676 4676 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:19:45.0686 4676 LSI_SCSI - ok
12:19:45.0696 4676 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:19:45.0736 4676 luafv - ok
12:19:45.0746 4676 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:19:45.0776 4676 Mcx2Svc - ok
12:19:45.0786 4676 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:19:45.0796 4676 megasas - ok
12:19:45.0816 4676 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:19:45.0836 4676 MegaSR - ok
12:19:45.0866 4676 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:19:45.0876 4676 MEIx64 - ok
12:19:45.0886 4676 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:19:45.0936 4676 MMCSS - ok
12:19:45.0946 4676 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:19:45.0986 4676 Modem - ok
12:19:46.0026 4676 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:19:46.0046 4676 monitor - ok
12:19:46.0076 4676 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:19:46.0086 4676 mouclass - ok
12:19:46.0106 4676 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:19:46.0126 4676 mouhid - ok
12:19:46.0136 4676 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:19:46.0146 4676 mountmgr - ok
12:19:46.0166 4676 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:19:46.0176 4676 mpio - ok
12:19:46.0186 4676 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:19:46.0216 4676 mpsdrv - ok
12:19:46.0236 4676 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:19:46.0266 4676 MRxDAV - ok
12:19:46.0296 4676 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:19:46.0326 4676 mrxsmb - ok
12:19:46.0346 4676 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:19:46.0366 4676 mrxsmb10 - ok
12:19:46.0376 4676 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:19:46.0396 4676 mrxsmb20 - ok
12:19:46.0416 4676 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:19:46.0426 4676 msahci - ok
12:19:46.0436 4676 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:19:46.0446 4676 msdsm - ok
12:19:46.0476 4676 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:19:46.0496 4676 MSDTC - ok
12:19:46.0526 4676 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:19:46.0567 4676 Msfs - ok
12:19:46.0577 4676 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:19:46.0627 4676 mshidkmdf - ok
12:19:46.0637 4676 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:19:46.0647 4676 msisadrv - ok
12:19:46.0687 4676 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:19:46.0717 4676 MSiSCSI - ok
12:19:46.0727 4676 msiserver - ok
12:19:46.0747 4676 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:19:46.0787 4676 MSKSSRV - ok
12:19:46.0787 4676 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:19:46.0817 4676 MSPCLOCK - ok
12:19:46.0837 4676 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:19:46.0877 4676 MSPQM - ok
12:19:46.0897 4676 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:19:46.0907 4676 MsRPC - ok
12:19:46.0927 4676 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:19:46.0937 4676 mssmbios - ok
12:19:46.0947 4676 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:19:46.0977 4676 MSTEE - ok
12:19:46.0987 4676 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:19:47.0007 4676 MTConfig - ok
12:19:47.0027 4676 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:19:47.0037 4676 Mup - ok
12:19:47.0127 4676 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:19:47.0137 4676 MyWiFiDHCPDNS - ok
12:19:47.0157 4676 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:19:47.0197 4676 napagent - ok
12:19:47.0227 4676 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:19:47.0257 4676 NativeWifiP - ok
12:19:47.0307 4676 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
12:19:47.0327 4676 NDIS - ok
12:19:47.0357 4676 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:19:47.0397 4676 NdisCap - ok
12:19:47.0427 4676 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:19:47.0457 4676 NdisTapi - ok
12:19:47.0477 4676 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:19:47.0517 4676 Ndisuio - ok
12:19:47.0527 4676 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:19:47.0567 4676 NdisWan - ok
12:19:47.0577 4676 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:19:47.0617 4676 NDProxy - ok
12:19:47.0637 4676 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:19:47.0677 4676 NetBIOS - ok
12:19:47.0687 4676 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:19:47.0717 4676 NetBT - ok
12:19:47.0757 4676 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:47.0767 4676 Netlogon - ok
12:19:47.0797 4676 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:19:47.0847 4676 Netman - ok
12:19:47.0867 4676 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:19:47.0907 4676 netprofm - ok
