Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost trojan removal - zero access rootkit? from win64/alureon.gen!k?


  • This topic is locked This topic is locked
34 replies to this topic

#1 adamfortwayne

adamfortwayne

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 17 April 2012 - 05:21 PM

My machine is running windows 7 64bit pro.

Microsoft security essentials removed a trojan:win64/alureon.gen!k. Scan came out clean and then I ran a malaware bytes scan. It keeps coming back with a C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot hit. I'm not seeing any slowness with my computer. If I did not run these scans I would not suspect it was even there.

Thank you so much for your help,
Adam




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by thebeast at 18:04:25 on 2012-04-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8109.5264 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\thebeast\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86
C:\Windows\system32\conhost.exe
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86
C:\Windows\system32\conhost.exe
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86
C:\Windows\system32\conhost.exe
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86
C:\Windows\system32\conhost.exe
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86
C:\Windows\system32\conhost.exe
E:\BOINC Data\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
uRun: [Google Update] "C:\Users\thebeast\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\thebeast\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\thebeast\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{707030AC-FE5F-496E-AC0F-B990ABD0A974} : DhcpNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
mRun-x64: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun-x64: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\thebeast\AppData\Roaming\Mozilla\Firefox\Profiles\viqyt311.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\thebeast\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\thebeast\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\thebeast\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-11 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 253088]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-17 21:51:40 20480 ----a-w- C:\Windows\svchost.exe
2012-04-17 21:50:04 -------- d-----w- C:\Windows\pss
2012-04-17 12:27:35 -------- d-----w- C:\Users\thebeast\AppData\Roaming\Malwarebytes
2012-04-17 12:27:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-17 12:27:29 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-17 12:27:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-17 11:15:49 118784 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\AB14.tmp
2012-04-17 11:15:49 118784 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\AAE3.tmp.dat
2012-04-16 23:57:53 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BDC0A05F-EC38-4CB8-83FA-56D42162A2CA}\mpengine.dll
2012-04-12 12:00:58 -------- d-----w- C:\ProgramData\Gibraltar
2012-04-12 11:52:48 -------- d-----w- C:\Users\thebeast\AppData\Roaming\Stardock
2012-04-12 11:52:23 -------- d-----w- C:\Users\thebeast\AppData\Local\PackageAware
2012-04-12 11:25:24 -------- d-----w- C:\Program Files\SmartFTP Client
2012-04-12 11:25:08 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2012-04-09 21:50:57 -------- d-----r- C:\Program Files (x86)\Skype
2012-04-09 00:11:01 -------- d-----w- C:\Users\thebeast\AppData\Local\Google
2012-04-09 00:10:03 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 00:04:14 -------- d-----w- C:\Program Files\iPod
2012-04-09 00:04:13 -------- d-----w- C:\Program Files\iTunes
2012-04-09 00:04:13 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-09 00:03:12 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-05 15:10:18 -------- d-----w- C:\Users\thebeast\AppData\Local\{2A72BDC3-3783-4CEF-9C21-682B41FB6D05}
2012-04-04 11:46:41 47616 ----a-w- C:\Windows\System32\pdf995mon64.dll
2012-04-04 11:46:41 314368 ----a-w- C:\Windows\System32\pdfmona64.dll
2012-04-04 11:46:41 142 ----a-w- C:\Windows\wpd99.drv
2012-04-04 11:46:41 11264 ----a-w- C:\Windows\System32\pdf995mon64ui.dll
2012-04-04 11:46:41 -------- d-----w- C:\ProgramData\pdf995
2012-04-04 11:46:40 47616 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll
2012-04-04 11:46:15 202752 ----a-w- C:\Windows\SysWow64\wbem\framedyn.dll
2012-04-01 23:50:33 -------- d-----w- C:\Users\thebeast\AppData\Roaming\FAHClient
2012-04-01 23:50:31 -------- d-----w- C:\Program Files (x86)\FAHClient
2012-03-23 10:39:17 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-23 10:39:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-23 10:39:16 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-23 01:42:32 -------- d-----w- C:\Program Files (x86)\Astonsoft
.
==================== Find3M ====================
.
2012-04-14 07:10:23 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 06:09:20 252016 ------w- C:\Windows\SysWow64\vmnc.dll
2012-02-18 22:24:21 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-02-18 22:24:21 567184 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 23:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 23:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-14 23:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-14 23:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-14 23:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-14 23:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-14 23:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-14 23:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-14 23:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 23:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-14 23:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 23:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-14 23:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-14 23:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-14 23:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 23:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-14 23:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-14 23:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-14 23:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-14 23:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-14 23:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 22:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 22:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 22:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 22:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 22:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 22:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 22:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 22:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 22:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 22:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 22:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-14 22:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 22:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 22:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 22:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 22:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 22:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 22:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-01 01:06:21 72080 ----a-w- C:\Users\thebeast\g2mdlhlpx.exe
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-25 12:25:11 230864 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2011-11-18 17:45:34 13844000 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 18:04:39.97 ===============

Attached Files


Edited by adamfortwayne, 17 April 2012 - 05:38 PM.


BC AdBot (Login to Remove)

 


#2 adamfortwayne

adamfortwayne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 17 April 2012 - 05:43 PM

To be honest, I'm not opposed to formatting the drive and reinstalling windows. What I would be concerned about in that case is the cleanness of my files on both my OS and data drive. Would they possible be infected if I copy the personally ones to my data drive, wipe the OS drive, and then copy them back over? Has the root kit effected both drives?

Thanks,
Adam

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 17 April 2012 - 06:51 PM

To be honest, I'm not opposed to formatting the drive and reinstalling windows. What I would be concerned about in that case is the cleanness of my files on both my OS and data drive. Would they possible be infected if I copy the personally ones to my data drive, wipe the OS drive, and then copy them back over? Has the root kit effected both drives?

Thanks,
Adam


You can reformat if you want or we can give it a go to clean this up. If you decide to reformat please follow these directions when backing any data up.

You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions . Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.

Note:
Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 adamfortwayne

adamfortwayne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 17 April 2012 - 07:22 PM

Fireman,
Let's give it a try. If it does not work, it will still be a learning experience.

Thanks,
Adam

P.S. I love the avatar.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 18 April 2012 - 05:04 PM

Hello,


Please run these tools and post there logs.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 adamfortwayne

adamfortwayne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 18 April 2012 - 06:44 PM

Now when ever I try to run an application. illegal operation attempted on a registry key that has been marked for deleted.


TDSSKiller

19:03:09.0122 1412 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
19:03:09.0403 1412 ============================================================
19:03:09.0403 1412 Current date / time: 2012/04/18 19:03:09.0403
19:03:09.0403 1412 SystemInfo:
19:03:09.0403 1412
19:03:09.0403 1412 OS Version: 6.1.7601 ServicePack: 1.0
19:03:09.0403 1412 Product type: Workstation
19:03:09.0403 1412 ComputerName: THEBEAST-PC
19:03:09.0403 1412 UserName: thebeast
19:03:09.0403 1412 Windows directory: C:\Windows
19:03:09.0403 1412 System windows directory: C:\Windows
19:03:09.0403 1412 Running under WOW64
19:03:09.0403 1412 Processor architecture: Intel x64
19:03:09.0403 1412 Number of processors: 8
19:03:09.0403 1412 Page size: 0x1000
19:03:09.0403 1412 Boot type: Normal boot
19:03:09.0403 1412 ============================================================
19:03:09.0699 1412 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
19:03:09.0715 1412 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:03:09.0964 1412 \Device\Harddisk1\DR1:
19:03:09.0964 1412 MBR partitions:
19:03:09.0964 1412 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:03:09.0964 1412 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
19:03:09.0964 1412 \Device\Harddisk0\DR0:
19:03:09.0964 1412 MBR partitions:
19:03:09.0964 1412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
19:03:09.0964 1412 C: <-> \Device\Harddisk1\DR1\Partition1
19:03:09.0980 1412 E: <-> \Device\Harddisk0\DR0\Partition0
19:03:09.0980 1412 Initialize success
19:03:09.0980 1412 ============================================================
19:03:15.0658 1452 ============================================================
19:03:15.0658 1452 Scan started
19:03:15.0658 1452 Mode: Manual; SigCheck; TDLFS;
19:03:15.0658 1452 ============================================================
19:03:15.0752 1452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:03:15.0814 1452 1394ohci - ok
19:03:15.0830 1452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:03:15.0845 1452 ACPI - ok
19:03:15.0861 1452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:03:15.0877 1452 AcpiPmi - ok
19:03:15.0892 1452 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:15.0955 1452 AdobeFlashPlayerUpdateSvc - ok
19:03:15.0970 1452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:03:15.0986 1452 adp94xx - ok
19:03:16.0001 1452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:03:16.0017 1452 adpahci - ok
19:03:16.0017 1452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:03:16.0048 1452 adpu320 - ok
19:03:16.0048 1452 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:03:16.0111 1452 AeLookupSvc - ok
19:03:16.0126 1452 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:03:16.0142 1452 AFD - ok
19:03:16.0157 1452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:03:16.0173 1452 agp440 - ok
19:03:16.0173 1452 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:03:16.0204 1452 ALG - ok
19:03:16.0204 1452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:03:16.0220 1452 aliide - ok
19:03:16.0235 1452 ALSysIO - ok
19:03:16.0235 1452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:03:16.0251 1452 amdide - ok
19:03:16.0251 1452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:03:16.0267 1452 AmdK8 - ok
19:03:16.0282 1452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:03:16.0298 1452 AmdPPM - ok
19:03:16.0298 1452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:03:16.0313 1452 amdsata - ok
19:03:16.0329 1452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:03:16.0345 1452 amdsbs - ok
19:03:16.0345 1452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:03:16.0360 1452 amdxata - ok
19:03:16.0376 1452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:03:16.0438 1452 AppID - ok
19:03:16.0438 1452 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:03:16.0485 1452 AppIDSvc - ok
19:03:16.0501 1452 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:03:16.0532 1452 Appinfo - ok
19:03:16.0547 1452 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:03:16.0594 1452 Apple Mobile Device - ok
19:03:16.0594 1452 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:03:16.0625 1452 AppMgmt - ok
19:03:16.0625 1452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:03:16.0641 1452 arc - ok
19:03:16.0657 1452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:03:16.0672 1452 arcsas - ok
19:03:16.0672 1452 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:03:16.0703 1452 aspnet_state - ok
19:03:16.0703 1452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:16.0735 1452 AsyncMac - ok
19:03:16.0750 1452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:03:16.0766 1452 atapi - ok
19:03:16.0766 1452 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:03:16.0828 1452 AudioEndpointBuilder - ok
19:03:16.0828 1452 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:03:16.0875 1452 AudioSrv - ok
19:03:16.0891 1452 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:03:16.0922 1452 AxInstSV - ok
19:03:16.0922 1452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:03:16.0953 1452 b06bdrv - ok
19:03:16.0953 1452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:03:16.0984 1452 b57nd60a - ok
19:03:16.0984 1452 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:03:17.0015 1452 BDESVC - ok
19:03:17.0015 1452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:03:17.0047 1452 Beep - ok
19:03:17.0062 1452 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:03:17.0125 1452 BFE - ok
19:03:17.0125 1452 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:03:17.0187 1452 BITS - ok
19:03:17.0187 1452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:17.0203 1452 blbdrive - ok
19:03:17.0218 1452 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:03:17.0265 1452 Bonjour Service - ok
19:03:17.0265 1452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:03:17.0281 1452 bowser - ok
19:03:17.0296 1452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:03:17.0312 1452 BrFiltLo - ok
19:03:17.0312 1452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:03:17.0343 1452 BrFiltUp - ok
19:03:17.0343 1452 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:03:17.0390 1452 Browser - ok
19:03:17.0390 1452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:03:17.0421 1452 Brserid - ok
19:03:17.0421 1452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:17.0437 1452 BrSerWdm - ok
19:03:17.0452 1452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:17.0468 1452 BrUsbMdm - ok
19:03:17.0468 1452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:17.0483 1452 BrUsbSer - ok
19:03:17.0499 1452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:03:17.0515 1452 BTHMODEM - ok
19:03:17.0515 1452 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:03:17.0561 1452 bthserv - ok
19:03:17.0577 1452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:03:17.0608 1452 cdfs - ok
19:03:17.0624 1452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:03:17.0639 1452 cdrom - ok
19:03:17.0639 1452 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:03:17.0686 1452 CertPropSvc - ok
19:03:17.0702 1452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:03:17.0717 1452 circlass - ok
19:03:17.0717 1452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:03:17.0749 1452 CLFS - ok
19:03:17.0749 1452 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:17.0780 1452 clr_optimization_v2.0.50727_32 - ok
19:03:17.0780 1452 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:17.0795 1452 clr_optimization_v2.0.50727_64 - ok
19:03:17.0811 1452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:17.0827 1452 clr_optimization_v4.0.30319_32 - ok
19:03:17.0842 1452 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:17.0858 1452 clr_optimization_v4.0.30319_64 - ok
19:03:17.0858 1452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:17.0873 1452 CmBatt - ok
19:03:17.0889 1452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:03:17.0905 1452 cmdide - ok
19:03:17.0905 1452 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:03:17.0936 1452 CNG - ok
19:03:17.0951 1452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:03:17.0967 1452 Compbatt - ok
19:03:17.0967 1452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:03:17.0983 1452 CompositeBus - ok
19:03:17.0998 1452 COMSysApp - ok
19:03:17.0998 1452 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:03:18.0248 1452 cphs - ok
19:03:18.0248 1452 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
19:03:18.0263 1452 cpuz135 - ok
19:03:18.0279 1452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:03:18.0295 1452 crcdisk - ok
19:03:18.0295 1452 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:03:18.0341 1452 CryptSvc - ok
19:03:18.0357 1452 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:03:18.0373 1452 CSC - ok
19:03:18.0388 1452 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:03:18.0419 1452 CscService - ok
19:03:18.0435 1452 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:03:18.0482 1452 DcomLaunch - ok
19:03:18.0497 1452 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:03:18.0544 1452 defragsvc - ok
19:03:18.0544 1452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:03:18.0591 1452 DfsC - ok
19:03:18.0591 1452 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:03:18.0638 1452 Dhcp - ok
19:03:18.0653 1452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:03:18.0685 1452 discache - ok
19:03:18.0700 1452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:03:18.0716 1452 Disk - ok
19:03:18.0716 1452 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:03:18.0747 1452 Dnscache - ok
19:03:18.0747 1452 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:03:18.0794 1452 dot3svc - ok
19:03:18.0809 1452 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:03:18.0856 1452 DPS - ok
19:03:18.0856 1452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:03:18.0872 1452 drmkaud - ok
19:03:18.0887 1452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:03:18.0919 1452 DXGKrnl - ok
19:03:18.0919 1452 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:03:18.0981 1452 EapHost - ok
19:03:18.0997 1452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:03:19.0043 1452 ebdrv - ok
19:03:19.0059 1452 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:03:19.0075 1452 EFS - ok
19:03:19.0090 1452 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:03:19.0137 1452 ehRecvr - ok
19:03:19.0137 1452 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:03:19.0168 1452 ehSched - ok
19:03:19.0168 1452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:03:19.0199 1452 elxstor - ok
19:03:19.0199 1452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:03:19.0215 1452 ErrDev - ok
19:03:19.0231 1452 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:03:19.0277 1452 EventSystem - ok
19:03:19.0293 1452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:03:19.0340 1452 exfat - ok
19:03:19.0340 1452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:03:19.0387 1452 fastfat - ok
19:03:19.0387 1452 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:03:19.0449 1452 Fax - ok
19:03:19.0449 1452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:03:19.0465 1452 fdc - ok
19:03:19.0480 1452 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:03:19.0511 1452 fdPHost - ok
19:03:19.0527 1452 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:03:19.0574 1452 FDResPub - ok
19:03:19.0574 1452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:03:19.0589 1452 FileInfo - ok
19:03:19.0605 1452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:03:19.0636 1452 Filetrace - ok
19:03:19.0636 1452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:19.0652 1452 flpydisk - ok
19:03:19.0667 1452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:03:19.0683 1452 FltMgr - ok
19:03:19.0699 1452 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:03:19.0745 1452 FontCache - ok
19:03:19.0745 1452 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:19.0761 1452 FontCache3.0.0.0 - ok
19:03:19.0761 1452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:03:19.0777 1452 FsDepends - ok
19:03:19.0792 1452 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:03:19.0808 1452 Fs_Rec - ok
19:03:19.0808 1452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:03:19.0839 1452 fvevol - ok
19:03:19.0839 1452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:03:19.0855 1452 gagp30kx - ok
19:03:19.0855 1452 gdrv - ok
19:03:19.0870 1452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:03:19.0870 1452 GEARAspiWDM - ok
19:03:19.0886 1452 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:03:19.0948 1452 gpsvc - ok
19:03:19.0948 1452 GPU-Z - ok
19:03:19.0964 1452 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
19:03:19.0964 1452 hcmon - ok
19:03:19.0979 1452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:03:19.0995 1452 hcw85cir - ok
19:03:19.0995 1452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:03:20.0026 1452 HdAudAddService - ok
19:03:20.0026 1452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:03:20.0057 1452 HDAudBus - ok
19:03:20.0057 1452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:03:20.0073 1452 HidBatt - ok
19:03:20.0073 1452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:03:20.0104 1452 HidBth - ok
19:03:20.0104 1452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:03:20.0135 1452 HidIr - ok
19:03:20.0135 1452 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:03:20.0182 1452 hidserv - ok
19:03:20.0182 1452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:03:20.0198 1452 HidUsb - ok
19:03:20.0213 1452 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:03:20.0260 1452 hkmsvc - ok
19:03:20.0260 1452 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:03:20.0291 1452 HomeGroupListener - ok
19:03:20.0307 1452 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:03:20.0323 1452 HomeGroupProvider - ok
19:03:20.0338 1452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:03:20.0338 1452 HpSAMD - ok
19:03:20.0354 1452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:03:20.0401 1452 HTTP - ok
19:03:20.0416 1452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:03:20.0432 1452 hwpolicy - ok
19:03:20.0432 1452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:03:20.0447 1452 i8042prt - ok
19:03:20.0463 1452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:03:20.0479 1452 iaStorV - ok
19:03:20.0494 1452 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:20.0525 1452 idsvc - ok
19:03:20.0619 1452 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:03:20.0822 1452 igfx - ok
19:03:20.0822 1452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:03:20.0837 1452 iirsp - ok
19:03:20.0853 1452 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:03:20.0900 1452 IKEEXT - ok
19:03:20.0915 1452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:03:20.0931 1452 intelide - ok
19:03:20.0931 1452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:03:20.0947 1452 intelppm - ok
19:03:20.0962 1452 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:03:21.0009 1452 IPBusEnum - ok
19:03:21.0009 1452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:21.0056 1452 IpFilterDriver - ok
19:03:21.0056 1452 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:03:21.0118 1452 iphlpsvc - ok
19:03:21.0118 1452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:03:21.0134 1452 IPMIDRV - ok
19:03:21.0149 1452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:03:21.0196 1452 IPNAT - ok
19:03:21.0196 1452 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:03:21.0274 1452 iPod Service - ok
19:03:21.0274 1452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:03:21.0290 1452 IRENUM - ok
19:03:21.0305 1452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:03:21.0321 1452 isapnp - ok
19:03:21.0321 1452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:03:21.0352 1452 iScsiPrt - ok
19:03:21.0352 1452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:21.0368 1452 kbdclass - ok
19:03:21.0368 1452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:03:21.0383 1452 kbdhid - ok
19:03:21.0399 1452 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:03:21.0415 1452 KeyIso - ok
19:03:21.0430 1452 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:03:21.0446 1452 KSecDD - ok
19:03:21.0446 1452 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:03:21.0461 1452 KSecPkg - ok
19:03:21.0477 1452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:03:21.0508 1452 ksthunk - ok
19:03:21.0524 1452 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:03:21.0571 1452 KtmRm - ok
19:03:21.0586 1452 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:03:21.0633 1452 LanmanServer - ok
19:03:21.0633 1452 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:03:21.0680 1452 LanmanWorkstation - ok
19:03:21.0695 1452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:03:21.0727 1452 lltdio - ok
19:03:21.0742 1452 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:03:21.0789 1452 lltdsvc - ok
19:03:21.0789 1452 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:03:21.0836 1452 lmhosts - ok
19:03:21.0851 1452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:03:21.0867 1452 LSI_FC - ok
19:03:21.0867 1452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:03:21.0883 1452 LSI_SAS - ok
19:03:21.0898 1452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:03:21.0914 1452 LSI_SAS2 - ok
19:03:21.0914 1452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:03:21.0929 1452 LSI_SCSI - ok
19:03:21.0929 1452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:03:21.0976 1452 luafv - ok
19:03:21.0992 1452 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
19:03:22.0007 1452 LVRS64 - ok
19:03:22.0054 1452 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:03:22.0132 1452 LVUVC64 - ok
19:03:22.0148 1452 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:03:22.0179 1452 Mcx2Svc - ok
19:03:22.0179 1452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:03:22.0195 1452 megasas - ok
19:03:22.0195 1452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:03:22.0226 1452 MegaSR - ok
19:03:22.0226 1452 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:03:22.0241 1452 MEIx64 - ok
19:03:22.0257 1452 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:03:22.0288 1452 MMCSS - ok
19:03:22.0304 1452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:03:22.0335 1452 Modem - ok
19:03:22.0351 1452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:03:22.0366 1452 monitor - ok
19:03:22.0366 1452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:03:22.0382 1452 mouclass - ok
19:03:22.0397 1452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:03:22.0413 1452 mouhid - ok
19:03:22.0413 1452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:03:22.0429 1452 mountmgr - ok
19:03:22.0444 1452 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
19:03:22.0460 1452 MpFilter - ok
19:03:22.0475 1452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:03:22.0491 1452 mpio - ok
19:03:22.0491 1452 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:03:22.0507 1452 MpNWMon - ok
19:03:22.0522 1452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:03:22.0553 1452 mpsdrv - ok
19:03:22.0569 1452 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:03:22.0616 1452 MpsSvc - ok
19:03:22.0631 1452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:03:22.0647 1452 MRxDAV - ok
19:03:22.0663 1452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:22.0678 1452 mrxsmb - ok
19:03:22.0678 1452 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:22.0709 1452 mrxsmb10 - ok
19:03:22.0709 1452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:22.0725 1452 mrxsmb20 - ok
19:03:22.0741 1452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:03:22.0756 1452 msahci - ok
19:03:22.0756 1452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:03:22.0772 1452 msdsm - ok
19:03:22.0787 1452 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:03:22.0803 1452 MSDTC - ok
19:03:22.0819 1452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:03:22.0850 1452 Msfs - ok
19:03:22.0865 1452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:03:22.0897 1452 mshidkmdf - ok
19:03:22.0912 1452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:03:22.0928 1452 msisadrv - ok
19:03:22.0928 1452 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:03:22.0975 1452 MSiSCSI - ok
19:03:22.0975 1452 msiserver - ok
19:03:22.0990 1452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:03:23.0021 1452 MSKSSRV - ok
19:03:23.0037 1452 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:03:23.0053 1452 MsMpSvc - ok
19:03:23.0053 1452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:23.0099 1452 MSPCLOCK - ok
19:03:23.0099 1452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:03:23.0131 1452 MSPQM - ok
19:03:23.0146 1452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:03:23.0162 1452 MsRPC - ok
19:03:23.0177 1452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:03:23.0193 1452 mssmbios - ok
19:03:23.0193 1452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:03:23.0240 1452 MSTEE - ok
19:03:23.0240 1452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:03:23.0255 1452 MTConfig - ok
19:03:23.0255 1452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:03:23.0271 1452 Mup - ok
19:03:23.0287 1452 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:03:23.0333 1452 napagent - ok
19:03:23.0349 1452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:03:23.0365 1452 NativeWifiP - ok
19:03:23.0380 1452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:03:23.0427 1452 NDIS - ok
19:03:23.0427 1452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:23.0458 1452 NdisCap - ok
19:03:23.0474 1452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:23.0505 1452 NdisTapi - ok
19:03:23.0521 1452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:23.0552 1452 Ndisuio - ok
19:03:23.0552 1452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:23.0599 1452 NdisWan - ok
19:03:23.0599 1452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:03:23.0645 1452 NDProxy - ok
19:03:23.0645 1452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:03:23.0692 1452 NetBIOS - ok
19:03:23.0692 1452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:03:23.0739 1452 NetBT - ok
19:03:23.0739 1452 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:03:23.0770 1452 Netlogon - ok
19:03:23.0770 1452 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:03:23.0817 1452 Netman - ok
19:03:23.0833 1452 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:23.0848 1452 NetMsmqActivator - ok
19:03:23.0848 1452 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:23.0879 1452 NetPipeActivator - ok
19:03:23.0879 1452 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:03:23.0926 1452 netprofm - ok
19:03:23.0942 1452 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:23.0957 1452 NetTcpActivator - ok
19:03:23.0957 1452 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:23.0989 1452 NetTcpPortSharing - ok
19:03:23.0989 1452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:03:24.0004 1452 nfrd960 - ok
19:03:24.0004 1452 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:03:24.0020 1452 NisDrv - ok
19:03:24.0035 1452 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:03:24.0067 1452 NisSrv - ok
19:03:24.0067 1452 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:03:24.0129 1452 NlaSvc - ok
19:03:24.0129 1452 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
19:03:24.0145 1452 NPF - ok
19:03:24.0160 1452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:03:24.0191 1452 Npfs - ok
19:03:24.0207 1452 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:03:24.0238 1452 nsi - ok
19:03:24.0254 1452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:03:24.0285 1452 nsiproxy - ok
19:03:24.0301 1452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:03:24.0347 1452 Ntfs - ok
19:03:24.0363 1452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:03:24.0394 1452 Null - ok
19:03:24.0394 1452 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
19:03:24.0425 1452 NVHDA - ok
19:03:24.0503 1452 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:03:25.0283 1452 nvlddmkm - ok
19:03:25.0299 1452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:03:25.0315 1452 nvraid - ok
19:03:25.0315 1452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:03:25.0330 1452 nvstor - ok
19:03:25.0346 1452 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
19:03:25.0439 1452 nvsvc - ok
19:03:25.0455 1452 nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:03:25.0549 1452 nvUpdatusService - ok
19:03:25.0549 1452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:03:25.0580 1452 nv_agp - ok
19:03:25.0580 1452 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:03:25.0627 1452 odserv - ok
19:03:25.0642 1452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:03:25.0658 1452 ohci1394 - ok
19:03:25.0658 1452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:03:25.0705 1452 ose - ok
19:03:25.0705 1452 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:03:25.0736 1452 p2pimsvc - ok
19:03:25.0751 1452 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:03:25.0783 1452 p2psvc - ok
19:03:25.0783 1452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:03:25.0798 1452 Parport - ok
19:03:25.0814 1452 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:03:25.0829 1452 partmgr - ok
19:03:25.0829 1452 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:03:25.0861 1452 PcaSvc - ok
19:03:25.0876 1452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:03:25.0892 1452 pci - ok
19:03:25.0892 1452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:03:25.0907 1452 pciide - ok
19:03:25.0923 1452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:03:25.0939 1452 pcmcia - ok
19:03:25.0939 1452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:03:25.0954 1452 pcw - ok
19:03:25.0970 1452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:03:26.0017 1452 PEAUTH - ok
19:03:26.0032 1452 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:03:26.0063 1452 PeerDistSvc - ok
19:03:26.0079 1452 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:03:26.0095 1452 PerfHost - ok
19:03:26.0126 1452 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:03:26.0173 1452 pla - ok
19:03:26.0188 1452 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:03:26.0219 1452 PlugPlay - ok
19:03:26.0219 1452 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:03:26.0251 1452 PNRPAutoReg - ok
19:03:26.0251 1452 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:03:26.0282 1452 PNRPsvc - ok
19:03:26.0297 1452 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:03:26.0344 1452 PolicyAgent - ok
19:03:26.0344 1452 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:03:26.0407 1452 Power - ok
19:03:26.0407 1452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:03:26.0453 1452 PptpMiniport - ok
19:03:26.0453 1452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:03:26.0469 1452 Processor - ok
19:03:26.0485 1452 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:03:26.0531 1452 ProfSvc - ok
19:03:26.0531 1452 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:03:26.0563 1452 ProtectedStorage - ok
19:03:26.0563 1452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:03:26.0609 1452 Psched - ok
19:03:26.0625 1452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:03:26.0656 1452 ql2300 - ok
19:03:26.0672 1452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:03:26.0687 1452 ql40xx - ok
19:03:26.0687 1452 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:03:26.0719 1452 QWAVE - ok
19:03:26.0734 1452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:03:26.0750 1452 QWAVEdrv - ok
19:03:26.0750 1452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:03:26.0797 1452 RasAcd - ok
19:03:26.0797 1452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:26.0843 1452 RasAgileVpn - ok
19:03:26.0843 1452 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:03:26.0890 1452 RasAuto - ok
19:03:26.0906 1452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:26.0937 1452 Rasl2tp - ok
19:03:26.0953 1452 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:03:26.0999 1452 RasMan - ok
19:03:26.0999 1452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:27.0046 1452 RasPppoe - ok
19:03:27.0046 1452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:03:27.0093 1452 RasSstp - ok
19:03:27.0109 1452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:03:27.0140 1452 rdbss - ok
19:03:27.0155 1452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:03:27.0171 1452 rdpbus - ok
19:03:27.0171 1452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:27.0218 1452 RDPCDD - ok
19:03:27.0218 1452 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:03:27.0249 1452 RDPDR - ok
19:03:27.0249 1452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:03:27.0280 1452 RDPENCDD - ok
19:03:27.0296 1452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:03:27.0327 1452 RDPREFMP - ok
19:03:27.0343 1452 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:03:27.0358 1452 RDPWD - ok
19:03:27.0374 1452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:03:27.0389 1452 rdyboost - ok
19:03:27.0389 1452 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:03:27.0436 1452 RemoteAccess - ok
19:03:27.0452 1452 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:03:27.0499 1452 RemoteRegistry - ok
19:03:27.0499 1452 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
19:03:27.0577 1452 rpcapd - ok
19:03:27.0577 1452 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:03:27.0623 1452 RpcEptMapper - ok
19:03:27.0623 1452 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:03:27.0670 1452 RpcLocator - ok
19:03:27.0686 1452 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:03:27.0743 1452 RpcSs - ok
19:03:27.0751 1452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:03:27.0791 1452 rspndr - ok
19:03:27.0801 1452 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:03:27.0821 1452 RTL8167 - ok
19:03:27.0829 1452 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:03:27.0849 1452 s3cap - ok
19:03:27.0856 1452 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:03:27.0876 1452 SamSs - ok
19:03:27.0883 1452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:03:27.0900 1452 sbp2port - ok
19:03:27.0907 1452 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:03:27.0960 1452 SCardSvr - ok
19:03:27.0967 1452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:03:28.0002 1452 scfilter - ok
19:03:28.0015 1452 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:03:28.0080 1452 Schedule - ok
19:03:28.0087 1452 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:03:28.0134 1452 SCPolicySvc - ok
19:03:28.0141 1452 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:03:28.0157 1452 SDRSVC - ok
19:03:28.0173 1452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:03:28.0204 1452 secdrv - ok
19:03:28.0219 1452 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:03:28.0266 1452 seclogon - ok
19:03:28.0266 1452 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:03:28.0313 1452 SENS - ok
19:03:28.0313 1452 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:03:28.0344 1452 SensrSvc - ok
19:03:28.0344 1452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:03:28.0375 1452 Serenum - ok
19:03:28.0391 1452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:03:28.0407 1452 Serial - ok
19:03:28.0407 1452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:03:28.0422 1452 sermouse - ok
19:03:28.0438 1452 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:03:28.0485 1452 SessionEnv - ok
19:03:28.0485 1452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:03:28.0500 1452 sffdisk - ok
19:03:28.0516 1452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:03:28.0547 1452 sffp_mmc - ok
19:03:28.0547 1452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:03:28.0578 1452 sffp_sd - ok
19:03:28.0578 1452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:03:28.0594 1452 sfloppy - ok
19:03:28.0609 1452 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:03:28.0672 1452 SharedAccess - ok
19:03:28.0672 1452 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:03:28.0720 1452 ShellHWDetection - ok
19:03:28.0735 1452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:03:28.0751 1452 SiSRaid2 - ok
19:03:28.0751 1452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:03:28.0766 1452 SiSRaid4 - ok
19:03:28.0766 1452 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:03:28.0876 1452 SkypeUpdate - ok
19:03:28.0891 1452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:03:28.0922 1452 Smb - ok
19:03:28.0938 1452 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:03:28.0972 1452 SNMPTRAP - ok
19:03:28.0979 1452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:03:29.0007 1452 spldr - ok
19:03:29.0017 1452 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:03:29.0102 1452 Spooler - ok
19:03:29.0132 1452 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:03:29.0216 1452 sppsvc - ok
19:03:29.0223 1452 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:03:29.0271 1452 sppuinotify - ok
19:03:29.0280 1452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:03:29.0306 1452 srv - ok
19:03:29.0315 1452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:03:29.0338 1452 srv2 - ok
19:03:29.0345 1452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:03:29.0387 1452 srvnet - ok
19:03:29.0396 1452 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:03:29.0444 1452 SSDPSRV - ok
19:03:29.0451 1452 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:03:29.0496 1452 SstpSvc - ok
19:03:29.0503 1452 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:03:29.0583 1452 Stereo Service - ok
19:03:29.0590 1452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:03:29.0605 1452 stexstor - ok
19:03:29.0616 1452 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:03:29.0653 1452 stisvc - ok
19:03:29.0660 1452 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:03:29.0675 1452 storflt - ok
19:03:29.0681 1452 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:03:29.0712 1452 StorSvc - ok
19:03:29.0719 1452 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:03:29.0733 1452 storvsc - ok
19:03:29.0740 1452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:03:29.0758 1452 swenum - ok
19:03:29.0768 1452 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:03:29.0820 1452 swprv - ok
19:03:29.0838 1452 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:03:29.0888 1452 SysMain - ok
19:03:29.0896 1452 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:03:29.0937 1452 TabletInputService - ok
19:03:29.0948 1452 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:03:30.0018 1452 TapiSrv - ok
19:03:30.0026 1452 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:03:30.0106 1452 TBS - ok
19:03:30.0125 1452 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:03:30.0179 1452 Tcpip - ok
19:03:30.0198 1452 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:03:30.0250 1452 TCPIP6 - ok
19:03:30.0259 1452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:03:30.0301 1452 tcpipreg - ok
19:03:30.0310 1452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:03:30.0325 1452 TDPIPE - ok
19:03:30.0332 1452 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:03:30.0355 1452 TDTCP - ok
19:03:30.0363 1452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:03:30.0425 1452 tdx - ok
19:03:30.0432 1452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:03:30.0448 1452 TermDD - ok
19:03:30.0459 1452 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:03:30.0566 1452 TermService - ok
19:03:30.0586 1452 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:03:30.0617 1452 Themes - ok
19:03:30.0624 1452 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:03:30.0689 1452 THREADORDER - ok
19:03:30.0696 1452 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:03:30.0787 1452 TrkWks - ok
19:03:30.0795 1452 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
19:03:30.0814 1452 truecrypt - ok
19:03:30.0818 1452 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:03:30.0876 1452 TrustedInstaller - ok
19:03:30.0884 1452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:30.0926 1452 tssecsrv - ok
19:03:30.0933 1452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:03:30.0950 1452 TsUsbFlt - ok
19:03:30.0957 1452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:03:30.0999 1452 tunnel - ok
19:03:31.0006 1452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:03:31.0032 1452 uagp35 - ok
19:03:31.0041 1452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:03:31.0140 1452 udfs - ok
19:03:31.0149 1452 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:03:31.0173 1452 UI0Detect - ok
19:03:31.0180 1452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:03:31.0196 1452 uliagpkx - ok
19:03:31.0203 1452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:03:31.0218 1452 umbus - ok
19:03:31.0225 1452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:03:31.0300 1452 UmPass - ok
19:03:31.0307 1452 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:03:31.0335 1452 UmRdpService - ok
19:03:31.0342 1452 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:03:31.0406 1452 UMVPFSrv - ok
19:03:31.0415 1452 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:03:31.0498 1452 upnphost - ok
19:03:31.0505 1452 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:03:31.0539 1452 USBAAPL64 - ok
19:03:31.0547 1452 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:03:31.0644 1452 usbaudio - ok
19:03:31.0651 1452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:31.0667 1452 usbccgp - ok
19:03:31.0674 1452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:03:31.0785 1452 usbcir - ok
19:03:31.0793 1452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:03:31.0807 1452 usbehci - ok
19:03:31.0816 1452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:03:31.0852 1452 usbhub - ok
19:03:31.0859 1452 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:03:31.0908 1452 usbohci - ok
19:03:31.0915 1452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:03:31.0935 1452 usbprint - ok
19:03:31.0942 1452 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:03:31.0964 1452 usbscan - ok
19:03:31.0975 1452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:32.0040 1452 USBSTOR - ok
19:03:32.0047 1452 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:03:32.0068 1452 usbuhci - ok
19:03:32.0076 1452 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:03:32.0098 1452 usbvideo - ok
19:03:32.0105 1452 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:03:32.0156 1452 UxSms - ok
19:03:32.0162 1452 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:03:32.0183 1452 VaultSvc - ok
19:03:32.0190 1452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:03:32.0204 1452 vdrvroot - ok
19:03:32.0214 1452 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:03:32.0264 1452 vds - ok
19:03:32.0271 1452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:32.0290 1452 vga - ok
19:03:32.0296 1452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:03:32.0335 1452 VgaSave - ok
19:03:32.0343 1452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:03:32.0363 1452 vhdmp - ok
19:03:32.0370 1452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:03:32.0385 1452 viaide - ok
19:03:32.0392 1452 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:03:32.0411 1452 vmbus - ok
19:03:32.0418 1452 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:03:32.0434 1452 VMBusHID - ok
19:03:32.0441 1452 VMnetAdapter - ok
19:03:32.0452 1452 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
19:03:32.0483 1452 VMUSBArbService - ok
19:03:32.0492 1452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:03:32.0507 1452 volmgr - ok
19:03:32.0516 1452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:03:32.0539 1452 volmgrx - ok
19:03:32.0548 1452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:03:32.0569 1452 volsnap - ok
19:03:32.0577 1452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:03:32.0594 1452 vsmraid - ok
19:03:32.0611 1452 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:03:32.0677 1452 VSS - ok
19:03:32.0684 1452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:03:32.0702 1452 vwifibus - ok
19:03:32.0711 1452 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:03:32.0762 1452 W32Time - ok
19:03:32.0771 1452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:03:32.0788 1452 WacomPen - ok
19:03:32.0796 1452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:03:32.0835 1452 WANARP - ok
19:03:32.0838 1452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:03:32.0877 1452 Wanarpv6 - ok
19:03:32.0892 1452 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:03:33.0125 1452 WatAdminSvc - ok
19:03:33.0142 1452 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:03:33.0220 1452 wbengine - ok
19:03:33.0228 1452 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:03:33.0259 1452 WbioSrvc - ok
19:03:33.0270 1452 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:03:33.0347 1452 wcncsvc - ok
19:03:33.0354 1452 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:03:33.0379 1452 WcsPlugInService - ok
19:03:33.0386 1452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:03:33.0401 1452 Wd - ok
19:03:33.0412 1452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:03:33.0437 1452 Wdf01000 - ok
19:03:33.0444 1452 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:03:33.0507 1452 WdiServiceHost - ok
19:03:33.0510 1452 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:03:33.0539 1452 WdiSystemHost - ok
19:03:33.0548 1452 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:03:33.0580 1452 WebClient - ok
19:03:33.0588 1452 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:03:33.0639 1452 Wecsvc - ok
19:03:33.0646 1452 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:03:33.0694 1452 wercplsupport - ok
19:03:33.0702 1452 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:03:33.0749 1452 WerSvc - ok
19:03:33.0757 1452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:33.0794 1452 WfpLwf - ok
19:03:33.0801 1452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:03:33.0816 1452 WIMMount - ok
19:03:33.0819 1452 WinDefend - ok
19:03:33.0824 1452 WinHttpAutoProxySvc - ok
19:03:33.0835 1452 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:03:33.0885 1452 Winmgmt - ok
19:03:33.0905 1452 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:03:33.0976 1452 WinRM - ok
19:03:33.0987 1452 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:34.0005 1452 WinUsb - ok
19:03:34.0017 1452 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:03:34.0061 1452 Wlansvc - ok
19:03:34.0079 1452 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:03:34.0189 1452 wlidsvc - ok
19:03:34.0198 1452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:03:34.0215 1452 WmiAcpi - ok
19:03:34.0224 1452 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:03:34.0251 1452 wmiApSrv - ok
19:03:34.0254 1452 WMPNetworkSvc - ok
19:03:34.0262 1452 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:03:34.0284 1452 WPCSvc - ok
19:03:34.0291 1452 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:03:34.0318 1452 WPDBusEnum - ok
19:03:34.0325 1452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:03:34.0364 1452 ws2ifsl - ok
19:03:34.0371 1452 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:03:34.0402 1452 wscsvc - ok
19:03:34.0408 1452 WSearch - ok
19:03:34.0441 1452 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:03:34.0524 1452 wuauserv - ok
19:03:34.0532 1452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:03:34.0574 1452 WudfPf - ok
19:03:34.0582 1452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:34.0623 1452 WUDFRd - ok
19:03:34.0630 1452 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:03:34.0677 1452 wudfsvc - ok
19:03:34.0686 1452 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:03:34.0717 1452 WwanSvc - ok
19:03:34.0722 1452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:03:34.0735 1452 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
19:03:34.0735 1452 \Device\Harddisk1\DR1 - detected TDSS File System (1)
19:03:34.0737 1452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:03:34.0804 1452 \Device\Harddisk0\DR0 - ok
19:03:34.0806 1452 Boot (0x1200) (1031041d60d19c8c865effc5219156cb) \Device\Harddisk1\DR1\Partition0
19:03:34.0806 1452 \Device\Harddisk1\DR1\Partition0 - ok
19:03:34.0808 1452 Boot (0x1200) (b14ba4db8d9a5f4d15836f58ccdd9fb2) \Device\Harddisk1\DR1\Partition1
19:03:34.0809 1452 \Device\Harddisk1\DR1\Partition1 - ok
19:03:34.0811 1452 Boot (0x1200) (a92fd92949324f438998a7e9444d8704) \Device\Harddisk0\DR0\Partition0
19:03:34.0812 1452 \Device\Harddisk0\DR0\Partition0 - ok
19:03:34.0812 1452 ============================================================
19:03:34.0812 1452 Scan finished
19:03:34.0812 1452 ============================================================
19:03:34.0819 0692 Detected object count: 1
19:03:34.0819 0692 Actual detected object count: 1
19:03:40.0617 0692 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
19:03:40.0617 0692 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
19:05:09.0443 1928 Deinitialize success








