Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search links redirect to happili.com, gimmeanswers & managedownloads.com


  • Please log in to reply
10 replies to this topic

#1 David Lunch

David Lunch

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 05 April 2012 - 11:24 AM

Since April 2nd 2012, Google Chrome and Internet Explorer have been redirecting about every 1 in 5 search result links to a couple of unwanted sites. Most common redirects are happili.com, gimmeanswers.org, managedownloads.com and http://63.209.69.107 (which is Scour), but I remember seeing an Amazon.com pop-up too at some point.

I'm on Windows 7 Home Premium 64-bit with SP1.

I ran Microsoft Security Essentials which deleted these files:

C:\Users\Pieter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d189d59-55b3ce13	a variant of Java/TrojanDownloader.Agent.NDJ trojan	deleted - quarantined
C:\Users\Pieter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1ae524e4-47a78d0f	a variant of Java/TrojanDownloader.Agent.NDJ trojan	deleted - quarantined
C:\Users\Pieter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\139f3c7-438bb8c1	a variant of Java/TrojanDownloader.Agent.NDJ trojan	deleted - quarantined

I also checked my registry and deleted these suspicious looking entires:

[HKEY_CURRENT_USER\Software\Pudding\BMEHBvG8v] (binary not copy-pasted)
[HKEY_CURRENT_USER\Software\Sezwwcghcl]
[HKEY_CURRENT_USER\Software\Sezwwcghcl\CLSID]
@="{9f8a1b22-8809-44dd-b7e6-4b9b6993f5fd}"

I also read somewhere to check out C:\Users\Pieter\AppData\Roaming\Apple Computer\Apple Computer\, where I found and deleted wmgaaaizl.dll and afxjahc.dll.

It seems that Internet Explorer is now healthy and does not redirect anymore, but Google Chrome still has the same problem.

I'm 50% sure I updated both Flash and Java on the day I noticed the symptoms, but this could be unrelated. I checked and I do NOT have a System Restore Point from before the infection.

Please let me know what I can do to get rid of this nasty redirect trojan or whatever it is. Please also let me know if I have to run tools in Safe Mode or not.

Thanks in advance!

Edited by David Lunch, 05 April 2012 - 11:30 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:38 AM

Posted 05 April 2012 - 12:34 PM

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 David Lunch

David Lunch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 05 April 2012 - 12:57 PM

Thanks for your reply.

The tool didn't need a reboot, but found one possible threat.