12:19:47.0967 4676 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:19:47.0977 4676 NetTcpPortSharing - ok
12:19:48.0117 4676 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
12:19:48.0267 4676 NETwNs64 - ok
12:19:48.0297 4676 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:19:48.0297 4676 nfrd960 - ok
12:19:48.0397 4676 NIDomainService (69ab64ad87fc57004dd7e28aa0270c7b) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
12:19:48.0407 4676 NIDomainService - ok
12:19:48.0437 4676 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
12:19:48.0477 4676 NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
12:19:48.0477 4676 NILM License Manager - detected UnsignedFile.Multi.Generic (1)
12:19:48.0507 4676 niSvcLoc - ok
12:19:48.0537 4676 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:19:48.0578 4676 NlaSvc - ok
12:19:48.0598 4676 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:19:48.0628 4676 Npfs - ok
12:19:48.0648 4676 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:19:48.0688 4676 nsi - ok
12:19:48.0708 4676 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:19:48.0748 4676 nsiproxy - ok
12:19:48.0798 4676 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:19:48.0848 4676 Ntfs - ok
12:19:48.0858 4676 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:19:48.0888 4676 Null - ok
12:19:49.0088 4676 nvlddmkm (07ca1d99512ee5ef99e954a13f3bffa8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:19:49.0378 4676 nvlddmkm - ok
12:19:49.0398 4676 nvpciflt (a8db9ebd9887a9820dbc1878f0301ee7) C:\Windows\system32\DRIVERS\nvpciflt.sys
12:19:49.0408 4676 nvpciflt - ok
12:19:49.0478 4676 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:19:49.0488 4676 nvraid - ok
12:19:49.0508 4676 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:19:49.0518 4676 nvstor - ok
12:19:49.0548 4676 NVSvc (9007a22a1938a9ef81ca5122121eccd8) C:\Windows\system32\nvvsvc.exe
12:19:49.0578 4676 NVSvc - ok
12:19:49.0618 4676 nvUpdatusService (00572c26c6dcf99362068fb7283b7126) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:19:49.0668 4676 nvUpdatusService - ok
12:19:49.0698 4676 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:19:49.0708 4676 nv_agp - ok
12:19:49.0728 4676 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:19:49.0748 4676 ohci1394 - ok
12:19:49.0798 4676 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:19:49.0808 4676 ose - ok
12:19:49.0928 4676 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:19:50.0038 4676 osppsvc - ok
12:19:50.0068 4676 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:19:50.0098 4676 p2pimsvc - ok
12:19:50.0128 4676 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:19:50.0158 4676 p2psvc - ok
12:19:50.0168 4676 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:19:50.0188 4676 Parport - ok
12:19:50.0198 4676 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:19:50.0208 4676 partmgr - ok
12:19:50.0228 4676 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:19:50.0258 4676 PcaSvc - ok
12:19:50.0278 4676 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:19:50.0288 4676 pci - ok
12:19:50.0308 4676 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:19:50.0318 4676 pciide - ok
12:19:50.0338 4676 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:19:50.0348 4676 pcmcia - ok
12:19:50.0358 4676 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:19:50.0368 4676 pcw - ok
12:19:50.0378 4676 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:19:50.0418 4676 PEAUTH - ok
12:19:50.0458 4676 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:19:50.0478 4676 PerfHost - ok
12:19:50.0528 4676 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:19:50.0599 4676 pla - ok
12:19:50.0669 4676 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:19:50.0699 4676 PlugPlay - ok
12:19:50.0709 4676 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:19:50.0739 4676 PNRPAutoReg - ok
12:19:50.0759 4676 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:19:50.0769 4676 PNRPsvc - ok
12:19:50.0799 4676 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:19:50.0839 4676 PolicyAgent - ok
12:19:50.0869 4676 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:19:50.0909 4676 Power - ok
12:19:50.0979 4676 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:19:51.0019 4676 PptpMiniport - ok
12:19:51.0039 4676 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:19:51.0049 4676 Processor - ok
12:19:51.0069 4676 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:19:51.0109 4676 ProfSvc - ok
12:19:51.0159 4676 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:51.0169 4676 ProtectedStorage - ok
12:19:51.0179 4676 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:19:51.0209 4676 Psched - ok
12:19:51.0249 4676 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:19:51.0259 4676 PxHlpa64 - ok