Combofix
ComboFix 12-04-18.02 - thebeast 04/18/2012 19:08:05.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8109.6458 [GMT -4:00]
Running from: c:\users\thebeast\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\iexplorer
c:\program files (x86)\iexplorer\AxInterop.QTOControlLib.dll
c:\program files (x86)\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\iexplorer\iExplorer.exe
c:\program files (x86)\iexplorer\Interop.QTOControlLib.dll
c:\program files (x86)\iexplorer\Interop.QTOLibrary.dll
c:\program files (x86)\iexplorer\isxdl.dll
c:\program files (x86)\iexplorer\MPCrashReporter.dll
c:\program files (x86)\iexplorer\MPUpdater.dll
c:\program files (x86)\iexplorer\msvcr71.dll
c:\program files (x86)\iexplorer\PodPhone2.dll
c:\program files (x86)\iexplorer\unins000.dat
c:\program files (x86)\iexplorer\unins000.exe
c:\program files (x86)\iexplorer\unins000.msg
c:\users\thebeast\g2mdlhlpx.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 23:10 . 2012-04-18 23:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-18 23:10 . 2012-04-18 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 22:48 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-17 22:48 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-17 22:48 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-17 22:48 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-17 22:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-17 22:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-17 22:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-17 22:47 . 2012-04-17 23:09 -------- d-----w- c:\users\thebeast\Eye Track Shop
2012-04-17 12:27 . 2012-04-17 12:27 -------- d-----w- c:\users\thebeast\AppData\Roaming\Malwarebytes
2012-04-17 12:27 . 2012-04-17 12:27 -------- d-----w- c:\programdata\Malwarebytes
2012-04-17 12:27 . 2012-04-17 12:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-17 12:27 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-17 11:15 . 2012-04-17 11:15 118784 ----a-w- c:\programdata\Microsoft\Windows\DRM\AB14.tmp
2012-04-17 11:15 . 2012-04-17 11:15 118784 ----a-w- c:\programdata\Microsoft\Windows\DRM\AAE3.tmp.dat
2012-04-16 23:57 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDC0A05F-EC38-4CB8-83FA-56D42162A2CA}\mpengine.dll
2012-04-12 12:00 . 2012-04-12 12:00 -------- d-----w- c:\programdata\Gibraltar
2012-04-12 11:52 . 2012-04-12 11:52 -------- d-----w- c:\users\thebeast\AppData\Roaming\Stardock
2012-04-12 11:52 . 2012-04-12 11:52 -------- d-----w- c:\users\thebeast\AppData\Local\PackageAware
2012-04-12 11:25 . 2012-04-12 11:25 -------- d-----w- c:\users\thebeast\AppData\Roaming\SmartFTP
2012-04-12 11:25 . 2012-04-12 11:25 -------- d-----w- c:\program files\SmartFTP Client
2012-04-12 11:25 . 2012-04-12 11:25 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2012-04-09 21:51 . 2012-04-18 23:07 -------- d-----w- c:\users\thebeast\AppData\Roaming\Skype
2012-04-09 21:50 . 2012-04-09 21:50 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-09 21:50 . 2012-04-09 21:51 -------- d-----r- c:\program files (x86)\Skype
2012-04-09 21:50 . 2012-04-09 21:50 -------- d-----w- c:\programdata\Skype
2012-04-09 00:11 . 2012-04-10 00:11 -------- d-----w- c:\users\thebeast\AppData\Local\Google
2012-04-09 00:10 . 2012-04-14 07:10 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 00:04 . 2012-04-09 00:04 -------- d-----w- c:\program files\iPod
2012-04-09 00:04 . 2012-04-09 00:04 -------- d-----w- c:\program files\iTunes
2012-04-09 00:04 . 2012-04-09 00:04 -------- d-----w- c:\program files (x86)\iTunes
2012-04-09 00:03 . 2012-04-14 07:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 11:47 . 2012-04-04 11:47 -------- d-----w- c:\users\thebeast\AppData\Roaming\pdf995
2012-04-04 11:46 . 2012-04-12 00:45 -------- d-----w- c:\programdata\pdf995
2012-04-04 11:46 . 2007-08-24 16:13 142 ----a-w- c:\windows\wpd99.drv
2012-04-04 11:46 . 2007-03-26 13:16 314368 ----a-w- c:\windows\system32\pdfmona64.dll
2012-04-04 11:46 . 2006-10-20 01:44 47616 ----a-w- c:\windows\system32\pdf995mon64.dll
2012-04-04 11:46 . 2005-06-30 19:29 11264 ----a-w- c:\windows\system32\pdf995mon64ui.dll
2012-04-04 11:46 . 2012-04-04 11:46 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
2012-04-04 11:46 . 2010-11-20 12:19 202752 ----a-w- c:\windows\SysWow64\wbem\framedyn.dll
2012-04-01 23:50 . 2012-04-17 12:32 -------- d-----w- c:\users\thebeast\AppData\Roaming\FAHClient
2012-04-01 23:50 . 2012-04-01 23:50 -------- d-----w- c:\program files (x86)\FAHClient
2012-03-23 10:39 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-23 10:39 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 10:39 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-23 01:44 . 2012-03-23 01:45 -------- d-----w- c:\users\thebeast\AppData\Roaming\DeepBurner
2012-03-23 01:42 . 2012-03-23 01:42 -------- d-----w- c:\program files (x86)\Astonsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 07:10 . 2011-11-15 02:41 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2011-11-17 21:50 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-24 06:09 . 2012-02-24 06:09 252016 ------w- c:\windows\SysWow64\vmnc.dll
2012-02-18 22:24 . 2012-02-18 22:24 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-02-18 22:24 . 2011-11-12 01:33 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-13 23:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 23:55 . 2012-02-14 23:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 23:55 . 2012-02-14 23:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 23:55 . 2012-02-14 23:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 23:55 . 2012-02-14 23:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 23:55 . 2012-02-14 23:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 23:55 . 2012-02-14 23:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 23:55 . 2012-02-14 23:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 23:55 . 2012-02-14 23:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 23:53 . 2012-02-14 23:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 23:47 . 2012-02-14 23:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 23:47 . 2012-02-14 23:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 23:47 . 2012-02-14 23:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 23:47 . 2012-02-14 23:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 23:47 . 2012-02-14 23:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 23:44 . 2012-02-14 23:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 23:44 . 2012-02-14 23:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 23:42 . 2012-02-14 23:42 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 23:35 . 2012-02-14 23:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 23:07 . 2012-02-14 23:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 22:59 . 2012-02-14 22:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 22:57 . 2012-02-14 22:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 22:57 . 2012-02-14 22:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 22:57 . 2012-02-14 22:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 22:57 . 2012-02-14 22:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 22:57 . 2012-02-14 22:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 22:57 . 2012-02-14 22:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 22:57 . 2012-02-14 22:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 22:57 . 2012-02-14 22:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 22:57 . 2012-02-14 22:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 22:57 . 2012-02-14 22:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 22:57 . 2012-02-14 22:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 22:57 . 2012-02-14 22:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 22:57 . 2012-02-14 22:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 22:57 . 2012-02-14 22:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 22:57 . 2012-02-14 22:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 22:57 . 2011-09-01 00:21 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 22:56 . 2011-09-01 00:20 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 22:56 . 2012-02-14 22:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 22:56 . 2012-02-14 22:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 22:56 . 2012-02-14 22:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 22:56 . 2012-02-14 22:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 22:56 . 2012-02-14 22:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 22:56 . 2012-02-14 22:56 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 22:55 . 2012-02-14 22:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 22:54 . 2012-02-14 22:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 22:53 . 2012-02-14 22:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 22:53 . 2012-02-14 22:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 22:53 . 2012-02-14 22:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 22:53 . 2012-02-14 22:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 22:53 . 2012-02-14 22:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 22:53 . 2012-02-14 22:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 22:53 . 2012-02-14 22:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 22:53 . 2012-02-14 22:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-10 15:41 . 2012-02-10 15:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF5D1977-6FD4-4981-BC62-F4FFD759DA68}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 23:05 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:05 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 23:05 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-11-12 01:34 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 12:25 . 2012-01-25 12:25 230864 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-25 06:38 . 2012-03-13 23:03 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 23:03 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 23:03 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2011-11-18 17:45 . 2011-11-18 17:45 13844000 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files (x86)\BOINC\boincmgr.exe" [2010-09-23 4543232]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2010-09-23 58112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\thebeast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\thebeast\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ALSysIO;ALSysIO;c:\users\thebeast\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 GPU-Z;GPU-Z;c:\users\thebeast\AppData\Local\Temp\GPU-Z.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 07:10]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749022163-3579841242-3610539435-1000Core.job
- c:\users\thebeast\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 00:11]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749022163-3579841242-3610539435-1000UA.job
- c:\users\thebeast\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 00:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\thebeast\AppData\Roaming\Mozilla\Firefox\Profiles\viqyt311.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files (x86)\iExplorer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-18 19:12:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 23:12
.
Pre-Run: 65,578,422,272 bytes free
Post-Run: 67,555,921,920 bytes free
.
- - End Of File - - 86C211D911ED532BF15118E529581686

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 18 April 2012 - 09:05 PM

Now when ever I try to run an application. illegal operation attempted on a registry key that has been marked for deleted.

Just restart your computer.

1.
Please run Tdsskiller again this time select Cure or Quarantine when asked.

2.
Click here to download Kaspersky Virus Removal Tool.
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

Things to include in your next reply::
TDssKIller log
Kaspersky log
How is your machine running now?

Edited by fireman4it, 18 April 2012 - 09:08 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 adamfortwayne

adamfortwayne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 18 April 2012 - 09:58 PM

Fireman,
With the tdsskiller application, I only get a hit if I configure it to look for TDLFS. The default option for what it found was skip. I just wanted to verify that you wanted me to select Quarantine this time.

Thanks for the help,
Adam

#9 adamfortwayne

adamfortwayne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 19 April 2012 - 06:09 AM

Fireman,
With the tdsskiller application, I only get a hit if I configure it to look for TDLFS. The default option for what it found was skip. I wanted to verify that you wanted me to select Quarantine this time. In addition it looks the the Kaspersky Virus Removal Tool UI has changed since I was not able to strictly follow your instructions. I think I captured the log you wanted.