13:54:33.0075 6892 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
13:54:33.0636 6892 ============================================================
13:54:33.0636 6892 Current date / time: 2012/04/05 13:54:33.0636
13:54:33.0636 6892 SystemInfo:
13:54:33.0636 6892
13:54:33.0636 6892 OS Version: 6.1.7601 ServicePack: 1.0
13:54:33.0636 6892 Product type: Workstation
13:54:33.0636 6892 ComputerName: THEBLACKLODGE
13:54:33.0636 6892 UserName: Pieter
13:54:33.0636 6892 Windows directory: C:\Windows
13:54:33.0636 6892 System windows directory: C:\Windows
13:54:33.0636 6892 Running under WOW64
13:54:33.0636 6892 Processor architecture: Intel x64
13:54:33.0636 6892 Number of processors: 8
13:54:33.0636 6892 Page size: 0x1000
13:54:33.0636 6892 Boot type: Normal boot
13:54:33.0636 6892 ============================================================
13:54:33.0853 6892 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:54:34.0357 6892 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:54:34.0818 6892 Drive \Device\Harddisk2\DR2 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:54:34.0842 6892 Drive \Device\Harddisk7\DR7 - Size: 0x77900000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:54:37.0981 6892 Drive \Device\Harddisk8\DR8 - Size: 0xE8DDBB5C00 (931.46 Gb), SectorSize: 0x200, Cylinders: 0x1DAFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:54:48.0017 6892 Drive \Device\Harddisk9\DR9 - Size: 0x1D197300000 (1862.36 Gb), SectorSize: 0x200, Cylinders: 0x3B5AB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:54:48.0018 6892 \Device\Harddisk0\DR0:
13:54:48.0018 6892 MBR used
13:54:48.0018 6892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:54:48.0018 6892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
13:54:48.0018 6892 \Device\Harddisk1\DR1:
13:54:48.0039 6892 MBR used
13:54:48.0039 6892 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
13:54:48.0039 6892 \Device\Harddisk2\DR2:
13:54:48.0039 6892 MBR used
13:54:48.0039 6892 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41
13:54:48.0039 6892 \Device\Harddisk7\DR7:
13:54:48.0040 6892 MBR used
13:54:48.0040 6892 \Device\Harddisk7\DR7\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BC7E0
13:54:48.0040 6892 \Device\Harddisk8\DR8:
13:54:48.0040 6892 MBR used
13:54:48.0040 6892 \Device\Harddisk8\DR8\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x746EA23B
13:54:48.0040 6892 \Device\Harddisk9\DR9:
13:54:48.0041 6892 MBR used
13:54:48.0041 6892 \Device\Harddisk9\DR9\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8CB9000
13:54:48.0365 6892 Initialize success
13:54:48.0365 6892 ============================================================
13:55:04.0442 9368 ============================================================
13:55:04.0442 9368 Scan started
13:55:04.0442 9368 Mode: Manual; TDLFS;
13:55:04.0442 9368 ============================================================
13:55:18.0387 9368 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:55:18.0389 9368 1394ohci - ok
13:55:18.0400 9368 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:55:18.0402 9368 ACPI - ok
13:55:18.0411 9368 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:55:18.0412 9368 AcpiPmi - ok
13:55:18.0420 9368 AdobeFlashPlayerUpdateSvc - ok
13:55:18.0433 9368 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:55:18.0436 9368 adp94xx - ok
13:55:18.0449 9368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:55:18.0451 9368 adpahci - ok
13:55:18.0462 9368 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:55:18.0463 9368 adpu320 - ok
13:55:18.0471 9368 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:55:18.0472 9368 AeLookupSvc - ok
13:55:18.0485 9368 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:55:18.0489 9368 AFD - ok
13:55:18.0499 9368 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:55:18.0500 9368 agp440 - ok
13:55:18.0508 9368 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:55:18.0509 9368 ALG - ok
13:55:18.0519 9368 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:55:18.0520 9368 aliide - ok
13:55:18.0529 9368 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:55:18.0530 9368 amdide - ok
13:55:18.0540 9368 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:55:18.0541 9368 AmdK8 - ok
13:55:18.0550 9368 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:55:18.0551 9368 AmdPPM - ok
13:55:18.0561 9368 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:55:18.0562 9368 amdsata - ok
13:55:18.0573 9368 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:55:18.0575 9368 amdsbs - ok
13:55:18.0584 9368 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:55:18.0585 9368 amdxata - ok
13:55:18.0595 9368 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:55:18.0596 9368 AppID - ok
13:55:18.0605 9368 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:55:18.0605 9368 AppIDSvc - ok
13:55:18.0614 9368 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:55:18.0614 9368 Appinfo - ok
13:55:18.0620 9368 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:55:18.0621 9368 Apple Mobile Device - ok
13:55:18.0633 9368 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:55:18.0633 9368 arc - ok
13:55:18.0643 9368 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:55:18.0644 9368 arcsas - ok
13:55:18.0654 9368 asmthub3 (22842362df890f5492f85aa60916a697) C:\Windows\system32\DRIVERS\asmthub3.sys
13:55:18.0655 9368 asmthub3 - ok
13:55:18.0669 9368 asmtxhci (08e2d77766cc05e75a0707207d9fc684) C:\Windows\system32\DRIVERS\asmtxhci.sys
13:55:18.0672 9368 asmtxhci - ok
13:55:18.0680 9368 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:55:18.0680 9368 aspnet_state - ok
13:55:18.0691 9368 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:55:18.0692 9368 AsyncMac - ok
13:55:18.0701 9368 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:55:18.0701 9368 atapi - ok
13:55:18.0714 9368 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:55:18.0718 9368 AudioEndpointBuilder - ok
13:55:18.0725 9368 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:55:18.0727 9368 AudioSrv - ok
13:55:18.0736 9368 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:55:18.0737 9368 AxInstSV - ok
13:55:18.0750 9368 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:55:18.0753 9368 b06bdrv - ok
13:55:18.0766 9368 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:55:18.0768 9368 b57nd60a - ok
13:55:18.0777 9368 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:55:18.0778 9368 BDESVC - ok
13:55:18.0788 9368 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:55:18.0788 9368 Beep - ok
13:55:18.0800 9368 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:55:18.0804 9368 BFE - ok
13:55:18.0817 9368 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:55:18.0822 9368 BITS - ok
13:55:18.0831 9368 BlackBox - ok
13:55:18.0842 9368 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:55:18.0842 9368 blbdrive - ok
13:55:18.0848 9368 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:55:18.0851 9368 Bonjour Service - ok
13:55:18.0862 9368 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:55:18.0862 9368 bowser - ok
13:55:18.0873 9368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:55:18.0873 9368 BrFiltLo - ok
13:55:18.0882 9368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:55:18.0883 9368 BrFiltUp - ok
13:55:18.0893 9368 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:55:18.0894 9368 BridgeMP - ok
13:55:18.0902 9368 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:55:18.0903 9368 Browser - ok
13:55:18.0914 9368 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:55:18.0916 9368 Brserid - ok
13:55:18.0925 9368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:55:18.0926 9368 BrSerWdm - ok
13:55:18.0937 9368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:55:18.0938 9368 BrUsbMdm - ok
13:55:18.0948 9368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:55:18.0948 9368 BrUsbSer - ok
13:55:18.0958 9368 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:55:18.0959 9368 BTHMODEM - ok
13:55:18.0969 9368 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:55:18.0970 9368 bthserv - ok
13:55:18.0979 9368 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:55:18.0981 9368 cdfs - ok