12:19:51.0299 4676 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:19:51.0339 4676 ql2300 - ok
12:19:51.0359 4676 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:19:51.0369 4676 ql40xx - ok
12:19:51.0389 4676 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:19:51.0409 4676 QWAVE - ok
12:19:51.0419 4676 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:19:51.0439 4676 QWAVEdrv - ok
12:19:51.0459 4676 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:19:51.0499 4676 RasAcd - ok
12:19:51.0519 4676 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:19:51.0559 4676 RasAgileVpn - ok
12:19:51.0579 4676 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:19:51.0620 4676 RasAuto - ok
12:19:51.0640 4676 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:19:51.0680 4676 Rasl2tp - ok
12:19:51.0710 4676 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:19:51.0740 4676 RasMan - ok
12:19:51.0750 4676 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:19:51.0780 4676 RasPppoe - ok
12:19:51.0790 4676 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:19:51.0830 4676 RasSstp - ok
12:19:51.0850 4676 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:19:51.0880 4676 rdbss - ok
12:19:51.0890 4676 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:19:51.0910 4676 rdpbus - ok
12:19:51.0920 4676 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:19:51.0960 4676 RDPCDD - ok
12:19:51.0970 4676 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:19:52.0000 4676 RDPENCDD - ok
12:19:52.0020 4676 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:19:52.0060 4676 RDPREFMP - ok
12:19:52.0110 4676 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:19:52.0130 4676 RDPWD - ok
12:19:52.0140 4676 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:19:52.0150 4676 rdyboost - ok
12:19:52.0270 4676 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:19:52.0290 4676 RegSrvc - ok
12:19:52.0330 4676 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:19:52.0370 4676 RemoteAccess - ok
12:19:52.0390 4676 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:19:52.0430 4676 RemoteRegistry - ok
12:19:52.0460 4676 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:19:52.0490 4676 RFCOMM - ok
12:19:52.0510 4676 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:19:52.0570 4676 RpcEptMapper - ok
12:19:52.0590 4676 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:19:52.0610 4676 RpcLocator - ok
12:19:52.0640 4676 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:19:52.0670 4676 RpcSs - ok
12:19:52.0700 4676 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:19:52.0730 4676 rspndr - ok
12:19:52.0760 4676 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
12:19:52.0780 4676 RSUSBVSTOR - ok
12:19:52.0790 4676 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:19:52.0810 4676 RTL8167 - ok
12:19:52.0850 4676 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:52.0860 4676 SamSs - ok
12:19:52.0870 4676 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:19:52.0880 4676 sbp2port - ok
12:19:52.0900 4676 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:19:52.0940 4676 SCardSvr - ok
12:19:52.0950 4676 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:19:52.0980 4676 scfilter - ok
12:19:53.0010 4676 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:19:53.0060 4676 Schedule - ok
12:19:53.0080 4676 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:19:53.0110 4676 SCPolicySvc - ok
12:19:53.0130 4676 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:19:53.0150 4676 SDRSVC - ok
12:19:53.0170 4676 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:19:53.0210 4676 secdrv - ok
12:19:53.0230 4676 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:19:53.0260 4676 seclogon - ok
12:19:53.0280 4676 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:19:53.0320 4676 SENS - ok
12:19:53.0340 4676 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:19:53.0370 4676 SensrSvc - ok
12:19:53.0400 4676 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:19:53.0420 4676 Serenum - ok
12:19:53.0440 4676 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:19:53.0460 4676 Serial - ok
12:19:53.0470 4676 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:19:53.0490 4676 sermouse - ok
12:19:53.0510 4676 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:19:53.0550 4676 SessionEnv - ok
12:19:53.0560 4676 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:19:53.0591 4676 sffdisk - ok
12:19:53.0601 4676 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:19:53.0621 4676 sffp_mmc - ok
12:19:53.0641 4676 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:19:53.0661 4676 sffp_sd - ok
12:19:53.0671 4676 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:19:53.0681 4676 sfloppy - ok
12:19:53.0721 4676 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:19:53.0741 4676 Sftfs - ok
