Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware / Malware infection not picked up by scans


  • This topic is locked This topic is locked
17 replies to this topic

#1 Jon1984

Jon1984

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 09 May 2012 - 05:39 AM

Hi.

A few weeks ago my laptop started doing strange things....first it marked the entire contents of the hard drive as hidden making it look like the computer had been formatted.

I fixed that just fine but not whenever browsing the web and selecting a link i get redirected to a random webpage (this page changes) - i click back and it tries to load the correct page but gets redirected again - on the third attempt it always works

I also dont seem to be able to run some of the programs on my hard drive - mail.exe for example is there i can see it but when i run it nothing happens

I have done scans with Trend,Panda
Spyware / Malware with SAS,Malware bytes, SBOT S&D

Im hoping someone out there can help me!!

Here is a copy of my hijackthis log





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:28, on 09/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe
C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryBurner.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEGBH0 - {9F3209E2-334B-41E9-B09C-703F398742E7} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - (no file)
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Blackmagic CheckVersion] C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\GFX\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ciscosupport.webex.com/client/WBXclient-T27L10NSP25EP3-11662/support/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B9AFEEC-78FF-47AC-AF17-668C7C850F94}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15141 bytes


*Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 09 May 2012 - 06:56 AM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 09 May 2012 - 08:18 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Edited by RPMcMurphy, 09 May 2012 - 08:19 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Jon1984

Jon1984
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 10 May 2012 - 03:05 AM

Thanks for the help RPMcMurphy

Here are the first two logs (attached)

I cant get aswMBR.exe to run (not as admin or compatability mode either)

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 10 May 2012 - 09:45 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Jon1984

Jon1984
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 14 May 2012 - 03:56 AM

Ok,

Downloaded TDSSKiller tried to run it no luck.....

Downloaded combofix to the desktop as asked and disabled all antivirus and antispyware programs....when i run combo fix i get the screen telling me it is extracting files and then it closes. Is the program meant to install somewhere? Or does the log file just get generated from that?

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 14 May 2012 - 11:21 AM

Please do this next:

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]Please include the following in your next post:
  • FRST log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Jon1984

Jon1984
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 15 May 2012 - 03:10 AM

I'm trying to boot up repair mode as suggested.....

Its been going for about half an hour.....

Black screen - windows is loading files and the progress bar is full, ill leave it on all day if I can to see if this helps, I'm not sure its going to though

#8 Jon1984

Jon1984
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 15 May 2012 - 10:30 AM

I'm trying to boot up repair mode as suggested.....

Its been going for about half an hour.....

Black screen - windows is loading files and the progress bar is full, ill leave it on all day if I can to see if this helps, I'm not sure its going to though



Ive given it 5 hours today, then tried rebooting serveral times and going straight into recovery to no luck...

#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 15 May 2012 - 11:25 AM

Please try this:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:D282699C
    @Alternate Data Stream - 1272 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:VctkQB6N3Fr0RMZLnA1WV
    @Alternate Data Stream - 1219 bytes -> C:\ProgramData\Microsoft:y0yfg6oxAzRGIwN91cvyHNFF
    @Alternate Data Stream - 1207 bytes -> C:\Program Files (x86)\Common Files\System:fGvbkFIBAHsw5jmcDQCkkPISx
    @Alternate Data Stream - 1168 bytes -> C:\Users\GFX\AppData\Local\Temp:UWsGsOpHSxCufOAYlO23W1n
    @Alternate Data Stream - 1159 bytes -> C:\ProgramData\Microsoft:xV4TXUIcEh74Es6l3SrI9vjwVP
    @Alternate Data Stream - 1129 bytes -> C:\ProgramData\Microsoft:2cgQV1XtRp58XSrq8AOcZpi
    @Alternate Data Stream - 1081 bytes -> C:\ProgramData\Microsoft:FXxyAu3rzZyq7k5r1yM74CVu9Dhd
    @Alternate Data Stream - 1053 bytes -> C:\Program Files (x86)\Common Files\System:Imzn9wcT0JHOe8itN052jcb
    :Commands
    [EmptyTemp]
    [ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Please include the following in your next post:
  • OTL Fix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 Jon1984