Thanks for the help,
Adam


TDDsskiller with default skip selected
22:54:33.0598 0424 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
22:54:33.0598 0424 ============================================================
22:54:33.0598 0424 Current date / time: 2012/04/18 22:54:33.0598
22:54:33.0598 0424 SystemInfo:
22:54:33.0598 0424
22:54:33.0598 0424 OS Version: 6.1.7601 ServicePack: 1.0
22:54:33.0598 0424 Product type: Workstation
22:54:33.0598 0424 ComputerName: THEBEAST-PC
22:54:33.0598 0424 UserName: thebeast
22:54:33.0598 0424 Windows directory: C:\Windows
22:54:33.0598 0424 System windows directory: C:\Windows
22:54:33.0598 0424 Running under WOW64
22:54:33.0598 0424 Processor architecture: Intel x64
22:54:33.0598 0424 Number of processors: 8
22:54:33.0598 0424 Page size: 0x1000
22:54:33.0598 0424 Boot type: Normal boot
22:54:33.0598 0424 ============================================================
22:54:33.0722 0424 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
22:54:33.0722 0424 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:54:33.0847 0424 \Device\Harddisk1\DR1:
22:54:33.0847 0424 MBR partitions:
22:54:33.0847 0424 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:54:33.0847 0424 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
22:54:33.0847 0424 \Device\Harddisk0\DR0:
22:54:33.0847 0424 MBR partitions:
22:54:33.0847 0424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
22:54:33.0847 0424 C: <-> \Device\Harddisk1\DR1\Partition1
22:54:33.0847 0424 E: <-> \Device\Harddisk0\DR0\Partition0
22:54:33.0847 0424 Initialize success
22:54:33.0847 0424 ============================================================
22:54:50.0477 2848 ============================================================
22:54:50.0477 2848 Scan started
22:54:50.0477 2848 Mode: Manual; SigCheck; TDLFS;
22:54:50.0477 2848 ============================================================
22:54:50.0586 2848 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:54:50.0617 2848 1394ohci - ok
22:54:50.0633 2848 70319181 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\70319181.sys
22:54:50.0648 2848 70319181 - ok
22:54:50.0664 2848 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:54:50.0664 2848 ACPI - ok
22:54:50.0680 2848 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:54:50.0695 2848 AcpiPmi - ok
22:54:50.0711 2848 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:54:50.0711 2848 AdobeFlashPlayerUpdateSvc - ok
22:54:50.0726 2848 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:54:50.0742 2848 adp94xx - ok
22:54:50.0742 2848 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:54:50.0758 2848 adpahci - ok
22:54:50.0758 2848 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:54:50.0773 2848 adpu320 - ok
22:54:50.0773 2848 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:54:50.0836 2848 AeLookupSvc - ok
22:54:50.0836 2848 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:54:50.0851 2848 AFD - ok
22:54:50.0867 2848 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:54:50.0867 2848 agp440 - ok
22:54:50.0882 2848 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:54:50.0882 2848 ALG - ok
22:54:50.0898 2848 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:54:50.0898 2848 aliide - ok
22:54:50.0898 2848 ALSysIO - ok
22:54:50.0914 2848 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:54:50.0914 2848 amdide - ok
22:54:50.0929 2848 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:54:50.0945 2848 AmdK8 - ok
22:54:50.0945 2848 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:54:50.0960 2848 AmdPPM - ok
22:54:50.0960 2848 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:54:50.0976 2848 amdsata - ok
22:54:50.0976 2848 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:54:50.0992 2848 amdsbs - ok
22:54:50.0992 2848 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:54:50.0992 2848 amdxata - ok
22:54:51.0007 2848 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:54:51.0023 2848 AppID - ok
22:54:51.0038 2848 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:54:51.0054 2848 AppIDSvc - ok
22:54:51.0054 2848 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:54:51.0085 2848 Appinfo - ok
22:54:51.0085 2848 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:54:51.0101 2848 Apple Mobile Device - ok
22:54:51.0101 2848 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:54:51.0116 2848 AppMgmt - ok
22:54:51.0116 2848 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:54:51.0132 2848 arc - ok
22:54:51.0132 2848 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:54:51.0148 2848 arcsas - ok
22:54:51.0148 2848 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:54:51.0163 2848 aspnet_state - ok
22:54:51.0163 2848 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:54:51.0194 2848 AsyncMac - ok
22:54:51.0194 2848 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:54:51.0194 2848 atapi - ok
22:54:51.0210 2848 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:54:51.0241 2848 AudioEndpointBuilder - ok
22:54:51.0241 2848 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:54:51.0272 2848 AudioSrv - ok
22:54:51.0272 2848 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:54:51.0288 2848 AxInstSV - ok
22:54:51.0304 2848 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:54:51.0319 2848 b06bdrv - ok
22:54:51.0319 2848 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:54:51.0335 2848 b57nd60a - ok
22:54:51.0335 2848 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:54:51.0350 2848 BDESVC - ok
22:54:51.0350 2848 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:54:51.0382 2848 Beep - ok
22:54:51.0397 2848 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:54:51.0428 2848 BFE - ok
22:54:51.0428 2848 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:54:51.0460 2848 BITS - ok
22:54:51.0475 2848 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:54:51.0475 2848 blbdrive - ok
22:54:51.0491 2848 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:54:51.0491 2848 Bonjour Service - ok
22:54:51.0506 2848 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:54:51.0506 2848 bowser - ok
22:54:51.0522 2848 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:54:51.0538 2848 BrFiltLo - ok
22:54:51.0538 2848 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:54:51.0553 2848 BrFiltUp - ok
22:54:51.0553 2848 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:54:51.0584 2848 BridgeMP - ok
22:54:51.0584 2848 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:54:51.0616 2848 Browser - ok
22:54:51.0616 2848 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:54:51.0631 2848 Brserid - ok
22:54:51.0631 2848 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:54:51.0647 2848 BrSerWdm - ok
22:54:51.0662 2848 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:54:51.0662 2848 BrUsbMdm - ok
22:54:51.0678 2848 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:54:51.0678 2848 BrUsbSer - ok
22:54:51.0694 2848 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:54:51.0694 2848 BTHMODEM - ok
22:54:51.0709 2848 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:54:51.0725 2848 bthserv - ok
22:54:51.0725 2848 catchme - ok
22:54:51.0740 2848 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:54:51.0756 2848 cdfs - ok
22:54:51.0772 2848 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:54:51.0772 2848 cdrom - ok
22:54:51.0787 2848 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:54:51.0803 2848 CertPropSvc - ok
22:54:51.0818 2848 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:54:51.0818 2848 circlass - ok
22:54:51.0834 2848 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:54:51.0850 2848 CLFS - ok
22:54:51.0850 2848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:51.0850 2848 clr_optimization_v2.0.50727_32 - ok
22:54:51.0865 2848 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:54:51.0865 2848 clr_optimization_v2.0.50727_64 - ok
22:54:51.0881 2848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:54:51.0881 2848 clr_optimization_v4.0.30319_32 - ok
22:54:51.0881 2848 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:54:51.0896 2848 clr_optimization_v4.0.30319_64 - ok
22:54:51.0896 2848 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:54:51.0912 2848 CmBatt - ok
22:54:51.0912 2848 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:54:51.0928 2848 cmdide - ok
22:54:51.0928 2848 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:54:51.0943 2848 CNG - ok
22:54:51.0959 2848 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:54:51.0959 2848 Compbatt - ok
22:54:51.0959 2848 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:54:51.0974 2848 CompositeBus - ok
22:54:51.0974 2848 COMSysApp - ok
22:54:51.0990 2848 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:54:52.0006 2848 cphs - ok
22:54:52.0006 2848 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
22:54:52.0006 2848 cpuz135 - ok
22:54:52.0021 2848 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:54:52.0021 2848 crcdisk - ok
22:54:52.0037 2848 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:54:52.0052 2848 CryptSvc - ok
22:54:52.0068 2848 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:54:52.0084 2848 CSC - ok
22:54:52.0084 2848 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:54:52.0099 2848 CscService - ok
22:54:52.0115 2848 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:54:52.0146 2848 DcomLaunch - ok
22:54:52.0146 2848 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:54:52.0177 2848 defragsvc - ok
22:54:52.0177 2848 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:54:52.0208 2848 DfsC - ok
22:54:52.0208 2848 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:54:52.0240 2848 Dhcp - ok
22:54:52.0240 2848 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:54:52.0271 2848 discache - ok
22:54:52.0271 2848 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:54:52.0271 2848 Disk - ok
22:54:52.0286 2848 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:54:52.0302 2848 Dnscache - ok
22:54:52.0302 2848 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:54:52.0333 2848 dot3svc - ok
22:54:52.0333 2848 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:54:52.0364 2848 DPS - ok
22:54:52.0364 2848 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:54:52.0380 2848 drmkaud - ok
22:54:52.0396 2848 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:54:52.0411 2848 DXGKrnl - ok
22:54:52.0411 2848 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:54:52.0427 2848 EapHost - ok
22:54:52.0458 2848 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:54:52.0489 2848 ebdrv - ok
22:54:52.0505 2848 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:54:52.0505 2848 EFS - ok
22:54:52.0520 2848 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:54:52.0536 2848 ehRecvr - ok
22:54:52.0536 2848 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:54:52.0552 2848 ehSched - ok
22:54:52.0552 2848 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:54:52.0567 2848 elxstor - ok
22:54:52.0583 2848 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:54:52.0583 2848 ErrDev - ok
22:54:52.0598 2848 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:54:52.0614 2848 EventSystem - ok
22:54:52.0630 2848 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:54:52.0645 2848 exfat - ok
22:54:52.0661 2848 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:54:52.0676 2848 fastfat - ok
22:54:52.0692 2848 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:54:52.0708 2848 Fax - ok
22:54:52.0723 2848 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:54:52.0723 2848 fdc - ok
22:54:52.0739 2848 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:54:52.0754 2848 fdPHost - ok
22:54:52.0754 2848 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:54:52.0786 2848 FDResPub - ok
22:54:52.0786 2848 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:54:52.0801 2848 FileInfo - ok
22:54:52.0801 2848 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:54:52.0832 2848 Filetrace - ok
22:54:52.0832 2848 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:54:52.0832 2848 flpydisk - ok
22:54:52.0848 2848 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:54:52.0864 2848 FltMgr - ok
22:54:52.0879 2848 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:54:52.0895 2848 FontCache - ok
22:54:52.0895 2848 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:54:52.0910 2848 FontCache3.0.0.0 - ok
22:54:52.0910 2848 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:54:52.0910 2848 FsDepends - ok
22:54:52.0926 2848 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:54:52.0926 2848 Fs_Rec - ok
22:54:52.0942 2848 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:54:52.0957 2848 fvevol - ok
22:54:52.0957 2848 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:54:52.0957 2848 gagp30kx - ok
22:54:52.0973 2848 gdrv - ok
22:54:52.0973 2848 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:54:52.0988 2848 GEARAspiWDM - ok
22:54:52.0988 2848 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:54:53.0020 2848 gpsvc - ok
22:54:53.0020 2848 GPU-Z - ok
22:54:53.0035 2848 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
22:54:53.0035 2848 hcmon - ok
22:54:53.0051 2848 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:54:53.0051 2848 hcw85cir - ok
22:54:53.0066 2848 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:54:53.0082 2848 HdAudAddService - ok
22:54:53.0082 2848 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:54:53.0098 2848 HDAudBus - ok
22:54:53.0113 2848 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:54:53.0113 2848 HidBatt - ok
22:54:53.0129 2848 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:54:53.0129 2848 HidBth - ok
22:54:53.0144 2848 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:54:53.0144 2848 HidIr - ok
22:54:53.0160 2848 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:54:53.0176 2848 hidserv - ok
22:54:53.0191 2848 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:54:53.0191 2848 HidUsb - ok
22:54:53.0207 2848 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:54:53.0222 2848 hkmsvc - ok
22:54:53.0238 2848 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:54:53.0238 2848 HomeGroupListener - ok
22:54:53.0254 2848 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:54:53.0269 2848 HomeGroupProvider - ok
22:54:53.0269 2848 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:54:53.0285 2848 HpSAMD - ok
22:54:53.0285 2848 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:54:53.0316 2848 HTTP - ok
22:54:53.0316 2848 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:54:53.0332 2848 hwpolicy - ok
22:54:53.0347 2848 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:54:53.0347 2848 i8042prt - ok
22:54:53.0363 2848 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:54:53.0363 2848 iaStorV - ok
22:54:53.0378 2848 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:54:53.0394 2848 idsvc - ok
22:54:53.0503 2848 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:54:53.0690 2848 igfx - ok
22:54:53.0706 2848 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:54:53.0706 2848 iirsp - ok
22:54:53.0722 2848 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:54:53.0753 2848 IKEEXT - ok
22:54:53.0753 2848 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:54:53.0768 2848 intelide - ok
22:54:53.0768 2848 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:54:53.0784 2848 intelppm - ok
22:54:53.0784 2848 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:54:53.0800 2848 IPBusEnum - ok
22:54:53.0815 2848 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:54:53.0831 2848 IpFilterDriver - ok
22:54:53.0846 2848 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:54:53.0878 2848 iphlpsvc - ok
22:54:53.0878 2848 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:54:53.0893 2848 IPMIDRV - ok
22:54:53.0893 2848 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:54:53.0909 2848 IPNAT - ok
22:54:53.0924 2848 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:54:53.0940 2848 iPod Service - ok
22:54:53.0940 2848 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:54:53.0971 2848 IRENUM - ok
22:54:53.0971 2848 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:54:53.0971 2848 isapnp - ok
22:54:53.0987 2848 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:54:54.0002 2848 iScsiPrt - ok
22:54:54.0002 2848 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:54:54.0018 2848 kbdclass - ok
22:54:54.0018 2848 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:54:54.0034 2848 kbdhid - ok
22:54:54.0034 2848 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:54:54.0034 2848 KeyIso - ok
22:54:54.0049 2848 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:54:54.0049 2848 KSecDD - ok
22:54:54.0065 2848 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:54:54.0065 2848 KSecPkg - ok
22:54:54.0080 2848 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:54:54.0096 2848 ksthunk - ok
22:54:54.0112 2848 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:54:54.0127 2848 KtmRm - ok
22:54:54.0143 2848 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:54:54.0158 2848 LanmanServer - ok
22:54:54.0174 2848 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:54:54.0190 2848 LanmanWorkstation - ok
22:54:54.0205 2848 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:54:54.0221 2848 lltdio - ok
22:54:54.0236 2848 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:54:54.0252 2848 lltdsvc - ok
22:54:54.0268 2848 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:54:54.0283 2848 lmhosts - ok
22:54:54.0299 2848 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:54:54.0299 2848 LSI_FC - ok
22:54:54.0314 2848 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:54:54.0314 2848 LSI_SAS - ok
22:54:54.0330 2848 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:54:54.0330 2848 LSI_SAS2 - ok
22:54:54.0346 2848 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:54:54.0346 2848 LSI_SCSI - ok
22:54:54.0361 2848 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:54:54.0377 2848 luafv - ok
22:54:54.0392 2848 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
22:54:54.0392 2848 LVRS64 - ok
22:54:54.0439 2848 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
22:54:54.0486 2848 LVUVC64 - ok
22:54:54.0502 2848 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:54:54.0517 2848 Mcx2Svc - ok
22:54:54.0517 2848 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:54:54.0517 2848 megasas - ok
22:54:54.0533 2848 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:54:54.0548 2848 MegaSR - ok
22:54:54.0548 2848 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:54:54.0564 2848 MEIx64 - ok
22:54:54.0564 2848 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:54:54.0580 2848 MMCSS - ok
22:54:54.0595 2848 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:54:54.0611 2848 Modem - ok
22:54:54.0626 2848 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:54:54.0626 2848 monitor - ok
22:54:54.0642 2848 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:54:54.0642 2848 mouclass - ok
22:54:54.0658 2848 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:54:54.0658 2848 mouhid - ok
22:54:54.0673 2848 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:54:54.0673 2848 mountmgr - ok
22:54:54.0689 2848 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
22:54:54.0689 2848 MpFilter - ok
22:54:54.0704 2848 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:54:54.0704 2848 mpio - ok
22:54:54.0720 2848 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:54:54.0720 2848 MpNWMon - ok
22:54:54.0736 2848 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:54:54.0751 2848 mpsdrv - ok
22:54:54.0767 2848 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:54:54.0798 2848 MpsSvc - ok
22:54:54.0798 2848 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:54:54.0814 2848 MRxDAV - ok
22:54:54.0814 2848 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:54:54.0829 2848 mrxsmb - ok
22:54:54.0845 2848 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:54:54.0845 2848 mrxsmb10 - ok
22:54:54.0860 2848 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:54:54.0860 2848 mrxsmb20 - ok
22:54:54.0876 2848 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:54:54.0876 2848 msahci - ok
22:54:54.0892 2848 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:54:54.0892 2848 msdsm - ok
22:54:54.0907 2848 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:54:54.0907 2848 MSDTC - ok
22:54:54.0923 2848 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:54:54.0938 2848 Msfs - ok
22:54:54.0954 2848 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:54:54.0970 2848 mshidkmdf - ok
22:54:54.0985 2848 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:54:54.0985 2848 msisadrv - ok
22:54:55.0001 2848 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:54:55.0016 2848 MSiSCSI - ok
22:54:55.0016 2848 msiserver - ok
22:54:55.0032 2848 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:54:55.0048 2848 MSKSSRV - ok
22:54:55.0048 2848 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
22:54:55.0063 2848 MsMpSvc - ok
22:54:55.0063 2848 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:54:55.0094 2848 MSPCLOCK - ok
22:54:55.0094 2848 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:54:55.0110 2848 MSPQM - ok
22:54:55.0126 2848 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:54:55.0141 2848 MsRPC - ok
22:54:55.0141 2848 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:54:55.0157 2848 mssmbios - ok
22:54:55.0157 2848 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:54:55.0172 2848 MSTEE - ok
22:54:55.0188 2848 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:54:55.0188 2848 MTConfig - ok
22:54:55.0204 2848 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:54:55.0204 2848 Mup - ok
22:54:55.0219 2848 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:54:55.0250 2848 napagent - ok
22:54:55.0250 2848 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:54:55.0266 2848 NativeWifiP - ok
22:54:55.0282 2848 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:54:55.0297 2848 NDIS - ok
22:54:55.0313 2848 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:54:55.0328 2848 NdisCap - ok
22:54:55.0328 2848 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:54:55.0360 2848 NdisTapi - ok
22:54:55.0360 2848 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:54:55.0391 2848 Ndisuio - ok
22:54:55.0391 2848 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:54:55.0422 2848 NdisWan - ok
22:54:55.0422 2848 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:54:55.0438 2848 NDProxy - ok
22:54:55.0453 2848 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:54:55.0469 2848 NetBIOS - ok
22:54:55.0484 2848 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:54:55.0500 2848 NetBT - ok
22:54:55.0516 2848 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:54:55.0516 2848 Netlogon - ok
22:54:55.0531 2848 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:54:55.0547 2848 Netman - ok
22:54:55.0562 2848 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:54:55.0562 2848 NetMsmqActivator - ok
22:54:55.0562 2848 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:54:55.0578 2848 NetPipeActivator - ok
22:54:55.0578 2848 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:54:55.0609 2848 netprofm - ok
22:54:55.0625 2848 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:54:55.0625 2848 NetTcpActivator - ok
22:54:55.0625 2848 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:54:55.0640 2848 NetTcpPortSharing - ok
22:54:55.0640 2848 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:54:55.0656 2848 nfrd960 - ok
22:54:55.0656 2848 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:54:55.0656 2848 NisDrv - ok
22:54:55.0672 2848 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
22:54:55.0672 2848 NisSrv - ok
22:54:55.0687 2848 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:54:55.0718 2848 NlaSvc - ok
22:54:55.0718 2848 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
22:54:55.0734 2848 NPF - ok
22:54:55.0734 2848 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:54:55.0765 2848 Npfs - ok
22:54:55.0765 2848 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:54:55.0781 2848 nsi - ok
22:54:55.0796 2848 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:54:55.0812 2848 nsiproxy - ok
22:54:55.0828 2848 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:54:55.0859 2848 Ntfs - ok
22:54:55.0859 2848 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:54:55.0890 2848 Null - ok
22:54:55.0890 2848 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
22:54:55.0906 2848 NVHDA - ok
22:54:56.0030 2848 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:54:56.0140 2848 nvlddmkm - ok
22:54:56.0155 2848 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:54:56.0171 2848 nvraid - ok
22:54:56.0171 2848 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:54:56.0186 2848 nvstor - ok
22:54:56.0202 2848 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
22:54:56.0218 2848 nvsvc - ok
22:54:56.0233 2848 nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:54:56.0249 2848 nvUpdatusService - ok
22:54:56.0264 2848 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:54:56.0264 2848 nv_agp - ok
22:54:56.0280 2848 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:54:56.0280 2848 odserv - ok
22:54:56.0296 2848 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:54:56.0311 2848 ohci1394 - ok
22:54:56.0311 2848 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:56.0311 2848 ose - ok
22:54:56.0327 2848 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:54:56.0342 2848 p2pimsvc - ok
22:54:56.0342 2848 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:54:56.0358 2848 p2psvc - ok
22:54:56.0374 2848 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:54:56.0374 2848 Parport - ok
22:54:56.0389 2848 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:54:56.0389 2848 partmgr - ok
22:54:56.0405 2848 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:54:56.0405 2848 PcaSvc - ok
22:54:56.0420 2848 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:54:56.0420 2848 pci - ok
22:54:56.0436 2848 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:54:56.0436 2848 pciide - ok
22:54:56.0452 2848 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:54:56.0452 2848 pcmcia - ok
22:54:56.0467 2848 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:54:56.0467 2848 pcw - ok
22:54:56.0483 2848 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:54:56.0514 2848 PEAUTH - ok
22:54:56.0530 2848 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:54:56.0545 2848 PeerDistSvc - ok
22:54:56.0561 2848 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:54:56.0561 2848 PerfHost - ok
22:54:56.0592 2848 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:54:56.0623 2848 pla - ok
22:54:56.0623 2848 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:54:56.0639 2848 PlugPlay - ok
22:54:56.0654 2848 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:54:56.0654 2848 PNRPAutoReg - ok
22:54:56.0670 2848 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:54:56.0670 2848 PNRPsvc - ok
22:54:56.0686 2848 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:54:56.0717 2848 PolicyAgent - ok
22:54:56.0717 2848 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:54:56.0748 2848 Power - ok
22:54:56.0748 2848 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:54:56.0764 2848 PptpMiniport - ok
22:54:56.0779 2848 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:54:56.0779 2848 Processor - ok
22:54:56.0795 2848 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:54:56.0810 2848 ProfSvc - ok
22:54:56.0826 2848 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:54:56.0842 2848 ProtectedStorage - ok
22:54:56.0842 2848 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:54:56.0857 2848 Psched - ok
22:54:56.0873 2848 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:54:56.0904 2848 ql2300 - ok
22:54:56.0904 2848 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:54:56.0920 2848 ql40xx - ok
22:54:56.0920 2848 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:54:56.0935 2848 QWAVE - ok
22:54:56.0951 2848 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:54:56.0951 2848 QWAVEdrv - ok
22:54:56.0966 2848 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:54:56.0982 2848 RasAcd - ok
22:54:56.0998 2848 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:54:57.0013 2848 RasAgileVpn - ok
22:54:57.0029 2848 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:54:57.0044 2848 RasAuto - ok
22:54:57.0060 2848 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:54:57.0076 2848 Rasl2tp - ok
22:54:57.0091 2848 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:54:57.0107 2848 RasMan - ok
22:54:57.0122 2848 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:54:57.0138 2848 RasPppoe - ok
22:54:57.0154 2848 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:54:57.0169 2848 RasSstp - ok
22:54:57.0185 2848 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:54:57.0200 2848 rdbss - ok
22:54:57.0216 2848 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:54:57.0216 2848 rdpbus - ok
22:54:57.0232 2848 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:54:57.0247 2848 RDPCDD - ok
22:54:57.0263 2848 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:54:57.0263 2848 RDPDR - ok
22:54:57.0278 2848 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:54:57.0294 2848 RDPENCDD - ok
22:54:57.0294 2848 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:54:57.0325 2848 RDPREFMP - ok
22:54:57.0325 2848 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:54:57.0341 2848 RDPWD - ok
22:54:57.0341 2848 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:54:57.0356 2848 rdyboost - ok
22:54:57.0356 2848 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:54:57.0388 2848 RemoteAccess - ok
22:54:57.0388 2848 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:54:57.0419 2848 RemoteRegistry - ok
22:54:57.0419 2848 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
22:54:57.0434 2848 rpcapd - ok
22:54:57.0434 2848 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:54:57.0466 2848 RpcEptMapper - ok
22:54:57.0466 2848 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:54:57.0481 2848 RpcLocator - ok
22:54:57.0481 2848 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:54:57.0512 2848 RpcSs - ok
22:54:57.0512 2848 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:54:57.0544 2848 rspndr - ok
22:54:57.0544 2848 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:54:57.0559 2848 RTL8167 - ok
22:54:57.0575 2848 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:54:57.0575 2848 s3cap - ok
22:54:57.0590 2848 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:54:57.0590 2848 SamSs - ok
22:54:57.0606 2848 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:54:57.0606 2848 sbp2port - ok
22:54:57.0622 2848 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:54:57.0637 2848 SCardSvr - ok
22:54:57.0653 2848 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:54:57.0668 2848 scfilter - ok
22:54:57.0684 2848 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:54:57.0715 2848 Schedule - ok
22:54:57.0715 2848 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:54:57.0746 2848 SCPolicySvc - ok
22:54:57.0746 2848 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:54:57.0762 2848 SDRSVC - ok
22:54:57.0762 2848 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:54:57.0793 2848 secdrv - ok
22:54:57.0793 2848 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:54:57.0809 2848 seclogon - ok
22:54:57.0824 2848 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:54:57.0840 2848 SENS - ok
22:54:57.0856 2848 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:54:57.0856 2848 SensrSvc - ok
22:54:57.0871 2848 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:54:57.0871 2848 Serenum - ok
22:54:57.0887 2848 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:54:57.0887 2848 Serial - ok
22:54:57.0902 2848 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:54:57.0902 2848 sermouse - ok
22:54:57.0918 2848 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:54:57.0934 2848 SessionEnv - ok
22:54:57.0949 2848 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:54:57.0949 2848 sffdisk - ok
22:54:57.0965 2848 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:54:57.0965 2848 sffp_mmc - ok
22:54:57.0980 2848 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:54:57.0996 2848 sffp_sd - ok
22:54:57.0996 2848 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:54:57.0996 2848 sfloppy - ok
22:54:58.0012 2848 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:54:58.0043 2848 SharedAccess - ok
22:54:58.0043 2848 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:54:58.0074 2848 ShellHWDetection - ok
22:54:58.0074 2848 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:54:58.0090 2848 SiSRaid2 - ok
22:54:58.0090 2848 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:54:58.0105 2848 SiSRaid4 - ok
22:54:58.0105 2848 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:54:58.0105 2848 SkypeUpdate - ok
22:54:58.0121 2848 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:54:58.0136 2848 Smb - ok
22:54:58.0152 2848 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:54:58.0168 2848 SNMPTRAP - ok
22:54:58.0168 2848 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:54:58.0168 2848 spldr - ok
22:54:58.0183 2848 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:54:58.0214 2848 Spooler - ok
22:54:58.0246 2848 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:54:58.0277 2848 sppsvc - ok
22:54:58.0292 2848 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:54:58.0308 2848 sppuinotify - ok
22:54:58.0324 2848 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:54:58.0339 2848 srv - ok
22:54:58.0339 2848 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:54:58.0355 2848 srv2 - ok
22:54:58.0370 2848 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:54:58.0370 2848 srvnet - ok
22:54:58.0386 2848 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:54:58.0402 2848 SSDPSRV - ok
22:54:58.0417 2848 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:54:58.0433 2848 SstpSvc - ok
22:54:58.0448 2848 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:54:58.0448 2848 Stereo Service - ok
22:54:58.0464 2848 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:54:58.0464 2848 stexstor - ok
22:54:58.0480 2848 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:54:58.0495 2848 stisvc - ok
22:54:58.0495 2848 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:54:58.0511 2848 storflt - ok
22:54:58.0511 2848 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
22:54:58.0526 2848 StorSvc - ok
22:54:58.0526 2848 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:54:58.0542 2848 storvsc - ok
22:54:58.0542 2848 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:54:58.0558 2848 swenum - ok
22:54:58.0558 2848 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:54:58.0589 2848 swprv - ok
22:54:58.0604 2848 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:54:58.0636 2848 SysMain - ok
22:54:58.0636 2848 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:54:58.0651 2848 TabletInputService - ok
22:54:58.0667 2848 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:54:58.0682 2848 TapiSrv - ok
22:54:58.0698 2848 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:54:58.0714 2848 TBS - ok
22:54:58.0729 2848 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:54:58.0760 2848 Tcpip - ok
22:54:58.0776 2848 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:54:58.0807 2848 TCPIP6 - ok
22:54:58.0807 2848 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:54:58.0838 2848 tcpipreg - ok
22:54:58.0838 2848 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:54:58.0854 2848 TDPIPE - ok
22:54:58.0854 2848 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:54:58.0870 2848 TDTCP - ok
22:54:58.0870 2848 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:54:58.0901 2848 tdx - ok
22:54:58.0901 2848 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:54:58.0916 2848 TermDD - ok
22:54:58.0916 2848 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:54:58.0948 2848 TermService - ok
22:54:58.0963 2848 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:54:58.0963 2848 Themes - ok
22:54:58.0979 2848 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:54:58.0994 2848 THREADORDER - ok
22:54:59.0010 2848 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:54:59.0026 2848 TrkWks - ok
22:54:59.0041 2848 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
22:54:59.0041 2848 truecrypt - ok
22:54:59.0057 2848 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:54:59.0072 2848 TrustedInstaller - ok
22:54:59.0088 2848 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:54:59.0104 2848 tssecsrv - ok
22:54:59.0119 2848 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:54:59.0119 2848 TsUsbFlt - ok
22:54:59.0135 2848 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:54:59.0150 2848 tunnel - ok
22:54:59.0166 2848 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:54:59.0166 2848 uagp35 - ok
22:54:59.0182 2848 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:54:59.0197 2848 udfs - ok
22:54:59.0213 2848 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:54:59.0213 2848 UI0Detect - ok
22:54:59.0228 2848 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:54:59.0228 2848 uliagpkx - ok
22:54:59.0244 2848 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:54:59.0244 2848 umbus - ok
22:54:59.0260 2848 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:54:59.0260 2848 UmPass - ok
22:54:59.0275 2848 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:54:59.0275 2848 UmRdpService - ok
22:54:59.0291 2848 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:54:59.0291 2848 UMVPFSrv - ok
22:54:59.0306 2848 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:54:59.0322 2848 upnphost - ok
22:54:59.0338 2848 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:54:59.0338 2848 USBAAPL64 - ok
22:54:59.0353 2848 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:54:59.0353 2848 usbaudio - ok
22:54:59.0369 2848 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:54:59.0369 2848 usbccgp - ok
22:54:59.0384 2848 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:54:59.0400 2848 usbcir - ok
22:54:59.0400 2848 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:54:59.0416 2848 usbehci - ok
22:54:59.0416 2848 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:54:59.0431 2848 usbhub - ok
22:54:59.0431 2848 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:54:59.0447 2848 usbohci - ok
22:54:59.0447 2848 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:54:59.0462 2848 usbprint - ok
22:54:59.0478 2848 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:54:59.0478 2848 usbscan - ok
22:54:59.0494 2848 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:54:59.0494 2848 USBSTOR - ok
22:54:59.0509 2848 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:54:59.0509 2848 usbuhci - ok
22:54:59.0525 2848 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:54:59.0540 2848 usbvideo - ok
22:54:59.0540 2848 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:54:59.0572 2848 UxSms - ok
22:54:59.0572 2848 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:54:59.0587 2848 VaultSvc - ok
22:54:59.0587 2848 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:54:59.0587 2848 vdrvroot - ok
22:54:59.0603 2848 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:54:59.0634 2848 vds - ok
22:54:59.0634 2848 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:54:59.0650 2848 vga - ok
22:54:59.0650 2848 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:54:59.0681 2848 VgaSave - ok
22:54:59.0681 2848 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:54:59.0696 2848 vhdmp - ok
22:54:59.0696 2848 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:54:59.0712 2848 viaide - ok
22:54:59.0712 2848 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:54:59.0728 2848 vmbus - ok
22:54:59.0728 2848 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:54:59.0743 2848 VMBusHID - ok
22:54:59.0743 2848 VMnetAdapter - ok
22:54:59.0759 2848 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
22:54:59.0774 2848 VMUSBArbService - ok
22:54:59.0790 2848 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:54:59.0790 2848 volmgr - ok
22:54:59.0806 2848 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:54:59.0821 2848 volmgrx - ok
22:54:59.0821 2848 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:54:59.0837 2848 volsnap - ok
22:54:59.0837 2848 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:54:59.0852 2848 vsmraid - ok
22:54:59.0868 2848 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:54:59.0899 2848 VSS - ok
22:54:59.0915 2848 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:54:59.0915 2848 vwifibus - ok
22:54:59.0930 2848 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:54:59.0962 2848 W32Time - ok
22:54:59.0962 2848 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:54:59.0977 2848 WacomPen - ok
22:54:59.0977 2848 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:55:00.0008 2848 WANARP - ok
22:55:00.0008 2848 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:55:00.0024 2848 Wanarpv6 - ok
22:55:00.0040 2848 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:55:00.0055 2848 WatAdminSvc - ok
22:55:00.0071 2848 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:55:00.0102 2848 wbengine - ok
22:55:00.0102 2848 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:55:00.0118 2848 WbioSrvc - ok
22:55:00.0133 2848 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:55:00.0149 2848 wcncsvc - ok
22:55:00.0149 2848 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:55:00.0164 2848 WcsPlugInService - ok
22:55:00.0164 2848 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:55:00.0164 2848 Wd - ok
22:55:00.0180 2848 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:55:00.0196 2848 Wdf01000 - ok
22:55:00.0196 2848 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:55:00.0227 2848 WdiServiceHost - ok
22:55:00.0227 2848 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:55:00.0242 2848 WdiSystemHost - ok
22:55:00.0242 2848 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:55:00.0258 2848 WebClient - ok
22:55:00.0258 2848 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:55:00.0289 2848 Wecsvc - ok
22:55:00.0289 2848 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:55:00.0320 2848 wercplsupport - ok
22:55:00.0320 2848 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:55:00.0352 2848 WerSvc - ok
22:55:00.0352 2848 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:55:00.0383 2848 WfpLwf - ok
22:55:00.0383 2848 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:55:00.0398 2848 WIMMount - ok
22:55:00.0398 2848 WinDefend - ok
22:55:00.0398 2848 WinHttpAutoProxySvc - ok
22:55:00.0414 2848 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:55:00.0430 2848 Winmgmt - ok
22:55:00.0461 2848 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:55:00.0492 2848 WinRM - ok
22:55:00.0508 2848 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:55:00.0508 2848 WinUsb - ok
22:55:00.0523 2848 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:55:00.0539 2848 Wlansvc - ok
22:55:00.0554 2848 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:55:00.0586 2848 wlidsvc - ok
22:55:00.0601 2848 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:55:00.0601 2848 WmiAcpi - ok
22:55:00.0617 2848 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:55:00.0632 2848 wmiApSrv - ok
22:55:00.0632 2848 WMPNetworkSvc - ok
22:55:00.0632 2848 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:55:00.0648 2848 WPCSvc - ok
22:55:00.0648 2848 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:55:00.0664 2848 WPDBusEnum - ok
22:55:00.0664 2848 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:55:00.0695 2848 ws2ifsl - ok
22:55:00.0695 2848 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:55:00.0710 2848 wscsvc - ok
22:55:00.0726 2848 WSearch - ok
22:55:00.0757 2848 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:55:00.0788 2848 wuauserv - ok
22:55:00.0804 2848 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:55:00.0820 2848 WudfPf - ok
22:55:00.0835 2848 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:55:00.0851 2848 WUDFRd - ok
22:55:00.0866 2848 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:55:00.0882 2848 wudfsvc - ok
22:55:00.0898 2848 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:55:00.0913 2848 WwanSvc - ok
22:55:00.0913 2848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
22:55:00.0929 2848 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
22:55:00.0929 2848 \Device\Harddisk1\DR1 - detected TDSS File System (1)
22:55:00.0929 2848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:55:01.0366 2848 \Device\Harddisk0\DR0 - ok
22:55:01.0366 2848 Boot (0x1200) (1031041d60d19c8c865effc5219156cb) \Device\Harddisk1\DR1\Partition0
22:55:01.0366 2848 \Device\Harddisk1\DR1\Partition0 - ok
22:55:01.0366 2848 Boot (0x1200) (b14ba4db8d9a5f4d15836f58ccdd9fb2) \Device\Harddisk1\DR1\Partition1
22:55:01.0366 2848 \Device\Harddisk1\DR1\Partition1 - ok
22:55:01.0366 2848 Boot (0x1200) (a92fd92949324f438998a7e9444d8704) \Device\Harddisk0\DR0\Partition0
22:55:01.0381 2848 \Device\Harddisk0\DR0\Partition0 - ok
22:55:01.0381 2848 ============================================================
22:55:01.0381 2848 Scan finished
22:55:01.0381 2848 ============================================================
22:55:01.0381 5492 Detected object count: 1
22:55:01.0381 5492 Actual detected object count: 1
22:55:10.0850 5492 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
22:55:10.0850 5492 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
22:55:12.0660 0700 Deinitialize success