13:55:18.0991 9368 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:55:18.0992 9368 cdrom - ok
13:55:19.0001 9368 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:55:19.0001 9368 CertPropSvc - ok
13:55:19.0015 9368 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:55:19.0016 9368 circlass - ok
13:55:19.0026 9368 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:55:19.0028 9368 CLFS - ok
13:55:19.0033 9368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:55:19.0034 9368 clr_optimization_v2.0.50727_32 - ok
13:55:19.0039 9368 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:55:19.0040 9368 clr_optimization_v2.0.50727_64 - ok
13:55:19.0047 9368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:55:19.0048 9368 clr_optimization_v4.0.30319_32 - ok
13:55:19.0054 9368 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:55:19.0056 9368 clr_optimization_v4.0.30319_64 - ok
13:55:19.0066 9368 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:55:19.0066 9368 CmBatt - ok
13:55:19.0075 9368 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:55:19.0076 9368 cmdide - ok
13:55:19.0088 9368 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:55:19.0090 9368 CNG - ok
13:55:19.0099 9368 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:55:19.0100 9368 Compbatt - ok
13:55:19.0109 9368 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:55:19.0110 9368 CompositeBus - ok
13:55:19.0117 9368 COMSysApp - ok
13:55:19.0122 9368 CrashPlanService (e2cec73b4d221b9ffe906748d1f5fc54) C:\Program Files\CrashPlan\CrashPlanService.exe
13:55:19.0197 9368 CrashPlanService - ok
13:55:19.0206 9368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:55:19.0207 9368 crcdisk - ok
13:55:19.0216 9368 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:55:19.0217 9368 CryptSvc - ok
13:55:19.0229 9368 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:55:19.0232 9368 DcomLaunch - ok
13:55:19.0242 9368 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:55:19.0244 9368 defragsvc - ok
13:55:19.0254 9368 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:55:19.0255 9368 DfsC - ok
13:55:19.0265 9368 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:55:19.0267 9368 Dhcp - ok
13:55:19.0276 9368 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:55:19.0277 9368 discache - ok
13:55:19.0287 9368 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:55:19.0288 9368 Disk - ok
13:55:19.0297 9368 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:55:19.0298 9368 Dnscache - ok
13:55:19.0303 9368 DokanCEMounter (9cc0e983974b6e593af16aadf8f3dc70) C:\Program Files (x86)\Pogoplug\dokanmnt.exe
13:55:19.0322 9368 DokanCEMounter - ok
13:55:19.0332 9368 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:55:19.0334 9368 dot3svc - ok
13:55:19.0343 9368 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:55:19.0344 9368 DPS - ok
13:55:19.0353 9368 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:55:19.0354 9368 drmkaud - ok
13:55:19.0370 9368 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:55:19.0376 9368 DXGKrnl - ok
13:55:19.0384 9368 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:55:19.0385 9368 EapHost - ok
13:55:19.0413 9368 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:55:19.0431 9368 ebdrv - ok
13:55:19.0434 9368 ECSIoDriver_1_1_0_0 - ok
13:55:19.0442 9368 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:55:19.0443 9368 EFS - ok
13:55:19.0450 9368 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:55:19.0454 9368 ehRecvr - ok
13:55:19.0459 9368 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:55:19.0460 9368 ehSched - ok
13:55:19.0473 9368 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:55:19.0476 9368 elxstor - ok
13:55:19.0487 9368 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:55:19.0487 9368 ErrDev - ok
13:55:19.0499 9368 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:55:19.0501 9368 EventSystem - ok
13:55:19.0512 9368 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:55:19.0513 9368 exfat - ok
13:55:19.0524 9368 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:55:19.0525 9368 fastfat - ok
13:55:19.0537 9368 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:55:19.0541 9368 Fax - ok
13:55:19.0551 9368 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:55:19.0552 9368 fdc - ok
13:55:19.0560 9368 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:55:19.0561 9368 fdPHost - ok
13:55:19.0568 9368 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:55:19.0569 9368 FDResPub - ok
13:55:19.0579 9368 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:55:19.0580 9368 FileInfo - ok
13:55:19.0589 9368 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:55:19.0590 9368 Filetrace - ok
13:55:19.0599 9368 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:55:19.0600 9368 flpydisk - ok
13:55:19.0611 9368 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:55:19.0613 9368 FltMgr - ok
13:55:19.0627 9368 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:55:19.0634 9368 FontCache - ok
13:55:19.0638 9368 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:55:19.0639 9368 FontCache3.0.0.0 - ok
13:55:19.0649 9368 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:55:19.0650 9368 FsDepends - ok
13:55:19.0659 9368 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:55:19.0660 9368 Fs_Rec - ok
13:55:19.0671 9368 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:55:19.0673 9368 fvevol - ok
13:55:19.0682 9368 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:55:19.0683 9368 gagp30kx - ok
13:55:19.0693 9368 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:55:19.0694 9368 GEARAspiWDM - ok
13:55:19.0700 9368 GladFileMonSvc (16bf404646e3fc957f80ad41e262473e) C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
13:55:19.0711 9368 GladFileMonSvc - ok
13:55:19.0724 9368 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:55:19.0729 9368 gpsvc - ok
13:55:19.0740 9368 HBAdmin (2ff58eed4bb8f2d72b8dcfbe3628cf18) C:\Program Files (x86)\Pogoplug\HBPLUG\HBADMIN.exe
13:55:19.0766 9368 HBAdmin - ok
13:55:19.0777 9368 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:55:19.0777 9368 hcw85cir - ok
13:55:19.0790 9368 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:55:19.0793 9368 HdAudAddService - ok
13:55:19.0803 9368 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:55:19.0804 9368 HDAudBus - ok
13:55:19.0813 9368 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:55:19.0814 9368 HidBatt - ok
13:55:19.0823 9368 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:55:19.0824 9368 HidBth - ok
13:55:19.0834 9368 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:55:19.0835 9368 HidIr - ok
13:55:19.0842 9368 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:55:19.0843 9368 hidserv - ok
13:55:19.0853 9368 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:55:19.0858 9368 HidUsb - ok
13:55:19.0866 9368 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:55:19.0867 9368 hkmsvc - ok
13:55:19.0877 9368 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:55:19.0879 9368 HomeGroupListener - ok
13:55:19.0887 9368 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:55:19.0889 9368 HomeGroupProvider - ok
13:55:19.0899 9368 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:55:19.0900 9368 HpSAMD - ok
13:55:19.0914 9368 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:55:19.0918 9368 HTTP - ok
13:55:19.0928 9368 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:55:19.0929 9368 hwpolicy - ok
13:55:19.0940 9368 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:55:19.0941 9368 i8042prt - ok
13:55:19.0952 9368 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:55:19.0955 9368 iaStorV - ok
13:55:19.0965 9368 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:55:19.0970 9368 idsvc - ok
13:55:19.0980 9368 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:55:19.0981 9368 iirsp - ok
13:55:20.0011 9368 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:55:20.0017 9368 IKEEXT - ok
13:55:20.0031 9368 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:55:20.0031 9368 intelide - ok
13:55:20.0041 9368 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:55:20.0042 9368 intelppm - ok