12:19:53.0841 4676 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:19:53.0851 4676 sftlist - ok
12:19:53.0871 4676 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:19:53.0891 4676 Sftplay - ok
12:19:53.0901 4676 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:19:53.0911 4676 Sftredir - ok
12:19:53.0921 4676 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:19:53.0931 4676 Sftvol - ok
12:19:53.0941 4676 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:19:53.0951 4676 sftvsa - ok
12:19:53.0981 4676 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:19:54.0021 4676 SharedAccess - ok
12:19:54.0051 4676 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:19:54.0091 4676 ShellHWDetection - ok
12:19:54.0111 4676 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
12:19:54.0131 4676 SiSGbeLH - ok
12:19:54.0161 4676 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:19:54.0171 4676 SiSRaid2 - ok
12:19:54.0181 4676 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:19:54.0191 4676 SiSRaid4 - ok
12:19:54.0221 4676 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:19:54.0251 4676 Smb - ok
12:19:54.0291 4676 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:19:54.0301 4676 SNMPTRAP - ok
12:19:54.0321 4676 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:19:54.0321 4676 spldr - ok
12:19:54.0351 4676 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:19:54.0401 4676 Spooler - ok
12:19:54.0461 4676 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:19:54.0561 4676 sppsvc - ok
12:19:54.0581 4676 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:19:54.0621 4676 sppuinotify - ok
12:19:54.0651 4676 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:19:54.0671 4676 srv - ok
12:19:54.0691 4676 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:19:54.0711 4676 srv2 - ok
12:19:54.0721 4676 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:19:54.0751 4676 srvnet - ok
12:19:54.0771 4676 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:19:54.0811 4676 SSDPSRV - ok
12:19:54.0831 4676 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:19:54.0861 4676 SstpSvc - ok
12:19:54.0871 4676 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:19:54.0881 4676 stexstor - ok
12:19:54.0921 4676 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:19:54.0951 4676 stisvc - ok
12:19:54.0971 4676 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:19:54.0981 4676 swenum - ok
12:19:55.0091 4676 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:19:55.0111 4676 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:19:55.0111 4676 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:19:55.0152 4676 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:19:55.0202 4676 swprv - ok
12:19:55.0252 4676 SynTP (7e8902f9929a5d9ffd0f545332ce0f10) C:\Windows\system32\DRIVERS\SynTP.sys
12:19:55.0292 4676 SynTP - ok
12:19:55.0332 4676 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:19:55.0392 4676 SysMain - ok
12:19:55.0402 4676 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:19:55.0422 4676 TabletInputService - ok
12:19:55.0432 4676 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:19:55.0472 4676 TapiSrv - ok
12:19:55.0492 4676 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:19:55.0522 4676 TBS - ok
12:19:55.0572 4676 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:19:55.0623 4676 Tcpip - ok
12:19:55.0673 4676 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:19:55.0703 4676 TCPIP6 - ok
12:19:55.0733 4676 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:19:55.0763 4676 tcpipreg - ok
12:19:55.0793 4676 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:19:55.0803 4676 TDPIPE - ok
12:19:55.0843 4676 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:19:55.0873 4676 TDTCP - ok
12:19:55.0883 4676 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:19:55.0923 4676 tdx - ok
12:19:55.0933 4676 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:19:55.0943 4676 TermDD - ok
12:19:55.0973 4676 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:19:56.0023 4676 TermService - ok
12:19:56.0043 4676 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:19:56.0073 4676 Themes - ok
12:19:56.0093 4676 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:19:56.0123 4676 THREADORDER - ok
12:19:56.0133 4676 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:19:56.0173 4676 TrkWks - ok
12:19:56.0203 4676 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:19:56.0243 4676 TrustedInstaller - ok
12:19:56.0263 4676 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:19:56.0293 4676 tssecsrv - ok
12:19:56.0313 4676 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:19:56.0333 4676 TsUsbFlt - ok
12:19:56.0353 4676 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:19:56.0363 4676 TsUsbGD - ok