Kaspersky Virus Removal Tool from detected threats report
4/18/2012 10:47:57 PM Detected Trojan program Trojan.Win32.TDSS.irou C:\Documents and Settings\All Users\Microsoft\Windows\DRM\AAE3.tmp.dat High
4/18/2012 10:47:57 PM Detected Trojan program Trojan.Win32.TDSS.irov C:\Documents and Settings\All Users\Microsoft\Windows\DRM\AB14.tmp High
4/18/2012 10:59:38 PM Detected Trojan program Trojan.Win32.TDSS.irov C:\ProgramData\Microsoft\Windows\DRM\AB14.tmp High
4/18/2012 10:59:38 PM Detected Trojan program Trojan.Win32.TDSS.irou C:\ProgramData\Microsoft\Windows\DRM\AAE3.tmp.dat High
4/18/2012 11:00:03 PM Detected Trojan program Trojan.Win32.TDSS.irou C:\Users\All Users\Microsoft\Windows\DRM\AAE3.tmp.dat High
4/18/2012 11:00:03 PM Detected Trojan program Trojan.Win32.TDSS.irov C:\Users\All Users\Microsoft\Windows\DRM\AB14.tmp High

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 19 April 2012 - 08:04 PM

Hello,

Please run TdssKIller and select cure if it is not an option then select quarantine.


1.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

FILE::
C:\Documents and Settings\All Users\Microsoft\Windows\DRM\AAE3.tmp.dat
C:\Documents and Settings\All Users\Microsoft\Windows\DRM\AAE3.tmp
C:\Documents and Settings\All Users\Microsoft\Windows\DRM\AB14.tmp
C:\ProgramData\Microsoft\Windows\DRM\AB14.tmp
C:\ProgramData\Microsoft\Windows\DRM\AAE3.tmp.dat
C:\Users\All Users\Microsoft\Windows\DRM\AAE3.tmp
C:\ProgramData\Microsoft\Windows\DRM\AAE3.tmp
C:\Users\All Users\Microsoft\Windows\DRM\AAE3.tmp.dat
C:\Users\All Users\Microsoft\Windows\DRM\AB14.tmp

Folder::
c:\users\thebeast\AppData\Roaming\pdf995
c:\programdata\pdf995

DDS::
uInternet Settings,ProxyOverride = *.local

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Things to include in your next reply::
TDssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 adamfortwayne

adamfortwayne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 19 April 2012 - 08:28 PM

I did have to restart again due to the registry key. Other than that no change in the system. Then again I never really has a problem with performance. They only way I knew I had a virus was the virus scanner popping toast.

Thanks,
Adam

TDSSKiller
21:11:26.0105 5252 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
21:11:26.0121 5252 ============================================================
21:11:26.0121 5252 Current date / time: 2012/04/19 21:11:26.0121
21:11:26.0121 5252 SystemInfo:
21:11:26.0121 5252
21:11:26.0121 5252 OS Version: 6.1.7601 ServicePack: 1.0
21:11:26.0121 5252 Product type: Workstation
21:11:26.0121 5252 ComputerName: THEBEAST-PC
21:11:26.0121 5252 UserName: thebeast
21:11:26.0121 5252 Windows directory: C:\Windows
21:11:26.0121 5252 System windows directory: C:\Windows
21:11:26.0121 5252 Running under WOW64
21:11:26.0121 5252 Processor architecture: Intel x64
21:11:26.0121 5252 Number of processors: 8
21:11:26.0121 5252 Page size: 0x1000
21:11:26.0121 5252 Boot type: Normal boot
21:11:26.0121 5252 ============================================================
21:11:26.0261 5252 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
21:11:33.0203 5252 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:11:33.0313 5252 \Device\Harddisk1\DR1:
21:11:33.0313 5252 MBR partitions:
21:11:33.0313 5252 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:11:33.0313 5252 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
21:11:33.0313 5252 \Device\Harddisk0\DR0:
21:11:33.0328 5252 MBR partitions:
21:11:33.0328 5252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
21:11:33.0328 5252 C: <-> \Device\Harddisk1\DR1\Partition1
21:11:33.0344 5252 E: <-> \Device\Harddisk0\DR0\Partition0
21:11:33.0344 5252 Initialize success
21:11:33.0344 5252 ============================================================
21:11:39.0178 5384 ============================================================
21:11:39.0178 5384 Scan started
21:11:39.0178 5384 Mode: Manual; SigCheck; TDLFS;
21:11:39.0178 5384 ============================================================
21:11:39.0319 5384 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:11:39.0350 5384 1394ohci - ok
21:11:39.0365 5384 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:11:39.0381 5384 ACPI - ok
21:11:39.0381 5384 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:11:39.0397 5384 AcpiPmi - ok
21:11:39.0397 5384 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:11:39.0412 5384 AdobeFlashPlayerUpdateSvc - ok
21:11:39.0412 5384 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:11:39.0428 5384 adp94xx - ok
21:11:39.0428 5384 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:11:39.0443 5384 adpahci - ok
21:11:39.0443 5384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:11:39.0459 5384 adpu320 - ok
21:11:39.0459 5384 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:11:39.0490 5384 AeLookupSvc - ok
21:11:39.0490 5384 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:11:39.0506 5384 AFD - ok
21:11:39.0506 5384 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:11:39.0521 5384 agp440 - ok
21:11:39.0521 5384 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:11:39.0537 5384 ALG - ok
21:11:39.0537 5384 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:11:39.0553 5384 aliide - ok
21:11:39.0553 5384 ALSysIO - ok
21:11:39.0553 5384 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:11:39.0568 5384 amdide - ok
21:11:39.0568 5384 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:11:39.0584 5384 AmdK8 - ok
21:11:39.0584 5384 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:11:39.0599 5384 AmdPPM - ok
21:11:39.0599 5384 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:11:39.0599 5384 amdsata - ok
21:11:39.0615 5384 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:11:39.0615 5384 amdsbs - ok
21:11:39.0631 5384 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:11:39.0631 5384 amdxata - ok
21:11:39.0646 5384 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:11:39.0693 5384 AppID - ok
21:11:39.0693 5384 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:11:39.0709 5384 AppIDSvc - ok
21:11:39.0724 5384 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:11:39.0740 5384 Appinfo - ok
21:11:39.0740 5384 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:11:39.0755 5384 Apple Mobile Device - ok
21:11:39.0755 5384 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:11:39.0771 5384 AppMgmt - ok
21:11:39.0771 5384 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:11:39.0787 5384 arc - ok
21:11:39.0787 5384 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:11:39.0787 5384 arcsas - ok
21:11:39.0802 5384 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:11:39.0802 5384 aspnet_state - ok
21:11:39.0818 5384 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:11:39.0833 5384 AsyncMac - ok
21:11:39.0833 5384 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:11:39.0849 5384 atapi - ok
21:11:39.0849 5384 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:11:39.0880 5384 AudioEndpointBuilder - ok
21:11:39.0880 5384 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:11:39.0911 5384 AudioSrv - ok
21:11:39.0911 5384 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:11:39.0927 5384 AxInstSV - ok
21:11:39.0943 5384 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:11:39.0958 5384 b06bdrv - ok
21:11:39.0958 5384 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:11:39.0974 5384 b57nd60a - ok
21:11:39.0974 5384 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:11:39.0989 5384 BDESVC - ok
21:11:39.0989 5384 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:11:40.0005 5384 Beep - ok
21:11:40.0021 5384 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:11:40.0052 5384 BFE - ok
21:11:40.0052 5384 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:11:40.0083 5384 BITS - ok
21:11:40.0083 5384 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:11:40.0099 5384 blbdrive - ok
21:11:40.0099 5384 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:11:40.0114 5384 Bonjour Service - ok
21:11:40.0114 5384 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:11:40.0130 5384 bowser - ok
21:11:40.0130 5384 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:11:40.0145 5384 BrFiltLo - ok
21:11:40.0145 5384 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:11:40.0161 5384 BrFiltUp - ok
21:11:40.0161 5384 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:11:40.0192 5384 BridgeMP - ok
21:11:40.0192 5384 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:11:40.0208 5384 Browser - ok
21:11:40.0223 5384 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:11:40.0239 5384 Brserid - ok
21:11:40.0239 5384 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:11:40.0255 5384 BrSerWdm - ok
21:11:40.0255 5384 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:11:40.0255 5384 BrUsbMdm - ok
21:11:40.0270 5384 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:11:40.0270 5384 BrUsbSer - ok
21:11:40.0286 5384 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:11:40.0286 5384 BTHMODEM - ok
21:11:40.0301 5384 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:11:40.0317 5384 bthserv - ok
21:11:40.0317 5384 catchme - ok
21:11:40.0317 5384 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:11:40.0348 5384 cdfs - ok
21:11:40.0348 5384 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:11:40.0364 5384 cdrom - ok
21:11:40.0364 5384 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:11:40.0379 5384 CertPropSvc - ok
21:11:40.0395 5384 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:11:40.0395 5384 circlass - ok
21:11:40.0411 5384 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:11:40.0426 5384 CLFS - ok
21:11:40.0426 5384 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:11:40.0426 5384 clr_optimization_v2.0.50727_32 - ok
21:11:40.0426 5384 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:11:40.0442 5384 clr_optimization_v2.0.50727_64 - ok
21:11:40.0442 5384 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:11:40.0457 5384 clr_optimization_v4.0.30319_32 - ok
21:11:40.0457 5384 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:11:40.0457 5384 clr_optimization_v4.0.30319_64 - ok
21:11:40.0473 5384 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:11:40.0473 5384 CmBatt - ok
21:11:40.0489 5384 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:11:40.0489 5384 cmdide - ok
21:11:40.0504 5384 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:11:40.0520 5384 CNG - ok
21:11:40.0520 5384 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:11:40.0520 5384 Compbatt - ok
21:11:40.0535 5384 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:11:40.0535 5384 CompositeBus - ok
21:11:40.0551 5384 COMSysApp - ok
21:11:40.0551 5384 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:11:40.0567 5384 cphs - ok
21:11:40.0582 5384 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:11:40.0582 5384 cpuz135 - ok
21:11:40.0598 5384 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:11:40.0598 5384 crcdisk - ok
21:11:40.0598 5384 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:11:40.0629 5384 CryptSvc - ok
21:11:40.0629 5384 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:11:40.0645 5384 CSC - ok
21:11:40.0660 5384 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:11:40.0660 5384 CscService - ok
21:11:40.0676 5384 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:11:40.0691 5384 DcomLaunch - ok
21:11:40.0707 5384 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:11:40.0723 5384 defragsvc - ok
21:11:40.0738 5384 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:11:40.0754 5384 DfsC - ok
21:11:40.0769 5384 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:11:40.0785 5384 Dhcp - ok
21:11:40.0785 5384 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:11:40.0847 5384 discache - ok
21:11:40.0863 5384 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:11:40.0879 5384 Disk - ok
21:11:40.0879 5384 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:11:40.0894 5384 Dnscache - ok
21:11:40.0894 5384 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:11:40.0925 5384 dot3svc - ok
21:11:40.0925 5384 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:11:40.0941 5384 DPS - ok
21:11:40.0957 5384 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:11:40.0957 5384 drmkaud - ok
21:11:40.0972 5384 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:11:40.0988 5384 DXGKrnl - ok
21:11:40.0988 5384 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:11:41.0019 5384 EapHost - ok
21:11:41.0035 5384 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:11:41.0066 5384 ebdrv - ok
21:11:41.0066 5384 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:11:41.0081 5384 EFS - ok
21:11:41.0081 5384 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:11:41.0097 5384 ehRecvr - ok
21:11:41.0113 5384 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:11:41.0113 5384 ehSched - ok
21:11:41.0128 5384 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:11:41.0128 5384 elxstor - ok
21:11:41.0144 5384 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:11:41.0144 5384 ErrDev - ok
21:11:41.0159 5384 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:11:41.0175 5384 EventSystem - ok
21:11:41.0191 5384 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:11:41.0206 5384 exfat - ok
21:11:41.0222 5384 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:11:41.0237 5384 fastfat - ok
21:11:41.0253 5384 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:11:41.0253 5384 Fax - ok
21:11:41.0269 5384 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:11:41.0269 5384 fdc - ok
21:11:41.0284 5384 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:11:41.0300 5384 fdPHost - ok
21:11:41.0300 5384 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:11:41.0331 5384 FDResPub - ok
21:11:41.0331 5384 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:11:41.0331 5384 FileInfo - ok
21:11:41.0347 5384 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:11:41.0362 5384 Filetrace - ok
21:11:41.0362 5384 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:11:41.0378 5384 flpydisk - ok
21:11:41.0393 5384 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:11:41.0393 5384 FltMgr - ok
21:11:41.0409 5384 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:11:41.0425 5384 FontCache - ok
21:11:41.0425 5384 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:11:41.0425 5384 FontCache3.0.0.0 - ok
21:11:41.0440 5384 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:11:41.0440 5384 FsDepends - ok
21:11:41.0456 5384 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:11:41.0456 5384 Fs_Rec - ok
21:11:41.0471 5384 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:11:41.0471 5384 fvevol - ok
21:11:41.0487 5384 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:11:41.0487 5384 gagp30kx - ok
21:11:41.0487 5384 gdrv - ok
21:11:41.0503 5384 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:11:41.0503 5384 GEARAspiWDM - ok
21:11:41.0503 5384 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:11:41.0534 5384 gpsvc - ok
21:11:41.0534 5384 GPU-Z - ok
21:11:41.0549 5384 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
21:11:41.0549 5384 hcmon - ok
21:11:41.0565 5384 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:11:41.0565 5384 hcw85cir - ok
21:11:41.0581 5384 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:11:41.0581 5384 HdAudAddService - ok
21:11:41.0596 5384 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:11:41.0596 5384 HDAudBus - ok
21:11:41.0612 5384 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:11:41.0612 5384 HidBatt - ok
21:11:41.0627 5384 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:11:41.0627 5384 HidBth - ok
21:11:41.0643 5384 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:11:41.0643 5384 HidIr - ok
21:11:41.0659 5384 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:11:41.0674 5384 hidserv - ok
21:11:41.0674 5384 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:11:41.0690 5384 HidUsb - ok
21:11:41.0690 5384 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:11:41.0721 5384 hkmsvc - ok
21:11:41.0721 5384 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:11:41.0737 5384 HomeGroupListener - ok
21:11:41.0737 5384 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:11:41.0752 5384 HomeGroupProvider - ok
21:11:41.0752 5384 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:11:41.0752 5384 HpSAMD - ok
21:11:41.0768 5384 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:11:41.0799 5384 HTTP - ok
21:11:41.0799 5384 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:11:41.0799 5384 hwpolicy - ok
21:11:41.0815 5384 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:11:41.0815 5384 i8042prt - ok
21:11:41.0830 5384 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:11:41.0846 5384 iaStorV - ok
21:11:41.0846 5384 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:11:41.0861 5384 idsvc - ok
21:11:41.0971 5384 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:11:42.0080 5384 igfx - ok
21:11:42.0095 5384 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:11:42.0095 5384 iirsp - ok
21:11:42.0111 5384 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:11:42.0142 5384 IKEEXT - ok
21:11:42.0142 5384 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:11:42.0158 5384 intelide - ok
21:11:42.0158 5384 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:11:42.0158 5384 intelppm - ok
21:11:42.0173 5384 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:11:42.0189 5384 IPBusEnum - ok
21:11:42.0205 5384 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:42.0220 5384 IpFilterDriver - ok
21:11:42.0220 5384 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:11:42.0251 5384 iphlpsvc - ok
21:11:42.0251 5384 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:11:42.0267 5384 IPMIDRV - ok
21:11:42.0267 5384 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:11:42.0298 5384 IPNAT - ok
21:11:42.0298 5384 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:11:42.0314 5384 iPod Service - ok
21:11:42.0314 5384 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:11:42.0329 5384 IRENUM - ok
21:11:42.0329 5384 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:11:42.0345 5384 isapnp - ok
21:11:42.0345 5384 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:11:42.0361 5384 iScsiPrt - ok
21:11:42.0361 5384 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:11:42.0376 5384 kbdclass - ok
21:11:42.0376 5384 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:11:42.0392 5384 kbdhid - ok
21:11:42.0392 5384 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:42.0392 5384 KeyIso - ok
21:11:42.0407 5384 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:11:42.0407 5384 KSecDD - ok
21:11:42.0423 5384 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:11:42.0423 5384 KSecPkg - ok
21:11:42.0439 5384 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:11:42.0454 5384 ksthunk - ok
21:11:42.0454 5384 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:11:42.0485 5384 KtmRm - ok
21:11:42.0485 5384 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:11:42.0517 5384 LanmanServer - ok
21:11:42.0517 5384 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:11:42.0532 5384 LanmanWorkstation - ok
21:11:42.0548 5384 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:11:42.0563 5384 lltdio - ok
21:11:42.0579 5384 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:11:42.0595 5384 lltdsvc - ok
21:11:42.0610 5384 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:11:42.0626 5384 lmhosts - ok
21:11:42.0626 5384 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:42.0641 5384 LSI_FC - ok
21:11:42.0641 5384 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:42.0657 5384 LSI_SAS - ok
21:11:42.0657 5384 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:42.0657 5384 LSI_SAS2 - ok
21:11:42.0673 5384 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:42.0673 5384 LSI_SCSI - ok
21:11:42.0688 5384 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:11:42.0704 5384 luafv - ok
21:11:42.0719 5384 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
21:11:42.0719 5384 LVRS64 - ok
21:11:42.0766 5384 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:11:42.0813 5384 LVUVC64 - ok
21:11:42.0813 5384 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:11:42.0829 5384 Mcx2Svc - ok
21:11:42.0829 5384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:11:42.0844 5384 megasas - ok
21:11:42.0844 5384 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:42.0860 5384 MegaSR - ok
21:11:42.0860 5384 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:11:42.0860 5384 MEIx64 - ok
21:11:42.0875 5384 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:11:42.0891 5384 MMCSS - ok
21:11:42.0907 5384 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:11:42.0922 5384 Modem - ok
21:11:42.0922 5384 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:11:42.0938 5384 monitor - ok
21:11:42.0938 5384 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:11:42.0953 5384 mouclass - ok
21:11:42.0953 5384 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:11:42.0969 5384 mouhid - ok
21:11:42.0969 5384 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:11:42.0969 5384 mountmgr - ok
21:11:42.0985 5384 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:11:42.0985 5384 MpFilter - ok
21:11:43.0000 5384 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:11:43.0000 5384 mpio - ok
21:11:43.0016 5384 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:11:43.0016 5384 MpNWMon - ok
21:11:43.0016 5384 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:11:43.0047 5384 mpsdrv - ok
21:11:43.0047 5384 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:11:43.0078 5384 MpsSvc - ok
21:11:43.0094 5384 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:11:43.0094 5384 MRxDAV - ok
21:11:43.0109 5384 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:43.0109 5384 mrxsmb - ok
21:11:43.0125 5384 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:43.0125 5384 mrxsmb10 - ok
21:11:43.0141 5384 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:43.0141 5384 mrxsmb20 - ok
21:11:43.0156 5384 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:11:43.0156 5384 msahci - ok
21:11:43.0156 5384 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:11:43.0172 5384 msdsm - ok
21:11:43.0172 5384 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:11:43.0187 5384 MSDTC - ok
21:11:43.0187 5384 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:11:43.0219 5384 Msfs - ok
21:11:43.0219 5384 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:11:43.0234 5384 mshidkmdf - ok
21:11:43.0250 5384 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:11:43.0250 5384 msisadrv - ok
21:11:43.0265 5384 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:11:43.0281 5384 MSiSCSI - ok
21:11:43.0281 5384 msiserver - ok
21:11:43.0297 5384 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:11:43.0312 5384 MSKSSRV - ok
21:11:43.0312 5384 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:11:43.0328 5384 MsMpSvc - ok
21:11:43.0328 5384 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:43.0343 5384 MSPCLOCK - ok
21:11:43.0359 5384 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:11:43.0375 5384 MSPQM - ok
21:11:43.0375 5384 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:11:43.0390 5384 MsRPC - ok
21:11:43.0406 5384 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:11:43.0406 5384 mssmbios - ok
21:11:43.0406 5384 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:11:43.0437 5384 MSTEE - ok
21:11:43.0437 5384 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:43.0453 5384 MTConfig - ok
21:11:43.0453 5384 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:11:43.0453 5384 Mup - ok
21:11:43.0468 5384 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:11:43.0484 5384 napagent - ok
21:11:43.0499 5384 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:11:43.0515 5384 NativeWifiP - ok
21:11:43.0515 5384 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:11:43.0531 5384 NDIS - ok
21:11:43.0546 5384 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:43.0562 5384 NdisCap - ok
21:11:43.0562 5384 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:43.0593 5384 NdisTapi - ok
21:11:43.0593 5384 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:43.0609 5384 Ndisuio - ok
21:11:43.0624 5384 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:43.0640 5384 NdisWan - ok
21:11:43.0655 5384 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:11:43.0671 5384 NDProxy - ok
21:11:43.0671 5384 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:11:43.0702 5384 NetBIOS - ok
21:11:43.0702 5384 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:11:43.0718 5384 NetBT - ok
21:11:43.0733 5384 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:43.0733 5384 Netlogon - ok
21:11:43.0749 5384 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:11:43.0765 5384 Netman - ok
21:11:43.0780 5384 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:11:43.0780 5384 NetMsmqActivator - ok
21:11:43.0780 5384 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:11:43.0796 5384 NetPipeActivator - ok
21:11:43.0796 5384 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:11:43.0827 5384 netprofm - ok
21:11:43.0827 5384 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:11:43.0827 5384 NetTcpActivator - ok
21:11:43.0827 5384 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:11:43.0843 5384 NetTcpPortSharing - ok
21:11:43.0843 5384 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:43.0858 5384 nfrd960 - ok
21:11:43.0858 5384 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:11:43.0858 5384 NisDrv - ok
21:11:43.0874 5384 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
21:11:43.0874 5384 NisSrv - ok
21:11:43.0889 5384 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:11:43.0905 5384 NlaSvc - ok
21:11:43.0921 5384 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
21:11:43.0921 5384 NPF - ok
21:11:43.0936 5384 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:11:43.0952 5384 Npfs - ok
21:11:43.0952 5384 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:11:43.0983 5384 nsi - ok
21:11:43.0983 5384 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:11:43.0999 5384 nsiproxy - ok
21:11:44.0014 5384 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:11:44.0045 5384 Ntfs - ok
21:11:44.0045 5384 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:11:44.0077 5384 Null - ok
21:11:44.0077 5384 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
21:11:44.0092 5384 NVHDA - ok
21:11:44.0170 5384 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:11:44.0279 5384 nvlddmkm - ok
21:11:44.0295 5384 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:11:44.0311 5384 nvraid - ok
21:11:44.0311 5384 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:11:44.0311 5384 nvstor - ok
21:11:44.0326 5384 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
21:11:44.0342 5384 nvsvc - ok
21:11:44.0357 5384 nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:11:44.0389 5384 nvUpdatusService - ok
21:11:44.0389 5384 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:11:44.0404 5384 nv_agp - ok
21:11:44.0404 5384 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:11:44.0420 5384 odserv - ok
21:11:44.0420 5384 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:11:44.0435 5384 ohci1394 - ok
21:11:44.0435 5384 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:11:44.0435 5384 ose - ok
21:11:44.0451 5384 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:11:44.0451 5384 p2pimsvc - ok
21:11:44.0467 5384 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:11:44.0482 5384 p2psvc - ok
21:11:44.0482 5384 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:11:44.0498 5384 Parport - ok
21:11:44.0498 5384 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:11:44.0498 5384 partmgr - ok
21:11:44.0513 5384 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:11:44.0529 5384 PcaSvc - ok
21:11:44.0529 5384 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:11:44.0545 5384 pci - ok
21:11:44.0545 5384 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:11:44.0545 5384 pciide - ok
21:11:44.0560 5384 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:11:44.0560 5384 pcmcia - ok
21:11:44.0576 5384 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:11:44.0576 5384 pcw - ok
21:11:44.0591 5384 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:11:44.0607 5384 PEAUTH - ok
21:11:44.0623 5384 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:11:44.0638 5384 PeerDistSvc - ok
21:11:44.0654 5384 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:11:44.0654 5384 PerfHost - ok
21:11:44.0669 5384 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:11:44.0701 5384 pla - ok
21:11:44.0716 5384 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:11:44.0732 5384 PlugPlay - ok
21:11:44.0732 5384 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:11:44.0732 5384 PNRPAutoReg - ok
21:11:44.0747 5384 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:11:44.0763 5384 PNRPsvc - ok
21:11:44.0763 5384 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:11:44.0794 5384 PolicyAgent - ok
21:11:44.0794 5384 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:11:44.0810 5384 Power - ok
21:11:44.0825 5384 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:11:44.0841 5384 PptpMiniport - ok
21:11:44.0857 5384 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:11:44.0857 5384 Processor - ok
21:11:44.0857 5384 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:11:44.0888 5384 ProfSvc - ok
21:11:44.0888 5384 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:44.0903 5384 ProtectedStorage - ok
21:11:44.0903 5384 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:11:44.0919 5384 Psched - ok
21:11:44.0950 5384 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:11:44.0966 5384 ql2300 - ok
21:11:44.0966 5384 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:11:44.0981 5384 ql40xx - ok
21:11:44.0981 5384 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:11:44.0997 5384 QWAVE - ok
21:11:44.0997 5384 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:11:45.0013 5384 QWAVEdrv - ok
21:11:45.0013 5384 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:11:45.0044 5384 RasAcd - ok
21:11:45.0044 5384 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:11:45.0059 5384 RasAgileVpn - ok
21:11:45.0075 5384 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:11:45.0091 5384 RasAuto - ok
21:11:45.0106 5384 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:11:45.0122 5384 Rasl2tp - ok
21:11:45.0122 5384 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:11:45.0153 5384 RasMan - ok
21:11:45.0153 5384 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:11:45.0184 5384 RasPppoe - ok
21:11:45.0184 5384 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:11:45.0200 5384 RasSstp - ok
21:11:45.0215 5384 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:11:45.0231 5384 rdbss - ok
21:11:45.0247 5384 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:11:45.0247 5384 rdpbus - ok
21:11:45.0262 5384 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:11:45.0278 5384 RDPCDD - ok
21:11:45.0278 5384 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:11:45.0293 5384 RDPDR - ok
21:11:45.0293 5384 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:11:45.0325 5384 RDPENCDD - ok
21:11:45.0325 5384 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:11:45.0340 5384 RDPREFMP - ok
21:11:45.0356 5384 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:11:45.0371 5384 RDPWD - ok
21:11:45.0371 5384 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:11:45.0387 5384 rdyboost - ok
21:11:45.0387 5384 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:11:45.0403 5384 RemoteAccess - ok
21:11:45.0418 5384 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:11:45.0434 5384 RemoteRegistry - ok
21:11:45.0434 5384 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
21:11:45.0449 5384 rpcapd - ok
21:11:45.0449 5384 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:11:45.0481 5384 RpcEptMapper - ok
21:11:45.0481 5384 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:11:45.0496 5384 RpcLocator - ok
21:11:45.0496 5384 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:11:45.0527 5384 RpcSs - ok
21:11:45.0527 5384 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:11:45.0543 5384 rspndr - ok
21:11:45.0559 5384 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:11:45.0574 5384 RTL8167 - ok
21:11:45.0574 5384 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:11:45.0574 5384 s3cap - ok
21:11:45.0590 5384 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:45.0590 5384 SamSs - ok
21:11:45.0605 5384 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:11:45.0605 5384 sbp2port - ok
21:11:45.0621 5384 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:11:45.0637 5384 SCardSvr - ok
21:11:45.0637 5384 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:11:45.0668 5384 scfilter - ok
21:11:45.0668 5384 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:11:45.0699 5384 Schedule - ok
21:11:45.0715 5384 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:11:45.0730 5384 SCPolicySvc - ok
21:11:45.0730 5384 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:11:45.0746 5384 SDRSVC - ok
21:11:45.0746 5384 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:11:45.0761 5384 secdrv - ok
21:11:45.0777 5384 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:11:45.0793 5384 seclogon - ok
21:11:45.0808 5384 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:11:45.0824 5384 SENS - ok
21:11:45.0824 5384 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:11:45.0839 5384 SensrSvc - ok
21:11:45.0839 5384 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:11:45.0855 5384 Serenum - ok
21:11:45.0855 5384 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:11:45.0871 5384 Serial - ok
21:11:45.0871 5384 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:11:45.0871 5384 sermouse - ok
21:11:45.0886 5384 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:11:45.0902 5384 SessionEnv - ok
21:11:45.0917 5384 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:11:45.0917 5384 sffdisk - ok
21:11:45.0933 5384 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:11:45.0933 5384 sffp_mmc - ok
21:11:45.0933 5384 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:11:45.0949 5384 sffp_sd - ok
21:11:45.0949 5384 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:11:45.0964 5384 sfloppy - ok
21:11:45.0964 5384 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:11:45.0995 5384 SharedAccess - ok
21:11:45.0995 5384 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:11:46.0027 5384 ShellHWDetection - ok
21:11:46.0027 5384 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:11:46.0042 5384 SiSRaid2 - ok
21:11:46.0042 5384 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:11:46.0042 5384 SiSRaid4 - ok
21:11:46.0058 5384 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:11:46.0058 5384 SkypeUpdate - ok
21:11:46.0073 5384 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:11:46.0089 5384 Smb - ok
21:11:46.0089 5384 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:11:46.0105 5384 SNMPTRAP - ok
21:11:46.0105 5384 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:11:46.0120 5384 spldr - ok
21:11:46.0120 5384 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:11:46.0151 5384 Spooler - ok
21:11:46.0183 5384 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:11:46.0214 5384 sppsvc - ok
21:11:46.0229 5384 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:11:46.0245 5384 sppuinotify - ok
21:11:46.0261 5384 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:11:46.0261 5384 srv - ok
21:11:46.0276 5384 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:11:46.0292 5384 srv2 - ok
21:11:46.0292 5384 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:11:46.0307 5384 srvnet - ok
21:11:46.0307 5384 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:11:46.0323 5384 SSDPSRV - ok
21:11:46.0339 5384 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:11:46.0354 5384 SstpSvc - ok
21:11:46.0354 5384 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:11:46.0370 5384 Stereo Service - ok
21:11:46.0385 5384 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:11:46.0385 5384 stexstor - ok
21:11:46.0401 5384 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:11:46.0417 5384 stisvc - ok
21:11:46.0417 5384 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:11:46.0417 5384 storflt - ok
21:11:46.0432 5384 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
21:11:46.0432 5384 StorSvc - ok
21:11:46.0448 5384 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:11:46.0448 5384 storvsc - ok
21:11:46.0463 5384 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:11:46.0463 5384 swenum - ok
21:11:46.0463 5384 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:11:46.0510 5384 swprv - ok
21:11:46.0526 5384 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:11:46.0557 5384 SysMain - ok
21:11:46.0557 5384 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:11:46.0573 5384 TabletInputService - ok
21:11:46.0588 5384 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:11:46.0604 5384 TapiSrv - ok
21:11:46.0604 5384 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:11:46.0635 5384 TBS - ok
21:11:46.0651 5384 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:11:46.0682 5384 Tcpip - ok
21:11:46.0697 5384 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:11:46.0713 5384 TCPIP6 - ok
21:11:46.0729 5384 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:11:46.0744 5384 tcpipreg - ok
21:11:46.0744 5384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:11:46.0760 5384 TDPIPE - ok
21:11:46.0760 5384 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:11:46.0775 5384 TDTCP - ok
21:11:46.0775 5384 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:11:46.0807 5384 tdx - ok
21:11:46.0807 5384 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:11:46.0807 5384 TermDD - ok
21:11:46.0822 5384 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:11:46.0853 5384 TermService - ok
21:11:46.0853 5384 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:11:46.0869 5384 Themes - ok
21:11:46.0869 5384 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:11:46.0885 5384 THREADORDER - ok
21:11:46.0900 5384 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:11:46.0916 5384 TrkWks - ok
21:11:46.0931 5384 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
21:11:46.0931 5384 truecrypt - ok
21:11:46.0947 5384 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:11:46.0963 5384 TrustedInstaller - ok
21:11:46.0963 5384 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:11:46.0994 5384 tssecsrv - ok
21:11:46.0994 5384 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:11:47.0009 5384 TsUsbFlt - ok
21:11:47.0009 5384 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:11:47.0025 5384 tunnel - ok
21:11:47.0041 5384 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:11:47.0041 5384 uagp35 - ok
21:11:47.0056 5384 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:11:47.0072 5384 udfs - ok
21:11:47.0087 5384 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:11:47.0087 5384 UI0Detect - ok
21:11:47.0103 5384 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:11:47.0103 5384 uliagpkx - ok
21:11:47.0119 5384 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:11:47.0119 5384 umbus - ok
21:11:47.0119 5384 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:11:47.0134 5384 UmPass - ok
21:11:47.0134 5384 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:11:47.0150 5384 UmRdpService - ok
21:11:47.0150 5384 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:11:47.0165 5384 UMVPFSrv - ok
21:11:47.0181 5384 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:11:47.0197 5384 upnphost - ok
21:11:47.0197 5384 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:11:47.0212 5384 USBAAPL64 - ok
21:11:47.0212 5384 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:11:47.0228 5384 usbaudio - ok
21:11:47.0228 5384 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:11:47.0243 5384 usbccgp - ok
21:11:47.0243 5384 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:11:47.0259 5384 usbcir - ok
21:11:47.0259 5384 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:11:47.0275 5384 usbehci - ok
21:11:47.0275 5384 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:11:47.0290 5384 usbhub - ok
21:11:47.0290 5384 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:11:47.0306 5384 usbohci - ok
21:11:47.0306 5384 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:11:47.0321 5384 usbprint - ok
21:11:47.0321 5384 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:11:47.0337 5384 usbscan - ok
21:11:47.0337 5384 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:11:47.0353 5384 USBSTOR - ok
21:11:47.0353 5384 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:11:47.0368 5384 usbuhci - ok
21:11:47.0368 5384 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:11:47.0384 5384 usbvideo - ok
21:11:47.0384 5384 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:11:47.0399 5384 UxSms - ok
21:11:47.0415 5384 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:47.0415 5384 VaultSvc - ok
21:11:47.0431 5384 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:11:47.0431 5384 vdrvroot - ok
21:11:47.0446 5384 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:11:47.0462 5384 vds - ok
21:11:47.0477 5384 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:11:47.0477 5384 vga - ok
21:11:47.0493 5384 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:11:47.0509 5384 VgaSave - ok
21:11:47.0524 5384 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:11:47.0524 5384 vhdmp - ok
21:11:47.0540 5384 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:11:47.0540 5384 viaide - ok
21:11:47.0540 5384 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:11:47.0555 5384 vmbus - ok
21:11:47.0555 5384 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:11:47.0571 5384 VMBusHID - ok
21:11:47.0571 5384 VMnetAdapter - ok
21:11:47.0587 5384 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
21:11:47.0602 5384 VMUSBArbService - ok
21:11:47.0602 5384 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:11:47.0618 5384 volmgr - ok
21:11:47.0618 5384 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:11:47.0633 5384 volmgrx - ok
21:11:47.0633 5384 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:11:47.0649 5384 volsnap - ok
21:11:47.0649 5384 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:11:47.0665 5384 vsmraid - ok
21:11:47.0680 5384 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:11:47.0711 5384 VSS - ok
21:11:47.0711 5384 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:11:47.0727 5384 vwifibus - ok
21:11:47.0727 5384 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:11:47.0758 5384 W32Time - ok
21:11:47.0758 5384 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:11:47.0774 5384 WacomPen - ok
21:11:47.0774 5384 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:47.0805 5384 WANARP - ok
21:11:47.0805 5384 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:47.0821 5384 Wanarpv6 - ok
21:11:47.0836 5384 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:11:47.0852 5384 WatAdminSvc - ok
21:11:47.0867 5384 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:11:47.0883 5384 wbengine - ok
21:11:47.0899 5384 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:11:47.0899 5384 WbioSrvc - ok
21:11:47.0914 5384 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:11:47.0930 5384 wcncsvc - ok
21:11:47.0930 5384 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:11:47.0945 5384 WcsPlugInService - ok
21:11:47.0945 5384 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:11:47.0961 5384 Wd - ok
21:11:47.0961 5384 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:11:47.0977 5384 Wdf01000 - ok
21:11:47.0977 5384 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:11:48.0008 5384 WdiServiceHost - ok
21:11:48.0008 5384 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:11:48.0008 5384 WdiSystemHost - ok
21:11:48.0023 5384 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:11:48.0039 5384 WebClient - ok
21:11:48.0039 5384 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:11:48.0070 5384 Wecsvc - ok
21:11:48.0070 5384 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:11:48.0086 5384 wercplsupport - ok
21:11:48.0101 5384 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:11:48.0117 5384 WerSvc - ok
21:11:48.0133 5384 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:11:48.0148 5384 WfpLwf - ok
21:11:48.0148 5384 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:11:48.0164 5384 WIMMount - ok
21:11:48.0164 5384 WinDefend - ok
21:11:48.0164 5384 WinHttpAutoProxySvc - ok
21:11:48.0179 5384 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:11:48.0195 5384 Winmgmt - ok
21:11:48.0211 5384 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:11:48.0257 5384 WinRM - ok
21:11:48.0257 5384 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:11:48.0273 5384 WinUsb - ok
21:11:48.0273 5384 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:11:48.0304 5384 Wlansvc - ok
21:11:48.0320 5384 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:11:48.0335 5384 wlidsvc - ok
21:11:48.0351 5384 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:11:48.0351 5384 WmiAcpi - ok
21:11:48.0367 5384 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:11:48.0367 5384 wmiApSrv - ok
21:11:48.0382 5384 WMPNetworkSvc - ok
21:11:48.0382 5384 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:11:48.0382 5384 WPCSvc - ok
21:11:48.0398 5384 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:11:48.0413 5384 WPDBusEnum - ok
21:11:48.0413 5384 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:11:48.0429 5384 ws2ifsl - ok
21:11:48.0445 5384 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:11:48.0445 5384 wscsvc - ok
21:11:48.0460 5384 WSearch - ok
21:11:48.0491 5384 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:11:48.0523 5384 wuauserv - ok
21:11:48.0523 5384 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:11:48.0554 5384 WudfPf - ok
21:11:48.0554 5384 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:11:48.0569 5384 WUDFRd - ok
21:11:48.0585 5384 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:11:48.0601 5384 wudfsvc - ok
21:11:48.0601 5384 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:11:48.0616 5384 WwanSvc - ok
21:11:48.0616 5384 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:11:48.0632 5384 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
21:11:48.0632 5384 \Device\Harddisk1\DR1 - detected TDSS File System (1)
21:11:48.0632 5384 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:11:49.0069 5384 \Device\Harddisk0\DR0 - ok
21:11:49.0069 5384 Boot (0x1200) (1031041d60d19c8c865effc5219156cb) \Device\Harddisk1\DR1\Partition0
21:11:49.0069 5384 \Device\Harddisk1\DR1\Partition0 - ok
21:11:49.0084 5384 Boot (0x1200) (b14ba4db8d9a5f4d15836f58ccdd9fb2) \Device\Harddisk1\DR1\Partition1
21:11:49.0084 5384 \Device\Harddisk1\DR1\Partition1 - ok
21:11:49.0084 5384 Boot (0x1200) (a92fd92949324f438998a7e9444d8704) \Device\Harddisk0\DR0\Partition0
21:11:49.0084 5384 \Device\Harddisk0\DR0\Partition0 - ok
21:11:49.0084 5384 ============================================================
21:11:49.0084 5384 Scan finished
21:11:49.0084 5384 ============================================================
21:11:49.0084 5236 Detected object count: 1
21:11:49.0084 5236 Actual detected object count: 1
21:11:52.0922 5236 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
21:11:52.0922 5236 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
21:11:52.0922 5236 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
21:11:52.0922 5236 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
21:11:52.0922 5236 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
21:11:52.0937 5236 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
21:11:52.0937 5236 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
21:11:52.0937 5236 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
21:11:52.0937 5236 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
21:11:52.0937 5236 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
21:11:52.0937 5236 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
21:11:52.0937 5236 \Device\Harddisk1\DR1\TDLFS\u - copied to quarantine
21:11:52.0937 5236 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Quarantine
21:11:55.0886 5960 Deinitialize success