13:55:20.0049 9368 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:55:20.0051 9368 IPBusEnum - ok
13:55:20.0060 9368 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:55:20.0061 9368 IpFilterDriver - ok
13:55:20.0072 9368 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:55:20.0075 9368 iphlpsvc - ok
13:55:20.0085 9368 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:55:20.0086 9368 IPMIDRV - ok
13:55:20.0096 9368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:55:20.0097 9368 IPNAT - ok
13:55:20.0106 9368 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
13:55:20.0112 9368 iPod Service - ok
13:55:20.0121 9368 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:55:20.0122 9368 IRENUM - ok
13:55:20.0131 9368 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:55:20.0132 9368 isapnp - ok
13:55:20.0143 9368 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:55:20.0145 9368 iScsiPrt - ok
13:55:20.0155 9368 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:55:20.0156 9368 kbdclass - ok
13:55:20.0166 9368 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:55:20.0166 9368 kbdhid - ok
13:55:20.0174 9368 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:55:20.0175 9368 KeyIso - ok
13:55:20.0186 9368 ks2avs (89f835783ba34cc6fe59dd720e4c4361) C:\Windows\system32\Drivers\ks2avs.sys
13:55:20.0189 9368 ks2avs - ok
13:55:20.0199 9368 ks2usb_svc (49b97e4180512c1b6c0e09d7233f0307) C:\Windows\system32\Drivers\ks2usb.sys
13:55:20.0200 9368 ks2usb_svc - ok
13:55:20.0211 9368 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:55:20.0212 9368 KSecDD - ok
13:55:20.0238 9368 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:55:20.0239 9368 KSecPkg - ok
13:55:20.0249 9368 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:55:20.0250 9368 ksthunk - ok
13:55:20.0259 9368 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:55:20.0262 9368 KtmRm - ok
13:55:20.0271 9368 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:55:20.0273 9368 LanmanServer - ok
13:55:20.0282 9368 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:55:20.0284 9368 LanmanWorkstation - ok
13:55:20.0294 9368 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:55:20.0295 9368 lltdio - ok
13:55:20.0304 9368 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:55:20.0306 9368 lltdsvc - ok
13:55:20.0314 9368 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:55:20.0315 9368 lmhosts - ok
13:55:20.0325 9368 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:55:20.0326 9368 LSI_FC - ok
13:55:20.0336 9368 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:55:20.0338 9368 LSI_SAS - ok
13:55:20.0348 9368 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:55:20.0349 9368 LSI_SAS2 - ok
13:55:20.0359 9368 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:55:20.0360 9368 LSI_SCSI - ok
13:55:20.0370 9368 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:55:20.0371 9368 luafv - ok
13:55:20.0389 9368 lvpopf64 (ce6e5146039d248feb991fbc9e2b6a7b) C:\Windows\system32\DRIVERS\lvpopf64.sys
13:55:20.0397 9368 lvpopf64 - ok
13:55:20.0407 9368 LVUSBS64 (6d5ea90f86f9b28cd44af6ba9be03bf9) C:\Windows\system32\drivers\LVUSBS64.sys
13:55:20.0408 9368 LVUSBS64 - ok
13:55:20.0439 9368 LVUVC64 (eb12688842ede30c843a123fa6855858) C:\Windows\system32\DRIVERS\lvuvc64.sys
13:55:20.0459 9368 LVUVC64 - ok
13:55:20.0467 9368 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:55:20.0469 9368 Mcx2Svc - ok
13:55:20.0480 9368 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:55:20.0481 9368 megasas - ok
13:55:20.0492 9368 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:55:20.0494 9368 MegaSR - ok
13:55:20.0504 9368 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:55:20.0505 9368 MEIx64 - ok
13:55:20.0515 9368 MHIKEY10 (ba7e071e855d4c502916164a31b05d4d) C:\Windows\system32\Drivers\MHIKEY10x64.sys
13:55:20.0515 9368 MHIKEY10 - ok
13:55:20.0524 9368 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:55:20.0525 9368 MMCSS - ok
13:55:20.0534 9368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:55:20.0535 9368 Modem - ok
13:55:20.0545 9368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:55:20.0546 9368 monitor - ok
13:55:20.0556 9368 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:55:20.0557 9368 mouclass - ok
13:55:20.0567 9368 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:55:20.0574 9368 mouhid - ok
13:55:20.0585 9368 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:55:20.0586 9368 mountmgr - ok
13:55:20.0598 9368 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
13:55:20.0599 9368 MpFilter - ok
13:55:20.0610 9368 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:55:20.0611 9368 mpio - ok
13:55:20.0621 9368 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:55:20.0622 9368 MpNWMon - ok
13:55:20.0632 9368 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:55:20.0633 9368 mpsdrv - ok
13:55:20.0647 9368 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:55:20.0652 9368 MpsSvc - ok
13:55:20.0665 9368 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:55:20.0667 9368 MRxDAV - ok
13:55:20.0678 9368 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:55:20.0680 9368 mrxsmb - ok
13:55:20.0692 9368 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:55:20.0693 9368 mrxsmb10 - ok
13:55:20.0704 9368 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:55:20.0705 9368 mrxsmb20 - ok
13:55:20.0715 9368 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:55:20.0716 9368 msahci - ok
13:55:20.0726 9368 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:55:20.0727 9368 msdsm - ok
13:55:20.0736 9368 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:55:20.0738 9368 MSDTC - ok
13:55:20.0750 9368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:55:20.0750 9368 Msfs - ok
13:55:20.0760 9368 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:55:20.0761 9368 mshidkmdf - ok
13:55:20.0771 9368 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:55:20.0771 9368 msisadrv - ok
13:55:20.0781 9368 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:55:20.0782 9368 MSiSCSI - ok
13:55:20.0789 9368 msiserver - ok
13:55:20.0800 9368 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:55:20.0800 9368 MSKSSRV - ok
13:55:20.0804 9368 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
13:55:20.0805 9368 MsMpSvc - ok
13:55:20.0815 9368 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:55:20.0815 9368 MSPCLOCK - ok
13:55:20.0825 9368 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:55:20.0826 9368 MSPQM - ok
13:55:20.0838 9368 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:55:20.0840 9368 MsRPC - ok
13:55:20.0851 9368 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:55:20.0851 9368 mssmbios - ok
13:55:20.0861 9368 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:55:20.0861 9368 MSTEE - ok
13:55:20.0871 9368 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:55:20.0871 9368 MTConfig - ok
13:55:20.0882 9368 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:55:20.0883 9368 Mup - ok
13:55:20.0894 9368 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:55:20.0898 9368 napagent - ok
13:55:20.0911 9368 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:55:20.0913 9368 NativeWifiP - ok
13:55:20.0930 9368 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:55:20.0935 9368 NDIS - ok
13:55:20.0947 9368 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:55:20.0948 9368 NdisCap - ok
13:55:20.0958 9368 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:55:20.0958 9368 NdisTapi - ok
13:55:20.0967 9368 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:55:20.0968 9368 Ndisuio - ok
13:55:20.0979 9368 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:55:20.0980 9368 NdisWan - ok
13:55:20.0989 9368 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:55:20.0990 9368 NDProxy - ok
13:55:21.0000 9368 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:55:21.0001 9368 NetBIOS - ok
13:55:21.0012 9368 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:55:21.0014 9368 NetBT - ok
13:55:21.0022 9368 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:55:21.0022 9368 Netlogon - ok