12:19:56.0383 4676 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:19:56.0423 4676 tunnel - ok
12:19:56.0463 4676 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
12:19:56.0473 4676 TurboB - ok
12:19:56.0573 4676 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
12:19:56.0583 4676 TurboBoost - ok
12:19:56.0593 4676 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:19:56.0603 4676 uagp35 - ok
12:19:56.0613 4676 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:19:56.0653 4676 udfs - ok
12:19:56.0673 4676 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:19:56.0703 4676 UI0Detect - ok
12:19:56.0713 4676 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:19:56.0723 4676 uliagpkx - ok
12:19:56.0753 4676 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:19:56.0773 4676 umbus - ok
12:19:56.0783 4676 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:19:56.0803 4676 UmPass - ok
12:19:56.0823 4676 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:19:56.0863 4676 upnphost - ok
12:19:56.0903 4676 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:19:56.0923 4676 USBAAPL64 - ok
12:19:56.0933 4676 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:19:56.0953 4676 usbccgp - ok
12:19:57.0003 4676 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:19:57.0023 4676 usbcir - ok
12:19:57.0033 4676 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:19:57.0053 4676 usbehci - ok
12:19:57.0073 4676 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:19:57.0103 4676 usbhub - ok
12:19:57.0123 4676 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:19:57.0143 4676 usbohci - ok
12:19:57.0163 4676 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:19:57.0183 4676 usbprint - ok
12:19:57.0203 4676 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:19:57.0213 4676 USBSTOR - ok
12:19:57.0223 4676 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:19:57.0243 4676 usbuhci - ok
12:19:57.0263 4676 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:19:57.0283 4676 usbvideo - ok
12:19:57.0303 4676 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:19:57.0333 4676 UxSms - ok
12:19:57.0373 4676 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:57.0383 4676 VaultSvc - ok
12:19:57.0423 4676 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
12:19:57.0433 4676 VClone - ok
12:19:57.0453 4676 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:19:57.0463 4676 vdrvroot - ok
12:19:57.0493 4676 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:19:57.0533 4676 vds - ok
12:19:57.0543 4676 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:19:57.0553 4676 vga - ok
12:19:57.0573 4676 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:19:57.0613 4676 VgaSave - ok
12:19:57.0624 4676 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:19:57.0644 4676 vhdmp - ok
12:19:57.0664 4676 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:19:57.0674 4676 viaide - ok
12:19:57.0684 4676 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:19:57.0694 4676 volmgr - ok
12:19:57.0704 4676 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:19:57.0714 4676 volmgrx - ok
12:19:57.0734 4676 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:19:57.0744 4676 volsnap - ok
12:19:57.0774 4676 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:19:57.0794 4676 vsmraid - ok
12:19:57.0834 4676 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:19:57.0904 4676 VSS - ok
12:19:57.0924 4676 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:19:57.0944 4676 vwifibus - ok
12:19:57.0964 4676 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:19:57.0984 4676 vwififlt - ok
12:19:58.0014 4676 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:19:58.0024 4676 vwifimp - ok
12:19:58.0034 4676 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:19:58.0074 4676 W32Time - ok
12:19:58.0104 4676 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:19:58.0124 4676 WacomPen - ok
12:19:58.0144 4676 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:19:58.0184 4676 WANARP - ok
12:19:58.0194 4676 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:19:58.0224 4676 Wanarpv6 - ok
12:19:58.0294 4676 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:19:58.0334 4676 WatAdminSvc - ok
12:19:58.0364 4676 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:19:58.0414 4676 wbengine - ok
12:19:58.0424 4676 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:19:58.0444 4676 WbioSrvc - ok
12:19:58.0464 4676 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:19:58.0484 4676 wcncsvc - ok
12:19:58.0504 4676 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:19:58.0524 4676 WcsPlugInService - ok
12:19:58.0534 4676 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:19:58.0544 4676 Wd - ok
12:19:58.0574 4676 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:19:58.0584 4676 Wdf01000 - ok