Combofix.txt
ComboFix 12-04-18.02 - thebeast 04/19/2012 21:18:13.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8109.6584 [GMT -4:00]
Running from: c:\users\thebeast\Desktop\ComboFix.exe
Command switches used :: c:\users\thebeast\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\documents and settings\All Users\Microsoft\Windows\DRM\AAE3.tmp"
"c:\documents and settings\All Users\Microsoft\Windows\DRM\AAE3.tmp.dat"
"c:\documents and settings\All Users\Microsoft\Windows\DRM\AB14.tmp"
"c:\programdata\Microsoft\Windows\DRM\AAE3.tmp"
"c:\programdata\Microsoft\Windows\DRM\AAE3.tmp.dat"
"c:\programdata\Microsoft\Windows\DRM\AB14.tmp"
"c:\users\All Users\Microsoft\Windows\DRM\AAE3.tmp"
"c:\users\All Users\Microsoft\Windows\DRM\AAE3.tmp.dat"
"c:\users\All Users\Microsoft\Windows\DRM\AB14.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\AAE3.tmp.dat
c:\programdata\Microsoft\Windows\DRM\AB14.tmp
c:\programdata\pdf995
c:\programdata\pdf995\pdfsync.ini
c:\programdata\pdf995\queue.ini
c:\users\All Users\Microsoft\Windows\DRM\AAE3.tmp.dat
c:\users\All Users\Microsoft\Windows\DRM\AB14.tmp
c:\users\thebeast\AppData\Roaming\pdf995
c:\users\thebeast\AppData\Roaming\pdf995\pdf995server.ini
c:\users\thebeast\AppData\Roaming\pdf995\res\pdf995.ini
c:\users\thebeast\AppData\Roaming\pdf995\temp.ps
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 01:21 . 2012-04-20 01:21 -------- d-----w- c:\programdata\pdf995
2012-04-20 01:20 . 2012-04-20 01:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-20 01:20 . 2012-04-20 01:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 01:11 . 2012-04-20 01:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-19 02:35 . 2012-04-19 02:35 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-18 23:22 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81976F96-6C85-421A-ACAA-AB54A7B055DB}\mpengine.dll
2012-04-17 22:48 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-17 22:48 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-17 22:48 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-17 22:48 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-17 22:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-17 22:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-17 22:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-17 22:47 . 2012-04-17 23:09 -------- d-----w- c:\users\thebeast\Eye Track Shop
2012-04-17 12:27 . 2012-04-17 12:27 -------- d-----w- c:\users\thebeast\AppData\Roaming\Malwarebytes
2012-04-17 12:27 . 2012-04-17 12:27 -------- d-----w- c:\programdata\Malwarebytes
2012-04-17 12:27 . 2012-04-17 12:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-17 12:27 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 12:00 . 2012-04-12 12:00 -------- d-----w- c:\programdata\Gibraltar
2012-04-12 11:52 . 2012-04-12 11:52 -------- d-----w- c:\users\thebeast\AppData\Roaming\Stardock
2012-04-12 11:52 . 2012-04-12 11:52 -------- d-----w- c:\users\thebeast\AppData\Local\PackageAware
2012-04-12 11:25 . 2012-04-12 11:25 -------- d-----w- c:\users\thebeast\AppData\Roaming\SmartFTP
2012-04-12 11:25 . 2012-04-12 11:25 -------- d-----w- c:\program files\SmartFTP Client
2012-04-12 11:25 . 2012-04-12 11:25 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2012-04-09 21:51 . 2012-04-20 01:13 -------- d-----w- c:\users\thebeast\AppData\Roaming\Skype
2012-04-09 21:50 . 2012-04-09 21:50 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-09 21:50 . 2012-04-09 21:51 -------- d-----r- c:\program files (x86)\Skype
2012-04-09 21:50 . 2012-04-09 21:50 -------- d-----w- c:\programdata\Skype
2012-04-09 00:11 . 2012-04-10 00:11 -------- d-----w- c:\users\thebeast\AppData\Local\Google
2012-04-09 00:10 . 2012-04-14 07:10 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 00:04 . 2012-04-09 00:04 -------- d-----w- c:\program files\iPod
2012-04-09 00:04 . 2012-04-09 00:04 -------- d-----w- c:\program files\iTunes
2012-04-09 00:04 . 2012-04-09 00:04 -------- d-----w- c:\program files (x86)\iTunes
2012-04-09 00:03 . 2012-04-14 07:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 11:46 . 2007-08-24 16:13 142 ----a-w- c:\windows\wpd99.drv
2012-04-04 11:46 . 2007-03-26 13:16 314368 ----a-w- c:\windows\system32\pdfmona64.dll
2012-04-04 11:46 . 2006-10-20 01:44 47616 ----a-w- c:\windows\system32\pdf995mon64.dll
2012-04-04 11:46 . 2005-06-30 19:29 11264 ----a-w- c:\windows\system32\pdf995mon64ui.dll
2012-04-04 11:46 . 2012-04-04 11:46 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
2012-04-04 11:46 . 2010-11-20 12:19 202752 ----a-w- c:\windows\SysWow64\wbem\framedyn.dll
2012-04-01 23:50 . 2012-04-17 12:32 -------- d-----w- c:\users\thebeast\AppData\Roaming\FAHClient
2012-04-01 23:50 . 2012-04-01 23:50 -------- d-----w- c:\program files (x86)\FAHClient
2012-03-23 10:39 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-23 10:39 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 10:39 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-23 01:44 . 2012-03-23 01:45 -------- d-----w- c:\users\thebeast\AppData\Roaming\DeepBurner
2012-03-23 01:42 . 2012-03-23 01:42 -------- d-----w- c:\program files (x86)\Astonsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 07:10 . 2011-11-15 02:41 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2011-11-17 21:50 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-24 06:09 . 2012-02-24 06:09 252016 ------w- c:\windows\SysWow64\vmnc.dll
2012-02-18 22:24 . 2012-02-18 22:24 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-02-18 22:24 . 2011-11-12 01:33 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-13 23:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 23:55 . 2012-02-14 23:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 23:55 . 2012-02-14 23:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 23:55 . 2012-02-14 23:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 23:55 . 2012-02-14 23:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 23:55 . 2012-02-14 23:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 23:55 . 2012-02-14 23:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 23:55 . 2012-02-14 23:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 23:55 . 2012-02-14 23:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 23:53 . 2012-02-14 23:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 23:47 . 2012-02-14 23:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 23:47 . 2012-02-14 23:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 23:47 . 2012-02-14 23:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 23:47 . 2012-02-14 23:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 23:47 . 2012-02-14 23:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 23:44 . 2012-02-14 23:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 23:44 . 2012-02-14 23:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 23:42 . 2012-02-14 23:42 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 23:35 . 2012-02-14 23:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 23:07 . 2012-02-14 23:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 22:59 . 2012-02-14 22:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 22:57 . 2012-02-14 22:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 22:57 . 2012-02-14 22:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 22:57 . 2012-02-14 22:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 22:57 . 2012-02-14 22:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 22:57 . 2012-02-14 22:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 22:57 . 2012-02-14 22:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 22:57 . 2012-02-14 22:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 22:57 . 2012-02-14 22:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 22:57 . 2012-02-14 22:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 22:57 . 2012-02-14 22:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 22:57 . 2012-02-14 22:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 22:57 . 2012-02-14 22:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 22:57 . 2012-02-14 22:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 22:57 . 2012-02-14 22:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 22:57 . 2012-02-14 22:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 22:57 . 2012-02-14 22:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 22:57 . 2012-02-14 22:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 22:57 . 2011-09-01 00:21 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 22:56 . 2011-09-01 00:20 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 22:56 . 2012-02-14 22:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 22:56 . 2012-02-14 22:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 22:56 . 2012-02-14 22:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 22:56 . 2012-02-14 22:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 22:56 . 2012-02-14 22:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 22:56 . 2012-02-14 22:56 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 22:55 . 2012-02-14 22:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 22:54 . 2012-02-14 22:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 22:53 . 2012-02-14 22:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 22:53 . 2012-02-14 22:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 22:53 . 2012-02-14 22:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 22:53 . 2012-02-14 22:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 22:53 . 2012-02-14 22:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 22:53 . 2012-02-14 22:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 22:53 . 2012-02-14 22:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 22:53 . 2012-02-14 22:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-10 15:41 . 2012-02-10 15:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF5D1977-6FD4-4981-BC62-F4FFD759DA68}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 23:05 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:05 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 23:05 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-11-12 01:34 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 12:25 . 2012-01-25 12:25 230864 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-25 06:38 . 2012-03-13 23:03 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 23:03 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 23:03 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2011-11-18 17:45 . 2011-11-18 17:45 13844000 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-18_23.11.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-17 21:52 . 2012-04-20 01:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-04-17 21:52 . 2012-04-18 23:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-04-20 01:14 . 2012-04-20 01:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012041920120420\index.dat
+ 2012-04-18 23:03 . 2012-04-19 02:31 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012041820120419\index.dat
+ 2012-04-17 21:52 . 2012-04-20 01:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-04-17 21:52 . 2012-04-18 23:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-11-12 02:03 . 2012-04-20 01:14 39198 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-20 01:14 28120 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-18 23:32 . 2012-04-18 23:32 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\987ad3f7a65b6f4671af5b4652ddf4d0\System.Web.DynamicData.Design.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\e7efc73c52a5aeaf1fc83470ed455f4f\System.Web.DynamicData.Design.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\66b5c693a8aa660276216d7a521da5e2\System.Web.DynamicData.Design.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1371ed674fc04f510cb41524e2d4322d\System.Web.DynamicData.Design.ni.dll
+ 2011-11-12 01:18 . 2012-04-20 01:14 4342 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-749022163-3579841242-3610539435-1000_UserData.bin
+ 2012-04-20 01:21 . 2012-04-20 01:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-18 23:11 . 2012-04-18 23:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-17 11:20 . 2012-04-18 23:07 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-17 11:20 . 2012-04-20 01:17 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-20 01:17 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-04-18 23:06 664890 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-20 01:17 664890 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-18 23:06 123244 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-20 01:17 123244 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-20 01:20 320148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-18 23:10 320148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-18 23:33 . 2012-04-18 23:33 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\3893bfa343bfd255531a743ffa660722\WindowsFormsIntegration.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 244736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\3baa7121b73af962dc8cd7dd95235a0c\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\24054b418b6bd8b575b4561d2a0090e3\System.Web.Entity.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\ec94932881ce0b6abc0c91433a6b69f0\System.Web.Entity.Design.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\84b0d19714fbc794a1d639706cc60843\System.Web.DynamicData.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 331776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\215f6508fa8f0fd1613c0cbfb7646d98\System.Web.DataVisualization.Design.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a38a67bfd6245b2f72eb918a57d37bcd\System.ServiceProcess.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\cdf11c8e0679ce7ff91dc37c6e1b5545\System.Messaging.ni.dll
+ 2012-04-18 23:26 . 2012-04-18 23:26 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\cb799cb414d94fdd0d6d0e73fb0c7032\System.Drawing.Design.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b6c591378ae5158071d63be3fb88ef37\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ebd99d5801192b27f605630e2665db37\WindowsFormsIntegration.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\76a205e2eeeafe760194d69c2513c1aa\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\ccc79ac02cc9747798c7cc689e90899e\System.Web.Extensions.Design.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\95b92fa75d2427a7cb496fddb3f394da\System.Web.Entity.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\504b4901d1f1039264d31d77fcd6e3f2\System.Web.Entity.Design.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\5283aa252d0efa81f23d2823615dd31b\System.Web.DynamicData.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\a6fbeebf631e147104fbde01bcc6602c\System.Web.DataVisualization.Design.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\621d2aae96fd06f9ccf66d335d7f1232\System.Messaging.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09237903b1f9e5c7a69a4995d85eaa35\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\2965fcd151e21543887df9006519ed58\AspNetMMCExt.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\718e8186ee8de8555888be444b86d443\WindowsFormsIntegration.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\6138a7bf63fa559ffe856b586e369ba2\TaskScheduler.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\01e6d953aaaada7216112df9e0f39c11\System.Web.Routing.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\32b4d44198ecd16ca5deb1024642313f\System.Web.Entity.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\9d7b9e05e5bc7eab07de61a8dd70757a\System.Web.Entity.Design.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\e59cbe4ccb29922c44bf66d3ae044b32\System.Web.DynamicData.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\cb674da808088671f0633d46d1dade03\System.Web.Abstractions.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\c5bef7173a92e1a66e3f7a34eeed891f\System.Messaging.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\7edcdb58fc8106cf1e2361f3482b368d\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\cc4082d64c96ff7569aa540b2bfb4e4e\napsnap.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\30d62e0be22cd4569141c32f8650773b\napinit.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\0da2c8a454593084e0215266b5572bf0\MMCFxCommon.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 937472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\762b104fb41272b94fbd442ee2ef97e2\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ecaf4199c3937827b85be8e8ac36de2b\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dd963b1ac45ad4d484855d9853747bd\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\fe924ef08b715e71e410270c60cc372c\Microsoft.ManagementConsole.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\668798ebaebb3baa6a152d86e3e03364\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\cb23b761d394d3db188d2d710459217e\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\607e206ef66533feecd6a3786ad55560\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\857d04eadbf226277488bfabfda2a01d\mcplayerinterop.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\7a2e04f455b793a14e9d1df5fdd93bf7\mcGlidHostObj.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\56c25b27b777af0b93999261cfeec0cd\EventViewer.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\2c9f3eaa3e79d491c1e29ab58fdcc54a\ehExtHost.ni.exe
+ 2012-04-18 23:22 . 2012-04-18 23:22 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\688abb339fb8301c37b0889a0d01dfa3\WindowsFormsIntegration.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\97d8bd8f21969a91b7c5171031250d1e\TaskScheduler.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\f2683c74e1eb7d1fb3572f00a42857ab\System.Web.Routing.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\47e3f7fa0b07e85e269f2e152e0e5e29\System.Web.Extensions.Design.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\3595f5769afb7d38aa5a05abef97364c\System.Web.Entity.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7485eeab1b46532b35d7ab5814a43a30\System.Web.Entity.Design.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1ee65b96cfd2542360a8acf7322bc023\System.Web.DynamicData.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\cd387bc437e28bfa06d5e7308058b862\System.Web.Abstractions.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\69b1de7425d09eb9fe42f81882d2896e\System.Messaging.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\b7a94173e0bedb89545cbfa23e71b8e0\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2ffec892832457d3530d59a9da07324c\napsnap.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\1167a79ab309e2a4e6da2bd2dbea01a6\napinit.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\c83df01d683dbeb36be10218cc50ff03\MMCFxCommon.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\db99af884a053f153e7fc72fa3607710\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\68842b507f3ad7fa603bf57c813c6a0c\Microsoft.ManagementConsole.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\eff4e9083f7ff25c18f52542f9a1e596\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\b872774c6d7f49712c7b7cdd71f3204b\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 587776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\06f1bc0c2fa665d1d48597c77a5fee55\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\4e2b9e7e956dcee6a9721b57c8ccde60\EventViewer.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\380a1283ad9a74eb337feb276453a87f\ehExtHost32.ni.exe
+ 2009-07-14 04:54 . 2012-04-20 01:17 3145728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-20 01:17 9076736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-17 22:51 . 2012-04-18 23:10 1873064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-04-17 22:51 . 2012-04-20 01:20 1873064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-04-18 23:24 . 2012-04-18 23:24 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\fb00cd7183b28470878a3b5687929a56\WindowsBase.ni.dll
+ 2012-04-18 23:33 . 2012-04-18 23:33 1602560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\ba60dbd16ea036209a8601449b0a4cc1\System.WorkflowServices.ni.dll
+ 2012-04-18 23:33 . 2012-04-18 23:33 5922304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\4f35e62df9517229ed11972a4561387f\System.Workflow.ComponentModel.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 3744768 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\b9e2ffb187489a72bf92f054967824f2\System.Workflow.Activities.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\80de3f9f56bed3e05ba97741905abddb\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 2964992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\2e491e13b4858e33488246db1f95c678\System.Web.Mobile.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\5d29b4be05d79291f850ba4dd3cbdd78\System.Web.Extensions.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 1101312 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\51286ccbca7acb595da250f5de095a04\System.Web.Extensions.Design.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 5618688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\ac4541a6eb47813c114a01bbc7572977\System.Web.DataVisualization.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\21c096f214db354198e2664473875f06\System.Printing.ni.dll
+ 2012-04-18 23:25 . 2012-04-18 23:25 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\9bcabb321026ee927401cbba73dff054\System.Drawing.ni.dll
+ 2012-04-18 23:26 . 2012-04-18 23:26 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\90ec5a09a2329a45554d79e0fd9fbbee\System.Deployment.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\45d4a9fa235f5658f8c9b89f6a4f691f\System.Activities.Presentation.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8ad595c3d0668d10777d8ce28b88cc7c\ReachFramework.ni.dll
+ 2012-04-18 23:25 . 2012-04-18 23:25 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\cb31bfb24a52f83cf826c00979827ba6\PresentationUI.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6845c178054282fe6476fdfb0e9a9e6a\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5281ac494089700d1c72c16478ab3363\Microsoft.VisualBasic.ni.dll
+ 2012-04-18 23:32 . 2012-04-18 23:32 3820544 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\9f1c45888c7f1f15d04f30c9437f8bf2\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\becc41859bd5d01b57cacff13fd51787\AspNetMMCExt.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 1226752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\abfe51993df8d3de6f000297de7ead9d\System.WorkflowServices.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 4476416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\03a20bf18f39c7d1a98769c6bcb46830\System.Workflow.ComponentModel.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\533c90d6e55e0529feb68df7f0dad47b\System.Workflow.Activities.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\acae13e8725a0a5da6dcda3e309cb9d2\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\cfd26c0116fafc3f71408fb255ff824a\System.Web.Mobile.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\d526d6e7d41aa2a5b3e5871cdb6597f1\System.Web.Extensions.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 4575232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\ff3ad02fb7f572ec84afc681fda661fc\System.Web.DataVisualization.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\7175344bfab919484674d37de776a82f\System.Printing.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f4311e621d2bbf4de0d32bae765b1484\System.Activities.Presentation.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f4ab7bc19b981163de613143a1e1c997\ReachFramework.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3e896ba1c3cc8d62c267508dccd7aa5a\PresentationUI.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7511c9da502ed9c4e630a902d462cdef\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\98d8d80f4b2d74cb4c5dc31483793bfb\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\8f4bee781d2709ba927b31c6bee8abce\System.WorkflowServices.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\57631b92442dcbaa782800614f11eed4\System.Web.Mobile.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\f21b305ec2cacfd1737aba590508716a\System.Web.Extensions.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\01e5bdd5a9c2db218cf64aff1875bf10\System.Web.Extensions.Design.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 1530368 c:\windows\assembly\NativeImages_v2.0.50727_64\SrpUxSnapIn\9208a9d4acc76688fb7b07a3b99d1c5e\SrpUxSnapIn.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\92ab2a505e2b1e55887248752fc8791b\Narrator.ni.exe
+ 2012-04-18 23:24 . 2012-04-18 23:24 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\b843ee3c17f0b9d517f74f2fc2cef321\MMCEx.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\ff499b53b4b43e5cf6175a7d95fb15ea\MIGUIControls.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\a2368cca7264c3f047d16fefcb29ca66\Microsoft.VisualBasic.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a365fda36604d8f8b6ea67667dc3dd46\Microsoft.PowerShell.Editor.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a1c24b217f836d73170c0f32b7dda5c2\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dff78b6458b3995288e7e89aa7ae34a\Microsoft.MediaCenter.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\88b7272ddb53920b927a7ef59fd3ad6a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1225d00b36449afd4a4314eadcb8bf58\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\9e91d7c4464a12eb7d2c174ffc56c168\Microsoft.Ink.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a67cf1480b9711c9e9da320bc5114879\Microsoft.Build.Tasks.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\7b5c7863043af7cd47dfb104c0fe6879\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\a1c741fa6d3e2635dd2a2a77890c87b5\mcstore.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d362f68d3bf954ba55a4494a659492af\System.WorkflowServices.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\a118322b0f5ffc0e67c06658e8788e1d\System.Web.Mobile.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\3cd9f405ba4118dc49455ddb8ba89336\System.Web.Extensions.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\e304bbb529be3c6839fcc740c0850141\SrpUxSnapIn.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\a61a4567bd8a09a0068db7fcc46151e1\Narrator.ni.exe
+ 2012-04-18 23:22 . 2012-04-18 23:22 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\a8ac3e062a13d75ff8d632bed75358b0\MMCEx.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\2a348513f0f83117bedeb39a7d10b034\MIGUIControls.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a7364db379808ebdee5cd876d5af2656\Microsoft.PowerShell.Editor.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2a9dff80feb7cf8dbac17adb959159ca\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4a603d10666b9ee9487e7f0ce27c1c68\Microsoft.MediaCenter.UI.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\142b59a72b233db75ede02941b86291d\Microsoft.MediaCenter.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ffc29e128c4ddebb991189d617ed1bf7\Microsoft.Ink.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0c9d80e810caa6aeb85bd4d253281434\Microsoft.Build.Tasks.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\008b235de7df9c690e3f289f3c776eda\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-18 23:22 . 2012-04-18 23:22 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\227b7eaefe6ae6b78190516516793b4b\mcstore.ni.dll
+ 2011-11-12 01:59 . 2012-04-20 01:20 23635708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-749022163-3579841242-3610539435-1000-8192.dat
+ 2012-04-18 23:26 . 2012-04-18 23:26 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\c80f2e11e938ed65b843f750add94b35\System.Windows.Forms.ni.dll
+ 2012-04-18 23:25 . 2012-04-18 23:25 15762432 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\bf66e2b2a4dfefe1064dc172723b2cdd\System.Web.ni.dll
+ 2012-04-18 23:25 . 2012-04-18 23:25 13314048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\8d8f7d5ddfee1cd87ca1396946aa18f7\System.Design.ni.dll
+ 2012-04-18 23:25 . 2012-04-18 23:25 24407040 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\b93196152e384bd43b9abf1e20c8d067\PresentationFramework.ni.dll
+ 2012-04-18 23:25 . 2012-04-18 23:25 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\fc074b5198bd925a4f5b48403bba0e34\PresentationCore.ni.dll
+ 2012-04-18 23:23 . 2012-04-18 23:23 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\a0fb4bd3ae9ce574167ae3a79b7a1aa5\System.Web.ni.dll
+ 2012-04-18 23:24 . 2012-04-18 23:24 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\d9a8c2b82b4370a5b0f537a65d867f49\ehshell.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files (x86)\BOINC\boincmgr.exe" [2010-09-23 4543232]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2010-09-23 58112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\thebeast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\thebeast\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ALSysIO;ALSysIO;c:\users\thebeast\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 GPU-Z;GPU-Z;c:\users\thebeast\AppData\Local\Temp\GPU-Z.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 07:10]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749022163-3579841242-3610539435-1000Core.job
- c:\users\thebeast\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 00:11]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749022163-3579841242-3610539435-1000UA.job
- c:\users\thebeast\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 00:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\thebeast\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\thebeast\AppData\Roaming\Mozilla\Firefox\Profiles\viqyt311.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-19 21:22:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 01:22
ComboFix2.txt 2012-04-18 23:12
.
Pre-Run: 67,745,701,888 bytes free
Post-Run: 67,518,009,344 bytes free
.
- - End Of File - - 969FDCBA0643FD7B6A03DBE314F3123C