13:55:21.0032 9368 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:55:21.0035 9368 Netman - ok
13:55:21.0041 9368 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:55:21.0043 9368 NetMsmqActivator - ok
13:55:21.0045 9368 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:55:21.0045 9368 NetPipeActivator - ok
13:55:21.0057 9368 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:55:21.0060 9368 netprofm - ok
13:55:21.0067 9368 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:55:21.0067 9368 NetTcpActivator - ok
13:55:21.0070 9368 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:55:21.0071 9368 NetTcpPortSharing - ok
13:55:21.0081 9368 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:55:21.0082 9368 nfrd960 - ok
13:55:21.0093 9368 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:55:21.0094 9368 NisDrv - ok
13:55:21.0098 9368 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
13:55:21.0100 9368 NisSrv - ok
13:55:21.0111 9368 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:55:21.0113 9368 NlaSvc - ok
13:55:21.0123 9368 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
13:55:21.0129 9368 NPF - ok
13:55:21.0138 9368 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:55:21.0139 9368 Npfs - ok
13:55:21.0148 9368 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:55:21.0149 9368 nsi - ok
13:55:21.0159 9368 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:55:21.0159 9368 nsiproxy - ok
13:55:21.0183 9368 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:55:21.0192 9368 Ntfs - ok
13:55:21.0202 9368 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:55:21.0203 9368 Null - ok
13:55:21.0214 9368 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
13:55:21.0215 9368 NVHDA - ok
13:55:21.0317 9368 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:55:21.0388 9368 nvlddmkm - ok
13:55:21.0401 9368 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:55:21.0403 9368 nvraid - ok
13:55:21.0413 9368 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:55:21.0415 9368 nvstor - ok
13:55:21.0431 9368 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
13:55:21.0441 9368 nvsvc - ok
13:55:21.0457 9368 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:55:21.0469 9368 nvUpdatusService - ok
13:55:21.0480 9368 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:55:21.0482 9368 nv_agp - ok
13:55:21.0492 9368 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:55:21.0493 9368 ohci1394 - ok
13:55:21.0504 9368 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:55:21.0506 9368 p2pimsvc - ok
13:55:21.0517 9368 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:55:21.0520 9368 p2psvc - ok
13:55:21.0532 9368 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:55:21.0533 9368 Parport - ok
13:55:21.0545 9368 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:55:21.0546 9368 partmgr - ok
13:55:21.0555 9368 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:55:21.0557 9368 PcaSvc - ok
13:55:21.0568 9368 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:55:21.0570 9368 pci - ok
13:55:21.0579 9368 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:55:21.0580 9368 pciide - ok
13:55:21.0591 9368 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:55:21.0593 9368 pcmcia - ok
13:55:21.0602 9368 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:55:21.0603 9368 pcw - ok
13:55:21.0618 9368 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:55:21.0622 9368 PEAUTH - ok
13:55:21.0631 9368 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:55:21.0631 9368 PerfHost - ok
13:55:21.0652 9368 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:55:21.0660 9368 pla - ok
13:55:21.0673 9368 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:55:21.0676 9368 PlugPlay - ok
13:55:21.0684 9368 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:55:21.0685 9368 PNRPAutoReg - ok
13:55:21.0695 9368 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:55:21.0696 9368 PNRPsvc - ok
13:55:21.0706 9368 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
13:55:21.0707 9368 Point64 - ok
13:55:21.0718 9368 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:55:21.0721 9368 PolicyAgent - ok
13:55:21.0731 9368 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:55:21.0733 9368 Power - ok
13:55:21.0744 9368 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:55:21.0745 9368 PptpMiniport - ok
13:55:21.0755 9368 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:55:21.0756 9368 Processor - ok
13:55:21.0765 9368 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:55:21.0767 9368 ProfSvc - ok
13:55:21.0775 9368 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:55:21.0776 9368 ProtectedStorage - ok
13:55:21.0786 9368 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:55:21.0787 9368 Psched - ok
13:55:21.0798 9368 PTSimBus (225d3660f926fe761bc8ce10c512aa02) C:\Windows\system32\DRIVERS\PTSimBus.sys
13:55:21.0798 9368 PTSimBus - ok
13:55:21.0808 9368 PTSimHid (bd2194786abaf4860f41118c0c103e7b) C:\Windows\system32\DRIVERS\PTSimHid.sys
13:55:21.0809 9368 PTSimHid - ok
13:55:21.0820 9368 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:55:21.0821 9368 PxHlpa64 - ok
13:55:21.0839 9368 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:55:21.0848 9368 ql2300 - ok
13:55:21.0860 9368 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:55:21.0861 9368 ql40xx - ok
13:55:21.0871 9368 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:55:21.0873 9368 QWAVE - ok
13:55:21.0884 9368 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:55:21.0884 9368 QWAVEdrv - ok
13:55:21.0895 9368 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:55:21.0896 9368 RasAcd - ok
13:55:21.0908 9368 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:55:21.0909 9368 RasAgileVpn - ok
13:55:21.0918 9368 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:55:21.0919 9368 RasAuto - ok
13:55:21.0929 9368 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:55:21.0931 9368 Rasl2tp - ok
13:55:21.0941 9368 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:55:21.0944 9368 RasMan - ok
13:55:21.0954 9368 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:55:21.0955 9368 RasPppoe - ok
13:55:21.0965 9368 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:55:21.0966 9368 RasSstp - ok
13:55:21.0978 9368 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:55:21.0980 9368 rdbss - ok
13:55:21.0990 9368 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:55:21.0991 9368 rdpbus - ok
13:55:22.0001 9368 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:55:22.0002 9368 RDPCDD - ok
13:55:22.0012 9368 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:55:22.0013 9368 RDPENCDD - ok
13:55:22.0023 9368 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:55:22.0023 9368 RDPREFMP - ok
13:55:22.0034 9368 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:55:22.0036 9368 RDPWD - ok
13:55:22.0047 9368 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:55:22.0048 9368 rdyboost - ok
13:55:22.0057 9368 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:55:22.0058 9368 RemoteAccess - ok
13:55:22.0067 9368 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:55:22.0069 9368 RemoteRegistry - ok
13:55:22.0073 9368 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
13:55:22.0094 9368 rpcapd - ok
13:55:22.0102 9368 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:55:22.0104 9368 RpcEptMapper - ok
13:55:22.0112 9368 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:55:22.0113 9368 RpcLocator - ok
13:55:22.0123 9368 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:55:22.0125 9368 RpcSs - ok
13:55:22.0137 9368 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:55:22.0138 9368 rspndr - ok
13:55:22.0155 9368 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:55:22.0158 9368 RTL8167 - ok
13:55:22.0173 9368 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
13:55:22.0178 9368 RTL8192su - ok
13:55:22.0187 9368 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:55:22.0187 9368 SamSs - ok
13:55:22.0197 9368 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:55:22.0198 9368 sbp2port - ok
13:55:22.0207 9368 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:55:22.0209 9368 SCardSvr - ok