12:19:58.0604 4676 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:19:58.0634 4676 WdiServiceHost - ok
12:19:58.0634 4676 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:19:58.0654 4676 WdiSystemHost - ok
12:19:58.0674 4676 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:19:58.0704 4676 WebClient - ok
12:19:58.0724 4676 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:19:58.0754 4676 Wecsvc - ok
12:19:58.0774 4676 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:19:58.0804 4676 wercplsupport - ok
12:19:58.0824 4676 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:19:58.0864 4676 WerSvc - ok
12:19:58.0894 4676 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:19:58.0934 4676 WfpLwf - ok
12:19:58.0974 4676 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
12:19:58.0984 4676 WimFltr - ok
12:19:59.0004 4676 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:19:59.0014 4676 WIMMount - ok
12:19:59.0024 4676 WinHttpAutoProxySvc - ok
12:19:59.0094 4676 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:19:59.0144 4676 Winmgmt - ok
12:19:59.0204 4676 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:19:59.0284 4676 WinRM - ok
12:19:59.0334 4676 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:19:59.0354 4676 WinUsb - ok
12:19:59.0384 4676 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:19:59.0444 4676 Wlansvc - ok
12:19:59.0534 4676 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:19:59.0544 4676 wlcrasvc - ok
12:19:59.0604 4676 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:19:59.0665 4676 wlidsvc - ok
12:19:59.0715 4676 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:19:59.0735 4676 WmiAcpi - ok
12:19:59.0815 4676 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:19:59.0835 4676 wmiApSrv - ok
12:19:59.0855 4676 WMPNetworkSvc - ok
12:19:59.0875 4676 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:19:59.0885 4676 WPCSvc - ok
12:19:59.0905 4676 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:19:59.0925 4676 WPDBusEnum - ok
12:19:59.0935 4676 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:19:59.0965 4676 ws2ifsl - ok
12:19:59.0975 4676 WSearch - ok
12:20:00.0015 4676 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:20:00.0105 4676 wuauserv - ok
12:20:00.0125 4676 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:20:00.0165 4676 WudfPf - ok
12:20:00.0185 4676 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:20:00.0215 4676 WUDFRd - ok
12:20:00.0235 4676 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:20:00.0265 4676 wudfsvc - ok
12:20:00.0275 4676 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:20:00.0305 4676 WwanSvc - ok
12:20:00.0335 4676 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:20:00.0465 4676 \Device\Harddisk0\DR0 - ok
12:20:00.0465 4676 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:20:00.0945 4676 \Device\Harddisk1\DR1 - ok
12:20:00.0945 4676 Boot (0x1200) (73fbff780e563f5596c8601abab6c9cd) \Device\Harddisk0\DR0\Partition0
12:20:00.0945 4676 \Device\Harddisk0\DR0\Partition0 - ok
12:20:00.0955 4676 Boot (0x1200) (690b030d1f8c4419295c9fdd4c0cd3db) \Device\Harddisk1\DR1\Partition0
12:20:00.0955 4676 \Device\Harddisk1\DR1\Partition0 - ok
12:20:00.0955 4676 ============================================================
12:20:00.0955 4676 Scan finished
12:20:00.0955 4676 ============================================================
12:20:00.0955 2944 Detected object count: 2
12:20:00.0955 2944 Actual detected object count: 2
12:20:32.0642 2944 NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
12:20:32.0642 2944 NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:20:32.0652 2944 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:20:32.0652 2944 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:20:37.0625 5972 Deinitialize success

#5 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:53 AM

Posted 08 April 2012 - 06:55 AM

Ok, as you said TDSSKiller has come up clean, the only detections are legitimate files.

Please continue with the instructions below.

STEP 1
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
STEP 2
Please download ComboFix Posted Image from one of the locations below and save it to your Desktop. <-Important!!!
Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.



#6 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:53 AM

Posted 11 April 2012 - 09:12 AM

Are you still with us Nightkids?

If you no longer require assistance then please let me know so I can move on to helping others that are waiting.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:53 PM

Posted 13 April 2012 - 08:30 AM

Due to a lack of response... this topic is now closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Removal Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users