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 19 April 2012 - 10:24 PM

Hello,

Your logs look good let run a couple other scanners to make sure everything is gone.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 adamfortwayne

adamfortwayne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 20 April 2012 - 06:09 AM

I looks like most of what ESET found and cleaned up were the quarantined files. I ran Malwarebytes after running it and ESET and it's still finding the same infected files.

Thanks,
Adam


Malwarebytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
thebeast :: THEBEAST-PC [administrator]

4/20/2012 6:25:33 AM
mbam-log-2012-04-20 (06-25-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217133
Time elapsed: 1 minute(s), 4 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4536 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


ESET
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\AAE3.tmp.dat.vir Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\AB14.tmp.vir Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.26\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.26\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.26\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.26\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.26\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.26\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.59\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.59\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.59\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.59\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.59\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.04.2012_21.11.59\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\thebeast\Downloads\cnet_spdf_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VU0IM0Z3\index[2].htm JS/Iframe.CV trojan cleaned by deleting - quarantined

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 20 April 2012 - 11:49 AM

Hello,

Please run TDssKiller again and post its log.


2.
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.


3.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


4.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


Things to include in your next reply::
TDssKiller log
Results.txt
MBAM log
RogueKiller log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 adamfortwayne

adamfortwayne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 20 April 2012 - 03:59 PM

TDSS had a new version today that pop another rootkit. I ran it twice to see if the clean worked