13:55:22.0220 9368 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:55:22.0220 9368 scfilter - ok
13:55:22.0234 9368 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:55:22.0241 9368 Schedule - ok
13:55:22.0249 9368 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:55:22.0250 9368 SCPolicySvc - ok
13:55:22.0259 9368 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:55:22.0261 9368 SDRSVC - ok
13:55:22.0264 9368 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
13:55:22.0265 9368 SeagateDashboardService - ok
13:55:22.0275 9368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:55:22.0275 9368 secdrv - ok
13:55:22.0283 9368 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:55:22.0284 9368 seclogon - ok
13:55:22.0292 9368 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:55:22.0294 9368 SENS - ok
13:55:22.0302 9368 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:55:22.0303 9368 SensrSvc - ok
13:55:22.0317 9368 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:55:22.0318 9368 Serenum - ok
13:55:22.0329 9368 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:55:22.0330 9368 Serial - ok
13:55:22.0340 9368 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:55:22.0340 9368 sermouse - ok
13:55:22.0351 9368 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:55:22.0352 9368 SessionEnv - ok
13:55:22.0362 9368 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:55:22.0363 9368 sffdisk - ok
13:55:22.0372 9368 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:55:22.0373 9368 sffp_mmc - ok
13:55:22.0382 9368 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:55:22.0383 9368 sffp_sd - ok
13:55:22.0393 9368 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:55:22.0394 9368 sfloppy - ok
13:55:22.0405 9368 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:55:22.0408 9368 SharedAccess - ok
13:55:22.0418 9368 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:55:22.0421 9368 ShellHWDetection - ok
13:55:22.0431 9368 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:55:22.0432 9368 SiSRaid2 - ok
13:55:22.0441 9368 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:55:22.0442 9368 SiSRaid4 - ok
13:55:22.0447 9368 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:55:22.0448 9368 SkypeUpdate - ok
13:55:22.0458 9368 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:55:22.0459 9368 Smb - ok
13:55:22.0468 9368 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:55:22.0469 9368 SNMPTRAP - ok
13:55:22.0477 9368 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
13:55:22.0482 9368 speedfan - ok
13:55:22.0492 9368 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:55:22.0492 9368 spldr - ok
13:55:22.0504 9368 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:55:22.0508 9368 Spooler - ok
13:55:22.0542 9368 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:55:22.0562 9368 sppsvc - ok
13:55:22.0571 9368 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:55:22.0572 9368 sppuinotify - ok
13:55:22.0585 9368 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:55:22.0588 9368 srv - ok
13:55:22.0600 9368 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:55:22.0602 9368 srv2 - ok
13:55:22.0613 9368 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:55:22.0614 9368 srvnet - ok
13:55:22.0623 9368 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:55:22.0625 9368 SSDPSRV - ok
13:55:22.0633 9368 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:55:22.0635 9368 SstpSvc - ok
13:55:22.0641 9368 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:55:22.0643 9368 Stereo Service - ok
13:55:22.0653 9368 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:55:22.0653 9368 stexstor - ok
13:55:22.0665 9368 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:55:22.0669 9368 stisvc - ok
13:55:22.0679 9368 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:55:22.0679 9368 swenum - ok
13:55:22.0683 9368 SwitchBoard - ok
13:55:22.0695 9368 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:55:22.0699 9368 swprv - ok
13:55:22.0718 9368 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:55:22.0728 9368 SysMain - ok
13:55:22.0741 9368 Tablet2k - ok
13:55:22.0749 9368 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:55:22.0751 9368 TabletInputService - ok
13:55:22.0760 9368 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:55:22.0763 9368 TapiSrv - ok
13:55:22.0771 9368 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:55:22.0772 9368 TBS - ok
13:55:22.0781 9368 TClass2k (530a7f0966493dd437e4342f12ccd63b) C:\Windows\system32\DRIVERS\TClass2k.sys
13:55:22.0782 9368 TClass2k - ok
13:55:22.0803 9368 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:55:22.0814 9368 Tcpip - ok
13:55:22.0836 9368 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:55:22.0842 9368 TCPIP6 - ok
13:55:22.0853 9368 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:55:22.0854 9368 tcpipreg - ok
13:55:22.0864 9368 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:55:22.0865 9368 TDPIPE - ok
13:55:22.0874 9368 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:55:22.0875 9368 TDTCP - ok
13:55:22.0886 9368 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:55:22.0887 9368 tdx - ok
13:55:22.0908 9368 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
13:55:22.0915 9368 TeamViewer6 - ok
13:55:22.0941 9368 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
13:55:22.0950 9368 TeamViewer7 - ok
13:55:22.0961 9368 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:55:22.0962 9368 TermDD - ok
13:55:22.0974 9368 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:55:22.0979 9368 TermService - ok
13:55:22.0987 9368 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:55:22.0988 9368 Themes - ok
13:55:22.0996 9368 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:55:22.0997 9368 THREADORDER - ok
13:55:23.0005 9368 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:55:23.0007 9368 TrkWks - ok
13:55:23.0011 9368 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:55:23.0012 9368 TrustedInstaller - ok
13:55:23.0022 9368 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:55:23.0023 9368 tssecsrv - ok
13:55:23.0033 9368 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:55:23.0034 9368 TsUsbFlt - ok
13:55:23.0045 9368 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:55:23.0045 9368 TsUsbGD - ok
13:55:23.0056 9368 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:55:23.0057 9368 tunnel - ok
13:55:23.0066 9368 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:55:23.0067 9368 uagp35 - ok
13:55:23.0077 9368 UCTblHid (01662b4865fdb282677b11cf416757ce) C:\Windows\system32\DRIVERS\UCTblHid.sys
13:55:23.0078 9368 UCTblHid - ok
13:55:23.0089 9368 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:55:23.0091 9368 udfs - ok
13:55:23.0101 9368 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:55:23.0103 9368 UI0Detect - ok
13:55:23.0113 9368 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:55:23.0114 9368 uliagpkx - ok
13:55:23.0124 9368 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:55:23.0124 9368 umbus - ok
13:55:23.0134 9368 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:55:23.0134 9368 UmPass - ok
13:55:23.0145 9368 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:55:23.0148 9368 upnphost - ok
13:55:23.0158 9368 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:55:23.0159 9368 USBAAPL64 - ok
13:55:23.0170 9368 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:55:23.0171 9368 usbaudio - ok
13:55:23.0191 9368 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:55:23.0192 9368 usbccgp - ok
13:55:23.0202 9368 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:55:23.0203 9368 usbcir - ok
13:55:23.0214 9368 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:55:23.0214 9368 usbehci - ok
13:55:23.0226 9368 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:55:23.0229 9368 usbhub - ok
13:55:23.0238 9368 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:55:23.0239 9368 usbohci - ok
13:55:23.0249 9368 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:55:23.0250 9368 usbprint - ok
13:55:23.0261 9368 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:55:23.0263 9368 usbscan - ok