Jon1984
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 16 May 2012 - 02:41 AM

Done, had to run it twice as my AV blocked it the first time, disabled and re ran here are the results

All processes killed
========== OTL ==========
Unable to delete ADS C:\ProgramData\Temp:D282699C .
Unable to delete ADS C:\Program Files (x86)\Common Files\microsoft shared:VctkQB6N3Fr0RMZLnA1WV .
Unable to delete ADS C:\ProgramData\Microsoft:y0yfg6oxAzRGIwN91cvyHNFF .
Unable to delete ADS C:\Program Files (x86)\Common Files\System:fGvbkFIBAHsw5jmcDQCkkPISx .
Unable to delete ADS C:\Users\GFX\AppData\Local\Temp:UWsGsOpHSxCufOAYlO23W1n .
Unable to delete ADS C:\ProgramData\Microsoft:xV4TXUIcEh74Es6l3SrI9vjwVP .
Unable to delete ADS C:\ProgramData\Microsoft:2cgQV1XtRp58XSrq8AOcZpi .
Unable to delete ADS C:\ProgramData\Microsoft:FXxyAu3rzZyq7k5r1yM74CVu9Dhd .
Unable to delete ADS C:\Program Files (x86)\Common Files\System:Imzn9wcT0JHOe8itN052jcb .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: GFX
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24362361 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2372 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.42.3 log created on 05162012_083629

Files\Folders moved on Reboot...
File\Folder C:\Users\GFX\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6J1DSHM\statstracker[1].htm moved successfully.
C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5XI496U\yourprivacy[1].htm moved successfully.
File\Folder C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCMYTVJS\data_sync[1].htm not found!
C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCS3VYN8\xd_arbiter[1].htm moved successfully.
File\Folder C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O8NNCFJN\afr[1].htm not found!
File\Folder C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O8NNCFJN\fbab2b1d-9ee9-4fb9-958e-5dddc009eb1a[1].htm not found!
File\Folder C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8WFT98Z\desperate-housewives-final-episode-see-how-series-ends[1].htm not found!
C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8WFT98Z\rc[1].htm moved successfully.
File\Folder C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZDXKLWW\75d85c42-a75c-4a8a-808c-9da4c496538f[1].htm not found!
C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZDXKLWW\pixel[1].htm moved successfully.
File\Folder C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZDXKLWW\v=4;m=3;l=15824;c=193516;b=1681388;ts=20120516083636[1].htm not found!
C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O2S8YZZ\pixel[1].htm moved successfully.
File\Folder C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5YGY0PF4\xd_arbiter[1].htm not found!
File\Folder C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5753BMNO\data_sync[1].htm not found!
C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Q4QSYH3\contactus[1].htm moved successfully.
File\Folder C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Q4QSYH3\emily[1].htm not found!
C:\Users\GFX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CPS9F2S\517365445[1].mp4 moved successfully.

Registry entries deleted on Reboot...

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 16 May 2012 - 08:33 AM

Please try running TDSSKiller and ComboFix again. If they don't run, try them in the Safe Mode

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 Jon1984

Jon1984
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 16 May 2012 - 12:08 PM

Both ran as i would expect them to :clapping:

Here are the log files


ComboFix 12-05-16.02 - GFX 16/05/2012 16:56:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3885.2363 [GMT 1:00]
Running from: c:\users\GFX\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\users\GFX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\GFX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\GFX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\SysWow64\err.log
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-16 16:08 . 2012-05-16 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-16 13:41 . 2012-05-16 13:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-16 07:29 . 2012-05-16 07:29 -------- d-----w- C:\_OTL
2012-05-15 15:41 . 2012-05-15 15:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-15 15:40 . 2012-05-15 15:40 -------- d-----w- c:\program files (x86)\Oracle
2012-05-15 15:39 . 2012-04-04 17:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-15 12:10 . 2012-05-15 12:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2012-05-15 12:10 . 2012-05-15 12:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2012-05-15 12:10 . 2012-05-15 12:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2012-05-15 12:10 . 2012-05-15 12:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2012-05-15 12:10 . 2012-05-15 12:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2012-05-15 12:10 . 2012-05-15 12:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2012-05-15 12:10 . 2012-05-15 12:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2012-05-14 07:41 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-14 07:41 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-14 07:41 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-14 07:41 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-14 07:41 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-14 07:41 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-14 07:40 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-14 07:40 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-14 07:40 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-14 07:40 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-14 07:40 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 07:40 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-14 07:40 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 16:23 . 2012-05-08 16:23 -------- d-----w- c:\program files (x86)\Blackmagic Design
2012-05-07 08:58 . 2012-05-07 08:58 -------- d-----w- c:\users\GFX\AppData\Roaming\WAV To MP3
2012-05-07 08:57 . 2012-05-07 08:57 -------- d-----w- c:\program files (x86)\WAV To MP3
2012-05-07 08:52 . 2002-08-22 22:27 348160 ----a-w- c:\windows\SysWow64\FlatBtn6.ocx
2012-05-07 08:52 . 2001-12-12 10:35 348160 ----a-w- c:\windows\SysWow64\MEnc.ocx
2012-05-07 08:52 . 1998-06-24 00:00 140096 ----a-w- c:\windows\SysWow64\Comdlg32.ocx
2012-05-07 08:52 . 2012-05-07 08:52 -------- d-----w- c:\program files (x86)\WAV to MP3 Encoder
2012-05-07 08:46 . 2012-05-10 07:55 -------- d-----w- c:\users\GFX\AppData\Local\ElevatedDiagnostics
2012-05-02 08:53 . 2012-05-02 08:53 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-26 14:36 . 2012-04-26 14:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 14:36 . 2012-04-26 14:36 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 14:36 . 2012-04-26 14:36 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-24 07:32 . 2012-04-24 07:32 -------- d-----w- c:\users\GFX\AppData\Roaming\SPE
2012-04-23 14:57 . 2012-04-23 14:57 -------- d-----w- c:\program files (x86)\ESET
2012-04-23 14:07 . 2012-04-23 14:12 -------- d-----w- c:\users\GFX\AppData\Local\Browser Guard
2012-04-23 14:06 . 2012-04-23 14:06 -------- d-----w- c:\program files (x86)\WinPcap
2012-04-23 13:46 . 2012-04-23 13:46 -------- d-----w- c:\windows\Hewlett-Packard
2012-04-20 10:29 . 2012-04-20 09:59 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-04-20 10:29 . 2012-04-20 09:59 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-04-20 10:29 . 2012-04-20 09:59 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-04-20 10:29 . 2012-04-20 09:59 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-20 10:27 . 2012-04-20 10:27 -------- d-----w- c:\program files\Trend Micro
2012-04-20 07:56 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C40E2C23-6D90-4621-B769-B0F6A2E94683}\mpengine.dll
2012-04-19 09:51 . 2012-04-19 09:51 -------- d-----w- c:\users\GFX\AppData\Roaming\SpeedMaxPc
2012-04-19 09:51 . 2012-04-19 09:51 -------- d-----w- c:\users\GFX\AppData\Roaming\DriverCure
2012-04-19 09:50 . 2012-04-23 13:31 -------- d-----w- c:\programdata\SpeedMaxPc
2012-04-19 09:48 . 2012-04-19 09:48 -------- d-----w- c:\program files (x86)\Panda Security
2012-04-19 09:31 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-04-19 09:31 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-04-19 09:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-04-19 09:30 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-19 09:30 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-04-19 09:23 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-19 09:23 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-19 08:49 . 2012-04-19 08:49 -------- d-----w- c:\windows\system32\SPReview