Thanks,
Adam

TDSS first time

16:46:29.0316 4512 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
16:46:29.0550 4512 ============================================================
16:46:29.0550 4512 Current date / time: 2012/04/20 16:46:29.0550
16:46:29.0550 4512 SystemInfo:
16:46:29.0550 4512
16:46:29.0550 4512 OS Version: 6.1.7601 ServicePack: 1.0
16:46:29.0550 4512 Product type: Workstation
16:46:29.0550 4512 ComputerName: THEBEAST-PC
16:46:29.0550 4512 UserName: thebeast
16:46:29.0550 4512 Windows directory: C:\Windows
16:46:29.0550 4512 System windows directory: C:\Windows
16:46:29.0550 4512 Running under WOW64
16:46:29.0550 4512 Processor architecture: Intel x64
16:46:29.0550 4512 Number of processors: 8
16:46:29.0550 4512 Page size: 0x1000
16:46:29.0550 4512 Boot type: Normal boot
16:46:29.0550 4512 ============================================================
16:46:29.0831 4512 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
16:46:29.0847 4512 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:46:29.0972 4512 \Device\Harddisk1\DR1:
16:46:29.0972 4512 MBR partitions:
16:46:29.0972 4512 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:46:29.0972 4512 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
16:46:29.0972 4512 \Device\Harddisk0\DR0:
16:46:29.0972 4512 MBR partitions:
16:46:29.0972 4512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
16:46:29.0972 4512 C: <-> \Device\Harddisk1\DR1\Partition1
16:46:29.0987 4512 E: <-> \Device\Harddisk0\DR0\Partition0
16:46:30.0003 4512 Initialize success
16:46:30.0003 4512 ============================================================
16:46:35.0572 2028 ============================================================
16:46:35.0572 2028 Scan started
16:46:35.0572 2028 Mode: Manual; SigCheck; TDLFS;
16:46:35.0572 2028 ============================================================
16:46:35.0837 2028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:46:35.0868 2028 1394ohci - ok
16:46:35.0884 2028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:46:35.0884 2028 ACPI - ok
16:46:35.0884 2028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:46:35.0900 2028 AcpiPmi - ok
16:46:35.0915 2028 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:46:35.0915 2028 AdobeFlashPlayerUpdateSvc - ok
16:46:35.0931 2028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:46:35.0946 2028 adp94xx - ok
16:46:35.0946 2028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:46:35.0962 2028 adpahci - ok
16:46:35.0962 2028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:46:35.0978 2028 adpu320 - ok
16:46:35.0978 2028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:46:36.0024 2028 AeLookupSvc - ok
16:46:36.0024 2028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:46:36.0040 2028 AFD - ok
16:46:36.0056 2028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:46:36.0056 2028 agp440 - ok
16:46:36.0056 2028 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:46:36.0071 2028 ALG - ok
16:46:36.0071 2028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:46:36.0087 2028 aliide - ok
16:46:36.0087 2028 ALSysIO - ok
16:46:36.0087 2028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:46:36.0102 2028 amdide - ok
16:46:36.0102 2028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:46:36.0118 2028 AmdK8 - ok
16:46:36.0118 2028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:46:36.0134 2028 AmdPPM - ok
16:46:36.0134 2028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:46:36.0134 2028 amdsata - ok
16:46:36.0149 2028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:46:36.0149 2028 amdsbs - ok
16:46:36.0165 2028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:46:36.0165 2028 amdxata - ok
16:46:36.0180 2028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:46:36.0243 2028 AppID - ok
16:46:36.0243 2028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:46:36.0258 2028 AppIDSvc - ok
16:46:36.0274 2028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:46:36.0290 2028 Appinfo - ok
16:46:36.0290 2028 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:46:36.0305 2028 Apple Mobile Device - ok
16:46:36.0305 2028 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:46:36.0321 2028 AppMgmt - ok
16:46:36.0321 2028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:46:36.0336 2028 arc - ok
16:46:36.0336 2028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:46:36.0336 2028 arcsas - ok
16:46:36.0352 2028 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:46:36.0352 2028 aspnet_state - ok
16:46:36.0368 2028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:36.0383 2028 AsyncMac - ok
16:46:36.0399 2028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:46:36.0399 2028 atapi - ok
16:46:36.0414 2028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:46:36.0430 2028 AudioEndpointBuilder - ok
16:46:36.0430 2028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:46:36.0461 2028 AudioSrv - ok
16:46:36.0461 2028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:46:36.0492 2028 AxInstSV - ok
16:46:36.0492 2028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:46:36.0508 2028 b06bdrv - ok
16:46:36.0508 2028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:46:36.0524 2028 b57nd60a - ok
16:46:36.0524 2028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:46:36.0539 2028 BDESVC - ok
16:46:36.0539 2028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:46:36.0555 2028 Beep - ok
16:46:36.0570 2028 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:46:36.0602 2028 BFE - ok
16:46:36.0602 2028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:46:36.0633 2028 BITS - ok
16:46:36.0633 2028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:46:36.0648 2028 blbdrive - ok
16:46:36.0648 2028 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:46:36.0664 2028 Bonjour Service - ok
16:46:36.0664 2028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:46:36.0664 2028 bowser - ok
16:46:36.0680 2028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:46:36.0680 2028 BrFiltLo - ok
16:46:36.0695 2028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:46:36.0695 2028 BrFiltUp - ok
16:46:36.0711 2028 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:46:36.0726 2028 BridgeMP - ok
16:46:36.0726 2028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:46:36.0758 2028 Browser - ok
16:46:36.0758 2028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:46:36.0773 2028 Brserid - ok
16:46:36.0773 2028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:46:36.0789 2028 BrSerWdm - ok
16:46:36.0789 2028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:46:36.0789 2028 BrUsbMdm - ok
16:46:36.0804 2028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:46:36.0804 2028 BrUsbSer - ok
16:46:36.0820 2028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:46:36.0820 2028 BTHMODEM - ok
16:46:36.0820 2028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:46:36.0851 2028 bthserv - ok
16:46:36.0851 2028 catchme - ok
16:46:36.0851 2028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:36.0867 2028 cdfs - ok
16:46:36.0882 2028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:46:36.0882 2028 cdrom - ok
16:46:36.0898 2028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:46:36.0914 2028 CertPropSvc - ok
16:46:36.0914 2028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:46:36.0929 2028 circlass - ok
16:46:36.0929 2028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:46:36.0945 2028 CLFS - ok
16:46:36.0945 2028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:46:36.0945 2028 clr_optimization_v2.0.50727_32 - ok
16:46:36.0960 2028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:46:36.0960 2028 clr_optimization_v2.0.50727_64 - ok
16:46:36.0976 2028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:46:36.0976 2028 clr_optimization_v4.0.30319_32 - ok
16:46:36.0992 2028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:46:36.0992 2028 clr_optimization_v4.0.30319_64 - ok
16:46:37.0007 2028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:37.0007 2028 CmBatt - ok
16:46:37.0007 2028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:46:37.0023 2028 cmdide - ok
16:46:37.0023 2028 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:46:37.0038 2028 CNG - ok
16:46:37.0054 2028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:37.0054 2028 Compbatt - ok
16:46:37.0070 2028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:46:37.0070 2028 CompositeBus - ok
16:46:37.0070 2028 COMSysApp - ok
16:46:37.0085 2028 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:46:37.0101 2028 cphs - ok
16:46:37.0101 2028 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
16:46:37.0116 2028 cpuz135 - ok
16:46:37.0116 2028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:46:37.0116 2028 crcdisk - ok
16:46:37.0132 2028 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:46:37.0148 2028 CryptSvc - ok
16:46:37.0163 2028 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:46:37.0179 2028 CSC - ok
16:46:37.0179 2028 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:46:37.0194 2028 CscService - ok
16:46:37.0210 2028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:46:37.0226 2028 DcomLaunch - ok
16:46:37.0241 2028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:46:37.0257 2028 defragsvc - ok
16:46:37.0272 2028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:46:37.0288 2028 DfsC - ok
16:46:37.0288 2028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:46:37.0319 2028 Dhcp - ok
16:46:37.0319 2028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:46:37.0335 2028 discache - ok
16:46:37.0350 2028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:46:37.0350 2028 Disk - ok
16:46:37.0350 2028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:46:37.0366 2028 Dnscache - ok
16:46:37.0366 2028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:46:37.0397 2028 dot3svc - ok
16:46:37.0397 2028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:46:37.0413 2028 DPS - ok
16:46:37.0428 2028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:46:37.0428 2028 drmkaud - ok
16:46:37.0444 2028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:37.0460 2028 DXGKrnl - ok
16:46:37.0460 2028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:46:37.0475 2028 EapHost - ok
16:46:37.0506 2028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:46:37.0538 2028 ebdrv - ok
16:46:37.0538 2028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:46:37.0553 2028 EFS - ok
16:46:37.0553 2028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:46:37.0569 2028 ehRecvr - ok
16:46:37.0569 2028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:46:37.0584 2028 ehSched - ok
16:46:37.0584 2028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:46:37.0600 2028 elxstor - ok
16:46:37.0600 2028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:46:37.0616 2028 ErrDev - ok
16:46:37.0616 2028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:46:37.0647 2028 EventSystem - ok
16:46:37.0647 2028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:46:37.0678 2028 exfat - ok
16:46:37.0678 2028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:46:37.0694 2028 fastfat - ok
16:46:37.0709 2028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:46:37.0725 2028 Fax - ok
16:46:37.0725 2028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:46:37.0740 2028 fdc - ok
16:46:37.0740 2028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:46:37.0756 2028 fdPHost - ok
16:46:37.0772 2028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:46:37.0787 2028 FDResPub - ok
16:46:37.0787 2028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:46:37.0803 2028 FileInfo - ok
16:46:37.0803 2028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:46:37.0818 2028 Filetrace - ok
16:46:37.0834 2028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:37.0834 2028 flpydisk - ok
16:46:37.0834 2028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:46:37.0850 2028 FltMgr - ok
16:46:37.0865 2028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:46:37.0881 2028 FontCache - ok
16:46:37.0881 2028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:46:37.0881 2028 FontCache3.0.0.0 - ok
16:46:37.0896 2028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:46:37.0896 2028 FsDepends - ok
16:46:37.0896 2028 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:37.0912 2028 Fs_Rec - ok
16:46:37.0912 2028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:46:37.0928 2028 fvevol - ok
16:46:37.0928 2028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:46:37.0943 2028 gagp30kx - ok
16:46:37.0943 2028 gdrv - ok
16:46:37.0943 2028 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:37.0959 2028 GEARAspiWDM - ok
16:46:37.0959 2028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:46:37.0990 2028 gpsvc - ok
16:46:37.0990 2028 GPU-Z - ok
16:46:38.0006 2028 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
16:46:38.0006 2028 hcmon - ok
16:46:38.0006 2028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:46:38.0021 2028 hcw85cir - ok
16:46:38.0021 2028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:46:38.0037 2028 HdAudAddService - ok
16:46:38.0052 2028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:46:38.0052 2028 HDAudBus - ok
16:46:38.0068 2028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:46:38.0068 2028 HidBatt - ok
16:46:38.0068 2028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:46:38.0084 2028 HidBth - ok
16:46:38.0084 2028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:46:38.0099 2028 HidIr - ok
16:46:38.0099 2028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:46:38.0130 2028 hidserv - ok
16:46:38.0130 2028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:46:38.0130 2028 HidUsb - ok
16:46:38.0146 2028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:46:38.0162 2028 hkmsvc - ok
16:46:38.0162 2028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:46:38.0177 2028 HomeGroupListener - ok
16:46:38.0177 2028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:46:38.0193 2028 HomeGroupProvider - ok
16:46:38.0193 2028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:46:38.0208 2028 HpSAMD - ok
16:46:38.0208 2028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:46:38.0240 2028 HTTP - ok
16:46:38.0240 2028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:46:38.0255 2028 hwpolicy - ok
16:46:38.0255 2028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:46:38.0255 2028 i8042prt - ok
16:46:38.0271 2028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:46:38.0271 2028 iaStorV - ok
16:46:38.0286 2028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:46:38.0302 2028 idsvc - ok
16:46:38.0396 2028 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:46:38.0536 2028 igfx - ok
16:46:38.0536 2028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:46:38.0552 2028 iirsp - ok
16:46:38.0552 2028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:46:38.0583 2028 IKEEXT - ok
16:46:38.0583 2028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:46:38.0598 2028 intelide - ok
16:46:38.0598 2028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:46:38.0614 2028 intelppm - ok
16:46:38.0614 2028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:46:38.0630 2028 IPBusEnum - ok
16:46:38.0645 2028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:46:38.0661 2028 IpFilterDriver - ok
16:46:38.0676 2028 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:46:38.0692 2028 iphlpsvc - ok
16:46:38.0708 2028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:46:38.0708 2028 IPMIDRV - ok
16:46:38.0723 2028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:46:38.0739 2028 IPNAT - ok
16:46:38.0739 2028 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:46:38.0754 2028 iPod Service - ok
16:46:38.0770 2028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:46:38.0786 2028 IRENUM - ok
16:46:38.0786 2028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:46:38.0786 2028 isapnp - ok
16:46:38.0801 2028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:46:38.0801 2028 iScsiPrt - ok
16:46:38.0817 2028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:46:38.0817 2028 kbdclass - ok
16:46:38.0832 2028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:46:38.0832 2028 kbdhid - ok
16:46:38.0832 2028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:38.0848 2028 KeyIso - ok
16:46:38.0848 2028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:46:38.0864 2028 KSecDD - ok
16:46:38.0864 2028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:46:38.0864 2028 KSecPkg - ok
16:46:38.0879 2028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:46:38.0895 2028 ksthunk - ok
16:46:38.0910 2028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:46:38.0926 2028 KtmRm - ok
16:46:38.0942 2028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:46:38.0957 2028 LanmanServer - ok
16:46:38.0957 2028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:46:38.0988 2028 LanmanWorkstation - ok
16:46:38.0988 2028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:46:39.0004 2028 lltdio - ok
16:46:39.0020 2028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:46:39.0035 2028 lltdsvc - ok
16:46:39.0051 2028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:46:39.0066 2028 lmhosts - ok
16:46:39.0066 2028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:46:39.0082 2028 LSI_FC - ok
16:46:39.0082 2028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:46:39.0082 2028 LSI_SAS - ok
16:46:39.0098 2028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:46:39.0098 2028 LSI_SAS2 - ok
16:46:39.0098 2028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:46:39.0113 2028 LSI_SCSI - ok
16:46:39.0113 2028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:46:39.0144 2028 luafv - ok
16:46:39.0144 2028 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
16:46:39.0160 2028 LVRS64 - ok
16:46:39.0191 2028 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:46:39.0238 2028 LVUVC64 - ok
16:46:39.0254 2028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:46:39.0254 2028 Mcx2Svc - ok
16:46:39.0269 2028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:46:39.0269 2028 megasas - ok
16:46:39.0285 2028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:46:39.0285 2028 MegaSR - ok
16:46:39.0300 2028 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:46:39.0300 2028 MEIx64 - ok
16:46:39.0300 2028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:46:39.0332 2028 MMCSS - ok
16:46:39.0332 2028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:46:39.0347 2028 Modem - ok
16:46:39.0363 2028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:46:39.0363 2028 monitor - ok
16:46:39.0378 2028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:46:39.0378 2028 mouclass - ok
16:46:39.0378 2028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:46:39.0394 2028 mouhid - ok
16:46:39.0394 2028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:46:39.0410 2028 mountmgr - ok
16:46:39.0410 2028 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:46:39.0425 2028 MpFilter - ok
16:46:39.0425 2028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:46:39.0425 2028 mpio - ok
16:46:39.0441 2028 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:46:39.0441 2028 MpNWMon - ok
16:46:39.0456 2028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:46:39.0472 2028 mpsdrv - ok
16:46:39.0472 2028 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:46:39.0503 2028 MpsSvc - ok
16:46:39.0519 2028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:46:39.0519 2028 MRxDAV - ok
16:46:39.0534 2028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:46:39.0534 2028 mrxsmb - ok
16:46:39.0550 2028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:46:39.0550 2028 mrxsmb10 - ok
16:46:39.0550 2028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:46:39.0566 2028 mrxsmb20 - ok
16:46:39.0566 2028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:46:39.0581 2028 msahci - ok
16:46:39.0581 2028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:46:39.0581 2028 msdsm - ok
16:46:39.0597 2028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:46:39.0597 2028 MSDTC - ok
16:46:39.0612 2028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:46:39.0628 2028 Msfs - ok
16:46:39.0628 2028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:46:39.0644 2028 mshidkmdf - ok
16:46:39.0659 2028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:46:39.0659 2028 msisadrv - ok
16:46:39.0675 2028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:46:39.0690 2028 MSiSCSI - ok
16:46:39.0690 2028 msiserver - ok
16:46:39.0706 2028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:46:39.0722 2028 MSKSSRV - ok
16:46:39.0722 2028 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:46:39.0722 2028 MsMpSvc - ok
16:46:39.0737 2028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:46:39.0753 2028 MSPCLOCK - ok
16:46:39.0753 2028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:46:39.0768 2028 MSPQM - ok
16:46:39.0784 2028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:46:39.0784 2028 MsRPC - ok
16:46:39.0800 2028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:46:39.0800 2028 mssmbios - ok
16:46:39.0815 2028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:46:39.0831 2028 MSTEE - ok
16:46:39.0831 2028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:46:39.0846 2028 MTConfig - ok
16:46:39.0846 2028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:46:39.0846 2028 Mup - ok
16:46:39.0862 2028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:46:39.0878 2028 napagent - ok
16:46:39.0893 2028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:46:39.0893 2028 NativeWifiP - ok
16:46:39.0909 2028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:46:39.0924 2028 NDIS - ok
16:46:39.0924 2028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:46:39.0956 2028 NdisCap - ok
16:46:39.0956 2028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:46:39.0971 2028 NdisTapi - ok
16:46:39.0987 2028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:46:40.0002 2028 Ndisuio - ok
16:46:40.0002 2028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:46:40.0034 2028 NdisWan - ok
16:46:40.0034 2028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:46:40.0049 2028 NDProxy - ok
16:46:40.0065 2028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:46:40.0080 2028 NetBIOS - ok
16:46:40.0080 2028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:46:40.0112 2028 NetBT - ok
16:46:40.0112 2028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:40.0112 2028 Netlogon - ok
16:46:40.0127 2028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:46:40.0143 2028 Netman - ok
16:46:40.0159 2028 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:46:40.0159 2028 NetMsmqActivator - ok
16:46:40.0159 2028 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:46:40.0159 2028 NetPipeActivator - ok
16:46:40.0174 2028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:46:40.0190 2028 netprofm - ok
16:46:40.0205 2028 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:46:40.0205 2028 NetTcpActivator - ok
16:46:40.0205 2028 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:46:40.0205 2028 NetTcpPortSharing - ok
16:46:40.0221 2028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:46:40.0221 2028 nfrd960 - ok
16:46:40.0237 2028 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:46:40.0237 2028 NisDrv - ok
16:46:40.0237 2028 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:46:40.0252 2028 NisSrv - ok
16:46:40.0252 2028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:46:40.0283 2028 NlaSvc - ok
16:46:40.0283 2028 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
16:46:40.0283 2028 NPF - ok
16:46:40.0299 2028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:46:40.0315 2028 Npfs - ok
16:46:40.0315 2028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:46:40.0346 2028 nsi - ok
16:46:40.0346 2028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:46:40.0361 2028 nsiproxy - ok
16:46:40.0377 2028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:46:40.0408 2028 Ntfs - ok
16:46:40.0408 2028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:46:40.0424 2028 Null - ok
16:46:40.0439 2028 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
16:46:40.0439 2028 NVHDA - ok
16:46:40.0517 2028 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:46:40.0642 2028 nvlddmkm - ok
16:46:40.0642 2028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:46:40.0658 2028 nvraid - ok
16:46:40.0658 2028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:46:40.0673 2028 nvstor - ok
16:46:40.0673 2028 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
16:46:40.0689 2028 nvsvc - ok
16:46:40.0705 2028 nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:46:40.0736 2028 nvUpdatusService - ok
16:46:40.0751 2028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:46:40.0751 2028 nv_agp - ok
16:46:40.0767 2028 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:46:40.0767 2028 odserv - ok
16:46:40.0783 2028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:46:40.0783 2028 ohci1394 - ok
16:46:40.0783 2028 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:46:40.0798 2028 ose - ok
16:46:40.0798 2028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:46:40.0814 2028 p2pimsvc - ok
16:46:40.0814 2028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:46:40.0829 2028 p2psvc - ok
16:46:40.0829 2028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:46:40.0845 2028 Parport - ok
16:46:40.0845 2028 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:46:40.0861 2028 partmgr - ok
16:46:40.0861 2028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:46:40.0876 2028 PcaSvc - ok
16:46:40.0876 2028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:46:40.0876 2028 pci - ok
16:46:40.0892 2028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:46:40.0892 2028 pciide - ok
16:46:40.0907 2028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:46:40.0907 2028 pcmcia - ok
16:46:40.0907 2028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:46:40.0923 2028 pcw - ok
16:46:40.0923 2028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:46:40.0954 2028 PEAUTH - ok
16:46:40.0970 2028 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:46:40.0985 2028 PeerDistSvc - ok
16:46:40.0985 2028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:46:41.0001 2028 PerfHost - ok
16:46:41.0017 2028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:46:41.0048 2028 pla - ok
16:46:41.0063 2028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:46:41.0063 2028 PlugPlay - ok
16:46:41.0079 2028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:46:41.0079 2028 PNRPAutoReg - ok
16:46:41.0079 2028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:46:41.0095 2028 PNRPsvc - ok
16:46:41.0110 2028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:46:41.0126 2028 PolicyAgent - ok
16:46:41.0141 2028 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:46:41.0157 2028 Power - ok
16:46:41.0157 2028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:46:41.0188 2028 PptpMiniport - ok
16:46:41.0188 2028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:46:41.0188 2028 Processor - ok
16:46:41.0204 2028 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:46:41.0219 2028 ProfSvc - ok
16:46:41.0235 2028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:41.0235 2028 ProtectedStorage - ok
16:46:41.0235 2028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:46:41.0266 2028 Psched - ok
16:46:41.0266 2028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:46:41.0297 2028 ql2300 - ok
16:46:41.0313 2028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:46:41.0313 2028 ql40xx - ok
16:46:41.0329 2028 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:46:41.0329 2028 QWAVE - ok
16:46:41.0344 2028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:46:41.0344 2028 QWAVEdrv - ok
16:46:41.0344 2028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:46:41.0375 2028 RasAcd - ok
16:46:41.0375 2028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:46:41.0391 2028 RasAgileVpn - ok
16:46:41.0407 2028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:46:41.0422 2028 RasAuto - ok
16:46:41.0422 2028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:46:41.0453 2028 Rasl2tp - ok
16:46:41.0453 2028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:46:41.0485 2028 RasMan - ok
16:46:41.0485 2028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:46:41.0500 2028 RasPppoe - ok
16:46:41.0516 2028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:46:41.0531 2028 RasSstp - ok
16:46:41.0547 2028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:46:41.0563 2028 rdbss - ok
16:46:41.0563 2028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:46:41.0578 2028 rdpbus - ok
16:46:41.0578 2028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:46:41.0594 2028 RDPCDD - ok
16:46:41.0609 2028 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:46:41.0609 2028 RDPDR - ok
16:46:41.0625 2028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:46:41.0641 2028 RDPENCDD - ok
16:46:41.0641 2028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:46:41.0672 2028 RDPREFMP - ok
16:46:41.0672 2028 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:46:41.0687 2028 RDPWD - ok
16:46:41.0687 2028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:46:41.0703 2028 rdyboost - ok
16:46:41.0703 2028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:46:41.0719 2028 RemoteAccess - ok
16:46:41.0734 2028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:46:41.0750 2028 RemoteRegistry - ok
16:46:41.0750 2028 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
16:46:41.0765 2028 rpcapd - ok
16:46:41.0765 2028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:46:41.0781 2028 RpcEptMapper - ok
16:46:41.0797 2028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:46:41.0797 2028 RpcLocator - ok
16:46:41.0812 2028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:46:41.0828 2028 RpcSs - ok
16:46:41.0828 2028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:46:41.0859 2028 rspndr - ok
16:46:41.0859 2028 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:46:41.0875 2028 RTL8167 - ok
16:46:41.0875 2028 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:46:41.0890 2028 s3cap - ok
16:46:41.0890 2028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:41.0890 2028 SamSs - ok
16:46:41.0906 2028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:46:41.0906 2028 sbp2port - ok
16:46:41.0921 2028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:46:41.0937 2028 SCardSvr - ok
16:46:41.0937 2028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:46:41.0953 2028 scfilter - ok
16:46:41.0968 2028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:46:41.0999 2028 Schedule - ok
16:46:42.0015 2028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:46:42.0031 2028 SCPolicySvc - ok
16:46:42.0031 2028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:46:42.0046 2028 SDRSVC - ok
16:46:42.0046 2028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:46:42.0062 2028 secdrv - ok
16:46:42.0077 2028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:46:42.0093 2028 seclogon - ok
16:46:42.0093 2028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:46:42.0109 2028 SENS - ok
16:46:42.0124 2028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:46:42.0124 2028 SensrSvc - ok
16:46:42.0140 2028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:46:42.0140 2028 Serenum - ok
16:46:42.0140 2028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:46:42.0155 2028 Serial - ok
16:46:42.0155 2028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:46:42.0171 2028 sermouse - ok
16:46:42.0171 2028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:46:42.0187 2028 SessionEnv - ok
16:46:42.0202 2028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:46:42.0202 2028 sffdisk - ok
16:46:42.0218 2028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:46:42.0218 2028 sffp_mmc - ok
16:46:42.0218 2028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:46:42.0233 2028 sffp_sd - ok
16:46:42.0233 2028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:46:42.0249 2028 sfloppy - ok
16:46:42.0249 2028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:46:42.0280 2028 SharedAccess - ok
16:46:42.0280 2028 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:46:42.0311 2028 ShellHWDetection - ok
16:46:42.0311 2028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:46:42.0311 2028 SiSRaid2 - ok
16:46:42.0327 2028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:46:42.0327 2028 SiSRaid4 - ok
16:46:42.0327 2028 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:46:42.0343 2028 SkypeUpdate - ok
16:46:42.0343 2028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:46:42.0358 2028 Smb - ok
16:46:42.0374 2028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:46:42.0374 2028 SNMPTRAP - ok
16:46:42.0389 2028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:46:42.0389 2028 spldr - ok
16:46:42.0405 2028 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:46:42.0421 2028 Spooler - ok
16:46:42.0452 2028 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:46:42.0499 2028 sppsvc - ok
16:46:42.0514 2028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:46:42.0530 2028 sppuinotify - ok
16:46:42.0530 2028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:46:42.0545 2028 srv - ok
16:46:42.0561 2028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:46:42.0561 2028 srv2 - ok
16:46:42.0577 2028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:46:42.0577 2028 srvnet - ok
16:46:42.0592 2028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:46:42.0608 2028 SSDPSRV - ok
16:46:42.0608 2028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:46:42.0639 2028 SstpSvc - ok
16:46:42.0639 2028 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:46:42.0655 2028 Stereo Service - ok
16:46:42.0655 2028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:46:42.0655 2028 stexstor - ok
16:46:42.0670 2028 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:46:42.0686 2028 stisvc - ok
16:46:42.0686 2028 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:46:42.0701 2028 storflt - ok
16:46:42.0701 2028 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:46:42.0701 2028 StorSvc - ok
16:46:42.0717 2028 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:46:42.0717 2028 storvsc - ok
16:46:42.0717 2028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:46:42.0733 2028 swenum - ok
16:46:42.0733 2028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:46:42.0764 2028 swprv - ok
16:46:42.0779 2028 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:46:42.0795 2028 SysMain - ok
16:46:42.0811 2028 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:46:42.0811 2028 TabletInputService - ok
16:46:42.0826 2028 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:46:42.0842 2028 TapiSrv - ok
16:46:42.0857 2028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:46:42.0873 2028 TBS - ok
16:46:42.0889 2028 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:46:42.0920 2028 Tcpip - ok
16:46:42.0935 2028 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:46:42.0951 2028 TCPIP6 - ok
16:46:42.0951 2028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:46:42.0982 2028 tcpipreg - ok
16:46:42.0982 2028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:46:42.0982 2028 TDPIPE - ok
16:46:42.0998 2028 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:46:42.0998 2028 TDTCP - ok
16:46:43.0013 2028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:46:43.0029 2028 tdx - ok
16:46:43.0029 2028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:46:43.0029 2028 TermDD - ok
16:46:43.0045 2028 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:46:43.0076 2028 TermService - ok
16:46:43.0076 2028 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:46:43.0091 2028 Themes - ok
16:46:43.0091 2028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:46:43.0107 2028 THREADORDER - ok
16:46:43.0123 2028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:46:43.0138 2028 TrkWks - ok
16:46:43.0138 2028 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
16:46:43.0154 2028 truecrypt - ok
16:46:43.0154 2028 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:46:43.0169 2028 TrustedInstaller - ok
16:46:43.0185 2028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:46:43.0201 2028 tssecsrv - ok
16:46:43.0216 2028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:46:43.0216 2028 TsUsbFlt - ok
16:46:43.0216 2028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:46:43.0247 2028 tunnel - ok
16:46:43.0247 2028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:46:43.0247 2028 uagp35 - ok
16:46:43.0263 2028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:46:43.0279 2028 udfs - ok
16:46:43.0294 2028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:46:43.0294 2028 UI0Detect - ok
16:46:43.0310 2028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:46:43.0310 2028 uliagpkx - ok
16:46:43.0310 2028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:46:43.0325 2028 umbus - ok
16:46:43.0325 2028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:46:43.0341 2028 UmPass - ok
16:46:43.0341 2028 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:46:43.0341 2028 UmRdpService - ok
16:46:43.0357 2028 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:46:43.0357 2028 UMVPFSrv - ok
16:46:43.0372 2028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:46:43.0388 2028 upnphost - ok
16:46:43.0403 2028 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:46:43.0403 2028 USBAAPL64 - ok
16:46:43.0419 2028 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:46:43.0419 2028 usbaudio - ok
16:46:43.0435 2028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:46:43.0435 2028 usbccgp - ok
16:46:43.0435 2028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:46:43.0450 2028 usbcir - ok
16:46:43.0450 2028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:46:43.0466 2028 usbehci - ok
16:46:43.0466 2028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:46:43.0481 2028 usbhub - ok
16:46:43.0481 2028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:46:43.0481 2028 usbohci - ok
16:46:43.0497 2028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:46:43.0497 2028 usbprint - ok
16:46:43.0513 2028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:46:43.0513 2028 usbscan - ok
16:46:43.0528 2028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:46:43.0528 2028 USBSTOR - ok
16:46:43.0528 2028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:46:43.0544 2028 usbuhci - ok
16:46:43.0544 2028 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:46:43.0559 2028 usbvideo - ok
16:46:43.0559 2028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:46:43.0575 2028 UxSms - ok
16:46:43.0591 2028 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:43.0591 2028 VaultSvc - ok
16:46:43.0606 2028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:46:43.0606 2028 vdrvroot - ok
16:46:43.0606 2028 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:46:43.0637 2028 vds - ok
16:46:43.0637 2028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:46:43.0653 2028 vga - ok
16:46:43.0653 2028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:46:43.0684 2028 VgaSave - ok
16:46:43.0684 2028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:46:43.0684 2028 vhdmp - ok
16:46:43.0700 2028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:46:43.0700 2028 viaide - ok
16:46:43.0715 2028 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:46:43.0715 2028 vmbus - ok
16:46:43.0731 2028 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:46:43.0731 2028 VMBusHID - ok
16:46:43.0731 2028 VMnetAdapter - ok
16:46:43.0747 2028 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
16:46:43.0762 2028 VMUSBArbService - ok
16:46:43.0762 2028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:46:43.0778 2028 volmgr - ok
16:46:43.0778 2028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:46:43.0793 2028 volmgrx - ok
16:46:43.0793 2028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:46:43.0809 2028 volsnap - ok
16:46:43.0809 2028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:46:43.0825 2028 vsmraid - ok
16:46:43.0840 2028 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:46:43.0871 2028 VSS - ok
16:46:43.0871 2028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:46:43.0887 2028 vwifibus - ok
16:46:43.0887 2028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:46:43.0918 2028 W32Time - ok
16:46:43.0918 2028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:46:43.0934 2028 WacomPen - ok
16:46:43.0934 2028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:46:43.0949 2028 WANARP - ok
16:46:43.0949 2028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:46:43.0981 2028 Wanarpv6 - ok
16:46:43.0981 2028 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:46:44.0012 2028 WatAdminSvc - ok
16:46:44.0027 2028 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:46:44.0043 2028 wbengine - ok
16:46:44.0043 2028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:46:44.0059 2028 WbioSrvc - ok
16:46:44.0059 2028 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:46:44.0074 2028 wcncsvc - ok
16:46:44.0090 2028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:46:44.0090 2028 WcsPlugInService - ok
16:46:44.0090 2028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:46:44.0105 2028 Wd - ok
16:46:44.0105 2028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:46:44.0121 2028 Wdf01000 - ok
16:46:44.0137 2028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:46:44.0152 2028 WdiServiceHost - ok
16:46:44.0152 2028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:46:44.0152 2028 WdiSystemHost - ok
16:46:44.0168 2028 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:46:44.0183 2028 WebClient - ok
16:46:44.0183 2028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:46:44.0199 2028 Wecsvc - ok
16:46:44.0215 2028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:46:44.0230 2028 wercplsupport - ok
16:46:44.0230 2028 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:46:44.0261 2028 WerSvc - ok
16:46:44.0261 2028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:46:44.0277 2028 WfpLwf - ok
16:46:44.0293 2028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:46:44.0293 2028 WIMMount - ok
16:46:44.0293 2028 WinDefend - ok
16:46:44.0293 2028 WinHttpAutoProxySvc - ok
16:46:44.0308 2028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:46:44.0324 2028 Winmgmt - ok
16:46:44.0339 2028 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:46:44.0371 2028 WinRM - ok
16:46:44.0386 2028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:46:44.0386 2028 WinUsb - ok
16:46:44.0402 2028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:46:44.0417 2028 Wlansvc - ok
16:46:44.0433 2028 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:46:44.0464 2028 wlidsvc - ok
16:46:44.0464 2028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:46:44.0480 2028 WmiAcpi - ok
16:46:44.0480 2028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:46:44.0495 2028 wmiApSrv - ok
16:46:44.0495 2028 WMPNetworkSvc - ok
16:46:44.0495 2028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:46:44.0511 2028 WPCSvc - ok
16:46:44.0511 2028 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:46:44.0527 2028 WPDBusEnum - ok
16:46:44.0527 2028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:46:44.0542 2028 ws2ifsl - ok
16:46:44.0558 2028 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:46:44.0558 2028 wscsvc - ok
16:46:44.0573 2028 WSearch - ok
16:46:44.0605 2028 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:46:44.0636 2028 wuauserv - ok
16:46:44.0651 2028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:46:44.0667 2028 WudfPf - ok
16:46:44.0683 2028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:46:44.0698 2028 WUDFRd - ok
16:46:44.0698 2028 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:46:44.0714 2028 wudfsvc - ok
16:46:44.0729 2028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:46:44.0745 2028 WwanSvc - ok
16:46:44.0745 2028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:46:44.0745 2028 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - infected
16:46:44.0745 2028 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.c (0)
16:46:44.0745 2028 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
16:46:44.0745 2028 \Device\Harddisk1\DR1 - detected TDSS File System (1)
16:46:45.0385 2028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:46:45.0463 2028 \Device\Harddisk0\DR0 - ok
16:46:45.0463 2028 Boot (0x1200) (1031041d60d19c8c865effc5219156cb) \Device\Harddisk1\DR1\Partition0
16:46:45.0463 2028 \Device\Harddisk1\DR1\Partition0 - ok
16:46:45.0463 2028 Boot (0x1200) (b14ba4db8d9a5f4d15836f58ccdd9fb2) \Device\Harddisk1\DR1\Partition1
16:46:45.0463 2028 \Device\Harddisk1\DR1\Partition1 - ok
16:46:45.0478 2028 Boot (0x1200) (a92fd92949324f438998a7e9444d8704) \Device\Harddisk0\DR0\Partition0
16:46:45.0478 2028 \Device\Harddisk0\DR0\Partition0 - ok
16:46:45.0478 2028 ============================================================
16:46:45.0478 2028 Scan finished
16:46:45.0478 2028 ============================================================
16:46:45.0494 3272 Detected object count: 2
16:46:45.0494 3272 Actual detected object count: 2
16:47:13.0137 3272 \Device\Harddisk1\DR1\# - copied to quarantine
16:47:13.0137 3272 \Device\Harddisk1\DR1 - copied to quarantine
16:47:13.0153 3272 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
16:47:13.0153 3272 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1\TDLFS\u - copied to quarantine
16:47:13.0168 3272 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:47:13.0168 3272 \Device\Harddisk1\DR1 - ok
16:47:13.0340 3272 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:47:13.0355 3272 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
16:47:13.0355 3272 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
16:47:13.0355 3272 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
16:47:13.0355 3272 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
16:47:13.0355 3272 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
16:47:13.0355 3272 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
16:47:13.0355 3272 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
16:47:13.0355 3272 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
16:47:13.0371 3272 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
16:47:13.0371 3272 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
16:47:13.0371 3272 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
16:47:13.0371 3272 \Device\Harddisk1\DR1\TDLFS\u - copied to quarantine
16:47:13.0371 3272 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Quarantine
16:47:15.0134 5100 Deinitialize success