13:55:23.0276 9368 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:55:23.0282 9368 USBSTOR - ok
13:55:23.0297 9368 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:55:23.0298 9368 usbuhci - ok
13:55:23.0306 9368 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:55:23.0307 9368 UxSms - ok
13:55:23.0315 9368 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:55:23.0316 9368 VaultSvc - ok
13:55:23.0326 9368 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:55:23.0326 9368 vdrvroot - ok
13:55:23.0338 9368 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:55:23.0342 9368 vds - ok
13:55:23.0352 9368 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:55:23.0353 9368 vga - ok
13:55:23.0363 9368 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:55:23.0363 9368 VgaSave - ok
13:55:23.0375 9368 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:55:23.0377 9368 vhdmp - ok
13:55:23.0389 9368 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:55:23.0389 9368 viaide - ok
13:55:23.0400 9368 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:55:23.0401 9368 volmgr - ok
13:55:23.0413 9368 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:55:23.0415 9368 volmgrx - ok
13:55:23.0427 9368 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:55:23.0429 9368 volsnap - ok
13:55:23.0441 9368 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:55:23.0442 9368 vsmraid - ok
13:55:23.0459 9368 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:55:23.0469 9368 VSS - ok
13:55:23.0481 9368 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:55:23.0481 9368 vwifibus - ok
13:55:23.0492 9368 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:55:23.0493 9368 vwififlt - ok
13:55:23.0503 9368 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:55:23.0507 9368 W32Time - ok
13:55:23.0518 9368 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:55:23.0519 9368 WacomPen - ok
13:55:23.0529 9368 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:55:23.0530 9368 WANARP - ok
13:55:23.0532 9368 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:55:23.0533 9368 Wanarpv6 - ok
13:55:23.0550 9368 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:55:23.0557 9368 WatAdminSvc - ok
13:55:23.0575 9368 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:55:23.0584 9368 wbengine - ok
13:55:23.0594 9368 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:55:23.0596 9368 WbioSrvc - ok
13:55:23.0607 9368 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:55:23.0609 9368 wcncsvc - ok
13:55:23.0618 9368 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:55:23.0619 9368 WcsPlugInService - ok
13:55:23.0629 9368 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:55:23.0629 9368 Wd - ok
13:55:23.0639 9368 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
13:55:23.0639 9368 WDC_SAM - ok
13:55:23.0653 9368 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:55:23.0657 9368 Wdf01000 - ok
13:55:23.0666 9368 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:55:23.0667 9368 WdiServiceHost - ok
13:55:23.0669 9368 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:55:23.0671 9368 WdiSystemHost - ok
13:55:23.0680 9368 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:55:23.0682 9368 WebClient - ok
13:55:23.0692 9368 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:55:23.0694 9368 Wecsvc - ok
13:55:23.0703 9368 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:55:23.0704 9368 wercplsupport - ok
13:55:23.0713 9368 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:55:23.0714 9368 WerSvc - ok
13:55:23.0724 9368 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:55:23.0725 9368 WfpLwf - ok
13:55:23.0734 9368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:55:23.0735 9368 WIMMount - ok
13:55:23.0738 9368 WinDefend - ok
13:55:23.0742 9368 WinHttpAutoProxySvc - ok
13:55:23.0753 9368 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:55:23.0755 9368 Winmgmt - ok
13:55:23.0777 9368 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:55:23.0790 9368 WinRM - ok
13:55:23.0802 9368 WinTabService (37eba86e2089b9e1fd98a3e98cc81554) C:\Windows\System32\Drivers\WTSRV.EXE
13:55:23.0817 9368 WinTabService - ok
13:55:23.0828 9368 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:55:23.0834 9368 WinUsb - ok
13:55:23.0847 9368 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:55:23.0853 9368 Wlansvc - ok
13:55:23.0872 9368 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:55:23.0884 9368 wlidsvc - ok
13:55:23.0895 9368 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:55:23.0895 9368 WmiAcpi - ok
13:55:23.0907 9368 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:55:23.0909 9368 wmiApSrv - ok
13:55:23.0912 9368 WMPNetworkSvc - ok
13:55:23.0920 9368 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:55:23.0921 9368 WPCSvc - ok
13:55:23.0930 9368 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:55:23.0931 9368 WPDBusEnum - ok
13:55:23.0941 9368 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:55:23.0942 9368 ws2ifsl - ok
13:55:23.0951 9368 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:55:23.0953 9368 wscsvc - ok
13:55:23.0961 9368 WSearch - ok
13:55:23.0986 9368 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:55:23.0999 9368 wuauserv - ok
13:55:24.0010 9368 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:55:24.0011 9368 WudfPf - ok
13:55:24.0023 9368 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:55:24.0024 9368 WUDFRd - ok
13:55:24.0033 9368 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:55:24.0035 9368 wudfsvc - ok
13:55:24.0045 9368 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:55:24.0048 9368 WwanSvc - ok
13:55:24.0059 9368 xcetap0 (1044f84c619f517b8442d1d00cfca2e6) C:\Windows\system32\DRIVERS\xcetap0.sys
13:55:24.0063 9368 xcetap0 - ok
13:55:24.0070 9368 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:55:24.0079 9368 \Device\Harddisk0\DR0 - ok
13:55:24.0103 9368 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:55:24.0154 9368 \Device\Harddisk1\DR1 - ok
13:55:24.0156 9368 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk2\DR2
13:55:24.0228 9368 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
13:55:24.0228 9368 \Device\Harddisk2\DR2 - detected TDSS File System (1)
13:55:24.0232 9368 MBR (0x1B8) (b890cba10a03d4bd1e60bea5fc206936) \Device\Harddisk7\DR7
13:55:24.0523 9368 \Device\Harddisk7\DR7 - ok
13:55:24.0541 9368 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk8\DR8
13:55:24.0637 9368 \Device\Harddisk8\DR8 - ok
13:55:24.0640 9368 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk9\DR9
13:55:25.0125 9368 \Device\Harddisk9\DR9 - ok
13:55:25.0127 9368 Boot (0x1200) (613bd64546a125a354474a6500ed69e9) \Device\Harddisk0\DR0\Partition0
13:55:25.0128 9368 \Device\Harddisk0\DR0\Partition0 - ok
13:55:25.0129 9368 Boot (0x1200) (e08fb7e8c59b8056f8e2fbbe9afae28d) \Device\Harddisk0\DR0\Partition1
13:55:25.0130 9368 \Device\Harddisk0\DR0\Partition1 - ok
13:55:25.0500 9368 Boot (0x1200) (9fc409d7af44e9861eb00a7f2fc8e872) \Device\Harddisk1\DR1\Partition0
13:55:25.0501 9368 \Device\Harddisk1\DR1\Partition0 - ok
13:55:25.0960 9368 Boot (0x1200) (caa157a6fe288a2476d8afc476b64415) \Device\Harddisk2\DR2\Partition0
13:55:25.0960 9368 \Device\Harddisk2\DR2\Partition0 - ok
13:55:25.0963 9368 Boot (0x1200) (c5a497abbed3d0767a4501cce8b7ae66) \Device\Harddisk7\DR7\Partition0
13:55:25.0964 9368 \Device\Harddisk7\DR7\Partition0 - ok
13:55:25.0966 9368 Boot (0x1200) (b9b9e977930ee27ed5a1bbd9d3632e8b) \Device\Harddisk8\DR8\Partition0
13:55:25.0967 9368 \Device\Harddisk8\DR8\Partition0 - ok
13:55:25.0970 9368 Boot (0x1200) (c095100c34b8be40fccd0ea917a9c9e0) \Device\Harddisk9\DR9\Partition0
13:55:25.0971 9368 \Device\Harddisk9\DR9\Partition0 - ok
13:55:25.0972 9368 ============================================================
13:55:25.0972 9368 Scan finished
13:55:25.0972 9368 ============================================================
13:55:25.0976 4536 Detected object count: 1
13:55:25.0976 4536 Actual detected object count: 1
13:56:07.0337 4536 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
13:56:07.0337 4536 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:38 AM

Posted 05 April 2012 - 01:11 PM

Ok, lets make certain...
The redirects have stopped?

Delete any TDSS icons from the desktop.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 David Lunch

David Lunch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 05 April 2012 - 01:18 PM

No, the redirects haven't stopped. I chose the default action (Skip) in TDSSKiller, so I assume no removal action has been taken.

I will now run FixTDSS.exe

#6 David Lunch

David Lunch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 05 April 2012 - 01:27 PM

No infections found by FixTDSS.exe.

#7 David Lunch

David Lunch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 05 April 2012 - 01:55 PM

Should I run TDSSKiller.exe again and have it remove the possible threat?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:38 AM

Posted 05 April 2012 - 03:52 PM

Should I run TDSSKiller.exe again and have it remove the possible threat?


Yes,TDSS File System - are remains of infection in the past. They are just garbage you can remove.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 David Lunch

David Lunch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 05 April 2012 - 04:36 PM

I had TDSSKiller.exe delete: \Device\Harddisk2\DR2 ( TDSS File System )
It did not require a reboot.

The redirect problem remains, and I noticed a few new destinations:

http://63.209.69.107 (via http://click.get-answers-fast.com/ads-clicktrack/click/jump2.do?affiliate=46355&subid=8909_1232)
http://217.159.171.218

Edited by David Lunch, 05 April 2012 - 04:36 PM.


#10 David Lunch

David Lunch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 05 April 2012 - 08:23 PM

I have completely reinstalled Chrome (with deletion of all user data) and so far, so good. I will monitor for 24 hours, but if you don't hear back from me, I'm probably saved.

Thanks for your help!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:38 AM

Posted 05 April 2012 - 08:30 PM

Ok, sounds fair enough..


If all is good...
Then you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:



You're welcome!!

Edited by boopme, 05 April 2012 - 08:31 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users