TDSS second run
16:48:41.0828 3652 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
16:48:42.0250 3652 ============================================================
16:48:42.0250 3652 Current date / time: 2012/04/20 16:48:42.0250
16:48:42.0250 3652 SystemInfo:
16:48:42.0250 3652
16:48:42.0250 3652 OS Version: 6.1.7601 ServicePack: 1.0
16:48:42.0250 3652 Product type: Workstation
16:48:42.0250 3652 ComputerName: THEBEAST-PC
16:48:42.0250 3652 UserName: thebeast
16:48:42.0250 3652 Windows directory: C:\Windows
16:48:42.0250 3652 System windows directory: C:\Windows
16:48:42.0250 3652 Running under WOW64
16:48:42.0250 3652 Processor architecture: Intel x64
16:48:42.0250 3652 Number of processors: 8
16:48:42.0250 3652 Page size: 0x1000
16:48:42.0250 3652 Boot type: Normal boot
16:48:42.0250 3652 ============================================================
16:48:42.0515 3652 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
16:48:42.0530 3652 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:42.0640 3652 \Device\Harddisk1\DR1:
16:48:42.0640 3652 MBR partitions:
16:48:42.0640 3652 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:48:42.0640 3652 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
16:48:42.0640 3652 \Device\Harddisk0\DR0:
16:48:42.0640 3652 MBR partitions:
16:48:42.0640 3652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
16:48:42.0640 3652 C: <-> \Device\Harddisk1\DR1\Partition1
16:48:42.0671 3652 E: <-> \Device\Harddisk0\DR0\Partition0
16:48:42.0671 3652 Initialize success
16:48:42.0671 3652 ============================================================
16:48:47.0304 3572 ============================================================
16:48:47.0304 3572 Scan started
16:48:47.0304 3572 Mode: Manual; SigCheck; TDLFS;
16:48:47.0304 3572 ============================================================
16:48:47.0382 3572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:48:47.0429 3572 1394ohci - ok
16:48:47.0429 3572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:48:47.0444 3572 ACPI - ok
16:48:47.0444 3572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:48:47.0460 3572 AcpiPmi - ok
16:48:47.0476 3572 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:48:47.0476 3572 AdobeFlashPlayerUpdateSvc - ok
16:48:47.0491 3572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:48:47.0507 3572 adp94xx - ok
16:48:47.0507 3572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:48:47.0522 3572 adpahci - ok
16:48:47.0522 3572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:48:47.0538 3572 adpu320 - ok
16:48:47.0538 3572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:48:47.0585 3572 AeLookupSvc - ok
16:48:47.0600 3572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:48:47.0616 3572 AFD - ok
16:48:47.0616 3572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:48:47.0632 3572 agp440 - ok
16:48:47.0632 3572 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:48:47.0647 3572 ALG - ok
16:48:47.0647 3572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:48:47.0647 3572 aliide - ok
16:48:47.0663 3572 ALSysIO - ok
16:48:47.0663 3572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:48:47.0678 3572 amdide - ok
16:48:47.0678 3572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:48:47.0694 3572 AmdK8 - ok
16:48:47.0694 3572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:48:47.0710 3572 AmdPPM - ok
16:48:47.0710 3572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:48:47.0710 3572 amdsata - ok
16:48:47.0725 3572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:48:47.0725 3572 amdsbs - ok
16:48:47.0741 3572 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:48:47.0741 3572 amdxata - ok
16:48:47.0756 3572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:48:47.0803 3572 AppID - ok
16:48:47.0819 3572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:48:47.0834 3572 AppIDSvc - ok
16:48:47.0850 3572 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:48:47.0866 3572 Appinfo - ok
16:48:47.0866 3572 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:48:47.0881 3572 Apple Mobile Device - ok
16:48:47.0881 3572 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:48:47.0897 3572 AppMgmt - ok
16:48:47.0897 3572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:48:47.0912 3572 arc - ok
16:48:47.0912 3572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:48:47.0928 3572 arcsas - ok
16:48:47.0928 3572 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:48:47.0944 3572 aspnet_state - ok
16:48:47.0944 3572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:47.0959 3572 AsyncMac - ok
16:48:47.0975 3572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:48:47.0975 3572 atapi - ok
16:48:47.0990 3572 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:48:48.0006 3572 AudioEndpointBuilder - ok
16:48:48.0022 3572 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:48:48.0037 3572 AudioSrv - ok
16:48:48.0053 3572 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:48:48.0068 3572 AxInstSV - ok
16:48:48.0068 3572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:48:48.0084 3572 b06bdrv - ok
16:48:48.0100 3572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:48:48.0100 3572 b57nd60a - ok
16:48:48.0115 3572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:48:48.0115 3572 BDESVC - ok
16:48:48.0131 3572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:48:48.0146 3572 Beep - ok
16:48:48.0162 3572 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:48:48.0178 3572 BFE - ok
16:48:48.0193 3572 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:48:48.0209 3572 BITS - ok
16:48:48.0224 3572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:48.0224 3572 blbdrive - ok
16:48:48.0240 3572 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:48:48.0240 3572 Bonjour Service - ok
16:48:48.0256 3572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:48:48.0256 3572 bowser - ok
16:48:48.0256 3572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:48:48.0271 3572 BrFiltLo - ok
16:48:48.0287 3572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:48:48.0287 3572 BrFiltUp - ok
16:48:48.0287 3572 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:48:48.0318 3572 BridgeMP - ok
16:48:48.0318 3572 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:48:48.0334 3572 Browser - ok
16:48:48.0349 3572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:48:48.0365 3572 Brserid - ok
16:48:48.0365 3572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:48.0365 3572 BrSerWdm - ok
16:48:48.0380 3572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:48.0380 3572 BrUsbMdm - ok
16:48:48.0396 3572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:48.0396 3572 BrUsbSer - ok
16:48:48.0412 3572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:48:48.0412 3572 BTHMODEM - ok
16:48:48.0412 3572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:48:48.0443 3572 bthserv - ok
16:48:48.0443 3572 catchme - ok
16:48:48.0443 3572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:48:48.0458 3572 cdfs - ok
16:48:48.0474 3572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:48:48.0474 3572 cdrom - ok
16:48:48.0490 3572 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:48:48.0505 3572 CertPropSvc - ok
16:48:48.0505 3572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:48:48.0521 3572 circlass - ok
16:48:48.0521 3572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:48:48.0536 3572 CLFS - ok
16:48:48.0536 3572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:48.0552 3572 clr_optimization_v2.0.50727_32 - ok
16:48:48.0552 3572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:48:48.0552 3572 clr_optimization_v2.0.50727_64 - ok
16:48:48.0568 3572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:48.0568 3572 clr_optimization_v4.0.30319_32 - ok
16:48:48.0583 3572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:48:48.0583 3572 clr_optimization_v4.0.30319_64 - ok
16:48:48.0599 3572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:48:48.0599 3572 CmBatt - ok
16:48:48.0599 3572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:48:48.0614 3572 cmdide - ok
16:48:48.0614 3572 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:48:48.0630 3572 CNG - ok
16:48:48.0646 3572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:48:48.0646 3572 Compbatt - ok
16:48:48.0646 3572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:48:48.0661 3572 CompositeBus - ok
16:48:48.0661 3572 COMSysApp - ok
16:48:48.0677 3572 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:48:48.0677 3572 cphs - ok
16:48:48.0692 3572 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
16:48:48.0692 3572 cpuz135 - ok
16:48:48.0708 3572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:48:48.0708 3572 crcdisk - ok
16:48:48.0708 3572 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:48:48.0739 3572 CryptSvc - ok
16:48:48.0739 3572 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:48:48.0755 3572 CSC - ok
16:48:48.0755 3572 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:48:48.0770 3572 CscService - ok
16:48:48.0786 3572 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:48:48.0802 3572 DcomLaunch - ok
16:48:48.0817 3572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:48:48.0833 3572 defragsvc - ok
16:48:48.0848 3572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:48:48.0864 3572 DfsC - ok
16:48:48.0864 3572 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:48:48.0895 3572 Dhcp - ok
16:48:48.0895 3572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:48:48.0911 3572 discache - ok
16:48:48.0926 3572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:48:48.0926 3572 Disk - ok
16:48:48.0926 3572 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:48:48.0942 3572 Dnscache - ok
16:48:48.0942 3572 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:48:48.0973 3572 dot3svc - ok
16:48:48.0973 3572 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:48:48.0989 3572 DPS - ok
16:48:49.0004 3572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:48:49.0004 3572 drmkaud - ok
16:48:49.0020 3572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:48:49.0036 3572 DXGKrnl - ok
16:48:49.0036 3572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:48:49.0067 3572 EapHost - ok
16:48:49.0082 3572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:48:49.0114 3572 ebdrv - ok
16:48:49.0129 3572 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:48:49.0129 3572 EFS - ok
16:48:49.0129 3572 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:48:49.0145 3572 ehRecvr - ok
16:48:49.0160 3572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:48:49.0160 3572 ehSched - ok
16:48:49.0176 3572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:48:49.0176 3572 elxstor - ok
16:48:49.0192 3572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:48:49.0192 3572 ErrDev - ok
16:48:49.0207 3572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:48:49.0223 3572 EventSystem - ok
16:48:49.0238 3572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:48:49.0254 3572 exfat - ok
16:48:49.0254 3572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:48:49.0285 3572 fastfat - ok
16:48:49.0285 3572 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:48:49.0301 3572 Fax - ok
16:48:49.0301 3572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:48:49.0316 3572 fdc - ok
16:48:49.0316 3572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:48:49.0332 3572 fdPHost - ok
16:48:49.0348 3572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:48:49.0363 3572 FDResPub - ok
16:48:49.0363 3572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:48:49.0379 3572 FileInfo - ok
16:48:49.0379 3572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:48:49.0394 3572 Filetrace - ok
16:48:49.0410 3572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:49.0410 3572 flpydisk - ok
16:48:49.0410 3572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:48:49.0426 3572 FltMgr - ok
16:48:49.0441 3572 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:48:49.0457 3572 FontCache - ok
16:48:49.0457 3572 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:48:49.0457 3572 FontCache3.0.0.0 - ok
16:48:49.0472 3572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:48:49.0472 3572 FsDepends - ok
16:48:49.0472 3572 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:48:49.0488 3572 Fs_Rec - ok
16:48:49.0488 3572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:48:49.0504 3572 fvevol - ok
16:48:49.0504 3572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:48:49.0504 3572 gagp30kx - ok
16:48:49.0519 3572 gdrv - ok
16:48:49.0519 3572 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:49.0519 3572 GEARAspiWDM - ok
16:48:49.0535 3572 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:48:49.0550 3572 gpsvc - ok
16:48:49.0566 3572 GPU-Z - ok
16:48:49.0566 3572 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
16:48:49.0566 3572 hcmon - ok
16:48:49.0582 3572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:48:49.0582 3572 hcw85cir - ok
16:48:49.0597 3572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:48:49.0597 3572 HdAudAddService - ok
16:48:49.0613 3572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:48:49.0613 3572 HDAudBus - ok
16:48:49.0628 3572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:48:49.0628 3572 HidBatt - ok
16:48:49.0628 3572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:48:49.0644 3572 HidBth - ok
16:48:49.0644 3572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:48:49.0660 3572 HidIr - ok
16:48:49.0660 3572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:48:49.0675 3572 hidserv - ok
16:48:49.0691 3572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:48:49.0691 3572 HidUsb - ok
16:48:49.0691 3572 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:48:49.0722 3572 hkmsvc - ok
16:48:49.0722 3572 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:48:49.0738 3572 HomeGroupListener - ok
16:48:49.0738 3572 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:48:49.0753 3572 HomeGroupProvider - ok
16:48:49.0753 3572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:48:49.0753 3572 HpSAMD - ok
16:48:49.0769 3572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:48:49.0784 3572 HTTP - ok
16:48:49.0800 3572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:48:49.0800 3572 hwpolicy - ok
16:48:49.0816 3572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:48:49.0816 3572 i8042prt - ok
16:48:49.0831 3572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:48:49.0831 3572 iaStorV - ok
16:48:49.0847 3572 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:48:49.0847 3572 idsvc - ok
16:48:49.0940 3572 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:48:50.0081 3572 igfx - ok
16:48:50.0096 3572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:48:50.0096 3572 iirsp - ok
16:48:50.0112 3572 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:48:50.0128 3572 IKEEXT - ok
16:48:50.0143 3572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:48:50.0143 3572 intelide - ok
16:48:50.0143 3572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:48:50.0159 3572 intelppm - ok
16:48:50.0159 3572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:48:50.0174 3572 IPBusEnum - ok
16:48:50.0190 3572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:50.0206 3572 IpFilterDriver - ok
16:48:50.0221 3572 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:48:50.0237 3572 iphlpsvc - ok
16:48:50.0237 3572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:48:50.0252 3572 IPMIDRV - ok
16:48:50.0252 3572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:48:50.0284 3572 IPNAT - ok
16:48:50.0284 3572 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:48:50.0299 3572 iPod Service - ok
16:48:50.0299 3572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:48:50.0315 3572 IRENUM - ok
16:48:50.0315 3572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:48:50.0330 3572 isapnp - ok
16:48:50.0330 3572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:48:50.0346 3572 iScsiPrt - ok
16:48:50.0346 3572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:50.0346 3572 kbdclass - ok
16:48:50.0362 3572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:48:50.0362 3572 kbdhid - ok
16:48:50.0362 3572 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:50.0377 3572 KeyIso - ok
16:48:50.0377 3572 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:48:50.0393 3572 KSecDD - ok
16:48:50.0393 3572 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:48:50.0393 3572 KSecPkg - ok
16:48:50.0408 3572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:48:50.0424 3572 ksthunk - ok
16:48:50.0424 3572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:48:50.0455 3572 KtmRm - ok
16:48:50.0455 3572 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:48:50.0486 3572 LanmanServer - ok
16:48:50.0486 3572 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:48:50.0502 3572 LanmanWorkstation - ok
16:48:50.0518 3572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:48:50.0533 3572 lltdio - ok
16:48:50.0533 3572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:48:50.0564 3572 lltdsvc - ok
16:48:50.0564 3572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:48:50.0580 3572 lmhosts - ok
16:48:50.0596 3572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:48:50.0596 3572 LSI_FC - ok
16:48:50.0611 3572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:48:50.0611 3572 LSI_SAS - ok
16:48:50.0611 3572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:48:50.0627 3572 LSI_SAS2 - ok
16:48:50.0627 3572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:48:50.0627 3572 LSI_SCSI - ok
16:48:50.0642 3572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:48:50.0658 3572 luafv - ok
16:48:50.0674 3572 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
16:48:50.0674 3572 LVRS64 - ok
16:48:50.0705 3572 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:48:50.0767 3572 LVUVC64 - ok
16:48:50.0767 3572 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:48:50.0783 3572 Mcx2Svc - ok
16:48:50.0783 3572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:48:50.0783 3572 megasas - ok
16:48:50.0798 3572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:48:50.0798 3572 MegaSR - ok
16:48:50.0814 3572 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:48:50.0814 3572 MEIx64 - ok
16:48:50.0814 3572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:48:50.0845 3572 MMCSS - ok
16:48:50.0845 3572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:48:50.0861 3572 Modem - ok
16:48:50.0876 3572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:48:50.0876 3572 monitor - ok
16:48:50.0892 3572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:48:50.0892 3572 mouclass - ok
16:48:50.0892 3572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:48:50.0908 3572 mouhid - ok
16:48:50.0908 3572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:48:50.0908 3572 mountmgr - ok
16:48:50.0923 3572 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:48:50.0923 3572 MpFilter - ok
16:48:50.0939 3572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:48:50.0954 3572 mpio - ok
16:48:50.0954 3572 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:48:50.0970 3572 MpNWMon - ok
16:48:50.0970 3572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:48:50.0986 3572 mpsdrv - ok
16:48:51.0001 3572 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:48:51.0017 3572 MpsSvc - ok
16:48:51.0032 3572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:48:51.0032 3572 MRxDAV - ok
16:48:51.0048 3572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:51.0048 3572 mrxsmb - ok
16:48:51.0064 3572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:51.0064 3572 mrxsmb10 - ok
16:48:51.0079 3572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:51.0079 3572 mrxsmb20 - ok
16:48:51.0079 3572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:48:51.0095 3572 msahci - ok
16:48:51.0095 3572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:48:51.0110 3572 msdsm - ok
16:48:51.0110 3572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:48:51.0110 3572 MSDTC - ok
16:48:51.0126 3572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:48:51.0142 3572 Msfs - ok
16:48:51.0157 3572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:48:51.0173 3572 mshidkmdf - ok
16:48:51.0173 3572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:48:51.0173 3572 msisadrv - ok
16:48:51.0188 3572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:48:51.0204 3572 MSiSCSI - ok
16:48:51.0204 3572 msiserver - ok
16:48:51.0220 3572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:48:51.0235 3572 MSKSSRV - ok
16:48:51.0235 3572 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:48:51.0251 3572 MsMpSvc - ok
16:48:51.0251 3572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:51.0266 3572 MSPCLOCK - ok
16:48:51.0282 3572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:48:51.0298 3572 MSPQM - ok
16:48:51.0298 3572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:48:51.0313 3572 MsRPC - ok
16:48:51.0313 3572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:48:51.0329 3572 mssmbios - ok
16:48:51.0329 3572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:48:51.0344 3572 MSTEE - ok
16:48:51.0360 3572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:48:51.0360 3572 MTConfig - ok
16:48:51.0360 3572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:48:51.0376 3572 Mup - ok
16:48:51.0376 3572 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:48:51.0407 3572 napagent - ok
16:48:51.0407 3572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:48:51.0422 3572 NativeWifiP - ok
16:48:51.0438 3572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:48:51.0454 3572 NDIS - ok
16:48:51.0454 3572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:51.0469 3572 NdisCap - ok
16:48:51.0485 3572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:51.0500 3572 NdisTapi - ok
16:48:51.0500 3572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:51.0516 3572 Ndisuio - ok
16:48:51.0532 3572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:51.0547 3572 NdisWan - ok
16:48:51.0563 3572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:48:51.0578 3572 NDProxy - ok
16:48:51.0578 3572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:48:51.0594 3572 NetBIOS - ok
16:48:51.0610 3572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:48:51.0625 3572 NetBT - ok
16:48:51.0641 3572 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:51.0641 3572 Netlogon - ok
16:48:51.0641 3572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:48:51.0672 3572 Netman - ok
16:48:51.0672 3572 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:51.0688 3572 NetMsmqActivator - ok
16:48:51.0688 3572 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:51.0688 3572 NetPipeActivator - ok
16:48:51.0688 3572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:48:51.0719 3572 netprofm - ok
16:48:51.0719 3572 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:51.0734 3572 NetTcpActivator - ok
16:48:51.0734 3572 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:51.0734 3572 NetTcpPortSharing - ok
16:48:51.0734 3572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:48:51.0750 3572 nfrd960 - ok
16:48:51.0750 3572 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:48:51.0750 3572 NisDrv - ok
16:48:51.0766 3572 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:48:51.0766 3572 NisSrv - ok
16:48:51.0781 3572 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:48:51.0797 3572 NlaSvc - ok
16:48:51.0812 3572 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
16:48:51.0812 3572 NPF - ok
16:48:51.0812 3572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:48:51.0844 3572 Npfs - ok
16:48:51.0844 3572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:48:51.0859 3572 nsi - ok
16:48:51.0859 3572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:48:51.0890 3572 nsiproxy - ok
16:48:51.0906 3572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:48:51.0922 3572 Ntfs - ok
16:48:51.0922 3572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:48:51.0953 3572 Null - ok
16:48:51.0953 3572 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
16:48:51.0953 3572 NVHDA - ok
16:48:52.0046 3572 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:48:52.0156 3572 nvlddmkm - ok
16:48:52.0171 3572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:48:52.0171 3572 nvraid - ok
16:48:52.0187 3572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:48:52.0187 3572 nvstor - ok
16:48:52.0202 3572 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
16:48:52.0218 3572 nvsvc - ok
16:48:52.0234 3572 nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:48:52.0265 3572 nvUpdatusService - ok
16:48:52.0265 3572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:48:52.0265 3572 nv_agp - ok
16:48:52.0280 3572 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:48:52.0280 3572 odserv - ok
16:48:52.0296 3572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:48:52.0296 3572 ohci1394 - ok
16:48:52.0312 3572 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:52.0312 3572 ose - ok
16:48:52.0312 3572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:52.0327 3572 p2pimsvc - ok
16:48:52.0327 3572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:48:52.0343 3572 p2psvc - ok
16:48:52.0343 3572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:48:52.0358 3572 Parport - ok
16:48:52.0358 3572 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:48:52.0374 3572 partmgr - ok
16:48:52.0374 3572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:48:52.0390 3572 PcaSvc - ok
16:48:52.0390 3572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:48:52.0405 3572 pci - ok
16:48:52.0405 3572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:48:52.0405 3572 pciide - ok
16:48:52.0421 3572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:52.0421 3572 pcmcia - ok
16:48:52.0421 3572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:48:52.0436 3572 pcw - ok
16:48:52.0436 3572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:48:52.0468 3572 PEAUTH - ok
16:48:52.0483 3572 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:48:52.0499 3572 PeerDistSvc - ok
16:48:52.0499 3572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:48:52.0514 3572 PerfHost - ok
16:48:52.0530 3572 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:48:52.0561 3572 pla - ok
16:48:52.0577 3572 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:48:52.0592 3572 PlugPlay - ok
16:48:52.0592 3572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:48:52.0592 3572 PNRPAutoReg - ok
16:48:52.0608 3572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:52.0608 3572 PNRPsvc - ok
16:48:52.0624 3572 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:48:52.0639 3572 PolicyAgent - ok
16:48:52.0655 3572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:48:52.0670 3572 Power - ok
16:48:52.0686 3572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:52.0702 3572 PptpMiniport - ok
16:48:52.0702 3572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:48:52.0717 3572 Processor - ok
16:48:52.0717 3572 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:48:52.0733 3572 ProfSvc - ok
16:48:52.0748 3572 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:52.0748 3572 ProtectedStorage - ok
16:48:52.0764 3572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:48:52.0780 3572 Psched - ok
16:48:52.0795 3572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:48:52.0811 3572 ql2300 - ok
16:48:52.0826 3572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:48:52.0826 3572 ql40xx - ok
16:48:52.0826 3572 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:48:52.0842 3572 QWAVE - ok
16:48:52.0842 3572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:48:52.0858 3572 QWAVEdrv - ok
16:48:52.0858 3572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:52.0873 3572 RasAcd - ok
16:48:52.0889 3572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:52.0904 3572 RasAgileVpn - ok
16:48:52.0904 3572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:48:52.0936 3572 RasAuto - ok
16:48:52.0936 3572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:52.0951 3572 Rasl2tp - ok
16:48:52.0967 3572 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:48:52.0982 3572 RasMan - ok
16:48:52.0998 3572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:53.0014 3572 RasPppoe - ok
16:48:53.0014 3572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:53.0029 3572 RasSstp - ok
16:48:53.0045 3572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:53.0060 3572 rdbss - ok
16:48:53.0076 3572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:48:53.0076 3572 rdpbus - ok
16:48:53.0092 3572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:53.0107 3572 RDPCDD - ok
16:48:53.0107 3572 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:48:53.0123 3572 RDPDR - ok
16:48:53.0123 3572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:48:53.0138 3572 RDPENCDD - ok
16:48:53.0154 3572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:48:53.0170 3572 RDPREFMP - ok
16:48:53.0170 3572 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:48:53.0185 3572 RDPWD - ok
16:48:53.0185 3572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:48:53.0201 3572 rdyboost - ok
16:48:53.0201 3572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:48:53.0216 3572 RemoteAccess - ok
16:48:53.0232 3572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:48:53.0248 3572 RemoteRegistry - ok
16:48:53.0248 3572 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
16:48:53.0263 3572 rpcapd - ok
16:48:53.0263 3572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:48:53.0279 3572 RpcEptMapper - ok
16:48:53.0294 3572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:48:53.0294 3572 RpcLocator - ok
16:48:53.0294 3572 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:48:53.0326 3572 RpcSs - ok
16:48:53.0326 3572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:53.0357 3572 rspndr - ok
16:48:53.0357 3572 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:48:53.0372 3572 RTL8167 - ok
16:48:53.0372 3572 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:48:53.0372 3572 s3cap - ok
16:48:53.0388 3572 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:53.0388 3572 SamSs - ok
16:48:53.0388 3572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:48:53.0404 3572 sbp2port - ok
16:48:53.0404 3572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:48:53.0435 3572 SCardSvr - ok
16:48:53.0435 3572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:48:53.0450 3572 scfilter - ok
16:48:53.0466 3572 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:48:53.0497 3572 Schedule - ok
16:48:53.0497 3572 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:48:53.0513 3572 SCPolicySvc - ok
16:48:53.0528 3572 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:48:53.0528 3572 SDRSVC - ok
16:48:53.0544 3572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:48:53.0560 3572 secdrv - ok
16:48:53.0560 3572 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:48:53.0575 3572 seclogon - ok
16:48:53.0591 3572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:48:53.0606 3572 SENS - ok
16:48:53.0606 3572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:48:53.0622 3572 SensrSvc - ok
16:48:53.0622 3572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:48:53.0638 3572 Serenum - ok
16:48:53.0638 3572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:48:53.0638 3572 Serial - ok
16:48:53.0653 3572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:48:53.0653 3572 sermouse - ok
16:48:53.0669 3572 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:48:53.0684 3572 SessionEnv - ok
16:48:53.0684 3572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:48:53.0700 3572 sffdisk - ok
16:48:53.0700 3572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:53.0700 3572 sffp_mmc - ok
16:48:53.0716 3572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:48:53.0716 3572 sffp_sd - ok
16:48:53.0731 3572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:48:53.0731 3572 sfloppy - ok
16:48:53.0747 3572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:48:53.0762 3572 SharedAccess - ok
16:48:53.0762 3572 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:48:53.0794 3572 ShellHWDetection - ok
16:48:53.0794 3572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:48:53.0809 3572 SiSRaid2 - ok
16:48:53.0809 3572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:48:53.0809 3572 SiSRaid4 - ok
16:48:53.0809 3572 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:48:53.0825 3572 SkypeUpdate - ok
16:48:53.0825 3572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:48:53.0840 3572 Smb - ok
16:48:53.0856 3572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:48:53.0856 3572 SNMPTRAP - ok
16:48:53.0872 3572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:48:53.0872 3572 spldr - ok
16:48:53.0887 3572 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:48:53.0903 3572 Spooler - ok
16:48:53.0934 3572 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:48:53.0981 3572 sppsvc - ok
16:48:53.0981 3572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:48:53.0996 3572 sppuinotify - ok
16:48:54.0012 3572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:48:54.0028 3572 srv - ok
16:48:54.0028 3572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:48:54.0043 3572 srv2 - ok
16:48:54.0043 3572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:54.0059 3572 srvnet - ok
16:48:54.0059 3572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:48:54.0074 3572 SSDPSRV - ok
16:48:54.0090 3572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:48:54.0106 3572 SstpSvc - ok
16:48:54.0106 3572 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:48:54.0121 3572 Stereo Service - ok
16:48:54.0121 3572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:48:54.0121 3572 stexstor - ok
16:48:54.0137 3572 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:48:54.0152 3572 stisvc - ok
16:48:54.0152 3572 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:48:54.0168 3572 storflt - ok
16:48:54.0168 3572 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:48:54.0168 3572 StorSvc - ok
16:48:54.0184 3572 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:48:54.0184 3572 storvsc - ok
16:48:54.0184 3572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:48:54.0199 3572 swenum - ok
16:48:54.0199 3572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:48:54.0230 3572 swprv - ok
16:48:54.0246 3572 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:48:54.0262 3572 SysMain - ok
16:48:54.0277 3572 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:48:54.0277 3572 TabletInputService - ok
16:48:54.0293 3572 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:48:54.0308 3572 TapiSrv - ok
16:48:54.0308 3572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:48:54.0340 3572 TBS - ok
16:48:54.0355 3572 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:48:54.0371 3572 Tcpip - ok
16:48:54.0386 3572 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:54.0418 3572 TCPIP6 - ok
16:48:54.0418 3572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:48:54.0433 3572 tcpipreg - ok
16:48:54.0449 3572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:48:54.0449 3572 TDPIPE - ok
16:48:54.0464 3572 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:48:54.0464 3572 TDTCP - ok
16:48:54.0464 3572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:48:54.0496 3572 tdx - ok
16:48:54.0496 3572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:48:54.0496 3572 TermDD - ok
16:48:54.0511 3572 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:48:54.0527 3572 TermService - ok
16:48:54.0542 3572 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:48:54.0542 3572 Themes - ok
16:48:54.0558 3572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:48:54.0574 3572 THREADORDER - ok
16:48:54.0574 3572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:48:54.0605 3572 TrkWks - ok
16:48:54.0605 3572 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
16:48:54.0605 3572 truecrypt - ok
16:48:54.0620 3572 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:48:54.0636 3572 TrustedInstaller - ok
16:48:54.0636 3572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:54.0667 3572 tssecsrv - ok
16:48:54.0667 3572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:48:54.0667 3572 TsUsbFlt - ok
16:48:54.0683 3572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:48:54.0698 3572 tunnel - ok
16:48:54.0698 3572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:48:54.0714 3572 uagp35 - ok
16:48:54.0714 3572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:48:54.0745 3572 udfs - ok
16:48:54.0745 3572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:48:54.0761 3572 UI0Detect - ok
16:48:54.0761 3572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:48:54.0761 3572 uliagpkx - ok
16:48:54.0776 3572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:48:54.0776 3572 umbus - ok
16:48:54.0776 3572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:48:54.0792 3572 UmPass - ok
16:48:54.0792 3572 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:48:54.0808 3572 UmRdpService - ok
16:48:54.0808 3572 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:48:54.0823 3572 UMVPFSrv - ok
16:48:54.0823 3572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:48:54.0854 3572 upnphost - ok
16:48:54.0854 3572 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:48:54.0854 3572 USBAAPL64 - ok
16:48:54.0870 3572 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:48:54.0870 3572 usbaudio - ok
16:48:54.0886 3572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:54.0886 3572 usbccgp - ok
16:48:54.0886 3572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:48:54.0901 3572 usbcir - ok
16:48:54.0901 3572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:48:54.0917 3572 usbehci - ok
16:48:54.0917 3572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:48:54.0932 3572 usbhub - ok
16:48:54.0932 3572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:48:54.0932 3572 usbohci - ok
16:48:54.0948 3572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:48:54.0948 3572 usbprint - ok
16:48:54.0964 3572 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:48:54.0964 3572 usbscan - ok
16:48:54.0979 3572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:48:54.0979 3572 USBSTOR - ok
16:48:54.0979 3572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:48:54.0995 3572 usbuhci - ok
16:48:54.0995 3572 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:48:55.0010 3572 usbvideo - ok
16:48:55.0010 3572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:48:55.0026 3572 UxSms - ok
16:48:55.0042 3572 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:55.0042 3572 VaultSvc - ok
16:48:55.0042 3572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:48:55.0057 3572 vdrvroot - ok
16:48:55.0057 3572 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:48:55.0088 3572 vds - ok
16:48:55.0088 3572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:55.0104 3572 vga - ok
16:48:55.0104 3572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:48:55.0120 3572 VgaSave - ok
16:48:55.0135 3572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:48:55.0135 3572 vhdmp - ok
16:48:55.0135 3572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:48:55.0151 3572 viaide - ok
16:48:55.0151 3572 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:48:55.0166 3572 vmbus - ok
16:48:55.0166 3572 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:48:55.0166 3572 VMBusHID - ok
16:48:55.0182 3572 VMnetAdapter - ok
16:48:55.0182 3572 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
16:48:55.0198 3572 VMUSBArbService - ok
16:48:55.0198 3572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:48:55.0213 3572 volmgr - ok
16:48:55.0213 3572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:48:55.0229 3572 volmgrx - ok
16:48:55.0229 3572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:48:55.0244 3572 volsnap - ok
16:48:55.0244 3572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:48:55.0260 3572 vsmraid - ok
16:48:55.0276 3572 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:48:55.0307 3572 VSS - ok
16:48:55.0307 3572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:48:55.0307 3572 vwifibus - ok
16:48:55.0322 3572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:48:55.0338 3572 W32Time - ok
16:48:55.0354 3572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:48:55.0354 3572 WacomPen - ok
16:48:55.0369 3572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:55.0385 3572 WANARP - ok
16:48:55.0385 3572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:55.0400 3572 Wanarpv6 - ok
16:48:55.0416 3572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:48:55.0432 3572 WatAdminSvc - ok
16:48:55.0447 3572 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:48:55.0463 3572 wbengine - ok
16:48:55.0463 3572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:48:55.0478 3572 WbioSrvc - ok
16:48:55.0494 3572 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:48:55.0494 3572 wcncsvc - ok
16:48:55.0510 3572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:48:55.0510 3572 WcsPlugInService - ok
16:48:55.0525 3572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:48:55.0525 3572 Wd - ok
16:48:55.0525 3572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:48:55.0541 3572 Wdf01000 - ok
16:48:55.0556 3572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:48:55.0572 3572 WdiServiceHost - ok
16:48:55.0572 3572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:48:55.0572 3572 WdiSystemHost - ok
16:48:55.0588 3572 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:48:55.0588 3572 WebClient - ok
16:48:55.0603 3572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:48:55.0619 3572 Wecsvc - ok
16:48:55.0634 3572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:48:55.0650 3572 wercplsupport - ok
16:48:55.0650 3572 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:48:55.0666 3572 WerSvc - ok
16:48:55.0681 3572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:48:55.0697 3572 WfpLwf - ok
16:48:55.0697 3572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:48:55.0712 3572 WIMMount - ok
16:48:55.0712 3572 WinDefend - ok
16:48:55.0712 3572 WinHttpAutoProxySvc - ok
16:48:55.0728 3572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:48:55.0744 3572 Winmgmt - ok
16:48:55.0759 3572 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:48:55.0790 3572 WinRM - ok
16:48:55.0806 3572 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:48:55.0806 3572 WinUsb - ok
16:48:55.0822 3572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:48:55.0837 3572 Wlansvc - ok
16:48:55.0853 3572 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:48:55.0884 3572 wlidsvc - ok
16:48:55.0884 3572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:48:55.0900 3572 WmiAcpi - ok
16:48:55.0900 3572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:48:55.0915 3572 wmiApSrv - ok
16:48:55.0915 3572 WMPNetworkSvc - ok
16:48:55.0915 3572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:48:55.0915 3572 WPCSvc - ok
16:48:55.0931 3572 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:48:55.0931 3572 WPDBusEnum - ok
16:48:55.0946 3572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:48:55.0962 3572 ws2ifsl - ok
16:48:55.0962 3572 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:48:55.0978 3572 wscsvc - ok
16:48:55.0978 3572 WSearch - ok
16:48:56.0040 3572 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:48:56.0087 3572 wuauserv - ok
16:48:56.0087 3572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:48:56.0118 3572 WudfPf - ok
16:48:56.0118 3572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:56.0134 3572 WUDFRd - ok
16:48:56.0149 3572 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:48:56.0165 3572 wudfsvc - ok
16:48:56.0165 3572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:48:56.0180 3572 WwanSvc - ok
16:48:56.0180 3572 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:48:56.0196 3572 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
16:48:56.0196 3572 \Device\Harddisk1\DR1 - detected TDSS File System (1)
16:48:56.0196 3572 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:48:56.0633 3572 \Device\Harddisk0\DR0 - ok
16:48:56.0633 3572 Boot (0x1200) (1031041d60d19c8c865effc5219156cb) \Device\Harddisk1\DR1\Partition0
16:48:56.0648 3572 \Device\Harddisk1\DR1\Partition0 - ok
16:48:56.0648 3572 Boot (0x1200) (b14ba4db8d9a5f4d15836f58ccdd9fb2) \Device\Harddisk1\DR1\Partition1
16:48:56.0648 3572 \Device\Harddisk1\DR1\Partition1 - ok
16:48:56.0648 3572 Boot (0x1200) (a92fd92949324f438998a7e9444d8704) \Device\Harddisk0\DR0\Partition0
16:48:56.0648 3572 \Device\Harddisk0\DR0\Partition0 - ok
16:48:56.0648 3572 ============================================================
16:48:56.0648 3572 Scan finished
16:48:56.0648 3572 ============================================================
16:48:56.0648 3548 Detected object count: 1
16:48:56.0648 3548 Actual detected object count: 1
16:49:14.0963 3548 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
16:49:14.0963 3548 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
16:49:22.0155 5072 Deinitialize success

Listpart
ListParts by Farbar Version: 12-03-2012 03
Ran by thebeast (administrator) on 20-04-2012 at 16:50:37
Windows 7 (X64)
Running From: C:\Users\thebeast\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 8109.11 MB
Available physical RAM: 6696.29 MB
Total Pagefile: 16216.41 MB
Available Pagefile: 14710.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:62.06 GB) NTFS
3 Drive e: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1788.7 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1863 GB 0 B
Disk 1 Online 111 GB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E New Volume NTFS Partition 1863 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 111 GB Healthy Boot

======================================================================================================

****** End Of Log ******


Malwarebytes
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
thebeast :: THEBEAST-PC [administrator]

4/20/2012 4:51:53 PM
mbam-log-2012-04-20 (16-51-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216288
Time elapsed: 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


RougeKiller
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: thebeast [Admin rights]
Mode: Scan -- Date: 04/20/2012 16:54:49

Bad processes: 0

Registry Entries: 3
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD20EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] f998f7a9a852f00289298ac4fc9a0d1e
[BSP] 366c8709a1754ca4858a93829f82ac83 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ADATA SSD S511 120GB ATA Device +++++
--- User ---
[MBR] 850e4cae8837e1c28e77526f957c3605
[BSP] 2007f0878f01d83083bafa3f10ae8767 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users