2012-04-19 08:02 . 2012-04-19 08:02 53248 ----a-r- c:\users\GFX\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-04-19 07:53 . 2012-04-19 07:53 -------- d-----w- c:\users\GFX\AppData\Local\Research In Motion
2012-04-19 07:53 . 2012-04-19 07:54 -------- d-----w- c:\users\GFX\AppData\Roaming\Research In Motion
2012-04-19 07:50 . 2011-07-20 13:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-04-19 07:49 . 2012-04-19 07:49 -------- d-----w- c:\programdata\Research In Motion
2012-04-19 07:49 . 2012-04-19 07:49 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-04-19 07:49 . 2012-04-19 07:49 -------- d-----w- c:\program files (x86)\Research In Motion
2012-04-18 13:31 . 2012-04-18 13:31 -------- d-----w- c:\windows\system32\EventProviders
2012-04-17 10:16 . 2012-04-17 10:16 -------- d-----w- c:\users\GFX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 16:11 . 2012-04-07 08:45 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-20 10:28 . 2012-04-05 10:32 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-19 08:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-19 08:59 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-13 07:46 . 2011-03-28 17:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-05 10:45 . 2012-04-05 10:45 388096 ----a-r- c:\users\GFX\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 17:47 . 2011-06-07 15:55 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:40 . 2012-04-13 07:47 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-13 09:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 09:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 09:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 09:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 09:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 09:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 09:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 13:00 . 2012-02-28 13:00 133944 ----a-w- c:\windows\SysWow64\atashost.exe
2012-02-28 13:00 . 2012-02-28 13:00 215864 ----a-w- c:\windows\SysWow64\atsckernel.exe
2012-02-23 09:18 . 2012-04-04 19:31 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-04-04 19:39 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-04-04 19:39 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-04-04 19:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-04-04 19:39 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\GFX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\GFX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\GFX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\GFX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\GFX\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-12 137536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-02 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"Trend Micro Browser Guard"="c:\program files (x86)\Trend Micro\Browser Guard\BGUI.EXE" [2011-02-25 787984]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 Streaming;Blackmagic Streaming Driver;c:\windows\system32\DRIVERS\blackmagicusb.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 47128]
R4 SQLAgent$VANTAGE;SQL Server Agent (VANTAGE);c:\program files (x86)\Microsoft SQL Server\MSSQL10.VANTAGE\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-02-28 133944]
S2 MSSQL$VANTAGE;SQL Server (VANTAGE);c:\program files (x86)\Microsoft SQL Server\MSSQL10.VANTAGE\MSSQL\Binn\sqlservr.exe [2011-09-22 43028328]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3575515364-3695203141-1984625503-1000Core.job
- c:\users\GFX\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-12 18:21]
.
2012-05-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3575515364-3695203141-1984625503-1000UA.job
- c:\users\GFX\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-12 18:21]
.
2012-05-15 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\GFX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\GFX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\GFX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\GFX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"Blackmagic Streaming Server"="c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe" [2012-02-16 1103360]
"Blackmagic CheckVersion PCI"="c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe" [2012-02-16 22241408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.co.uk
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{773E1BCB-FCED-4A18-8FDA-72523402D593}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\GFX\AppData\Roaming\Mozilla\Firefox\Profiles\p5u2irh5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Blackmagic CheckVersion - c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,50,4d,86,ad,eb,59,4c,b5,a2,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,50,4d,86,ad,eb,59,4c,b5,a2,aa,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Completion time: 2012-05-16 17:36:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 16:36
.
Pre-Run: 20,966,010,880 bytes free
Post-Run: 20,857,253,888 bytes free
.
- - End Of File - - C59863EF86978CCD59A31F99F50A0F50


:busy: :busy: :busy: :busy:


14:40:22.0512 2996 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
14:40:22.0879 2996 ============================================================
14:40:22.0879 2996 Current date / time: 2012/05/16 14:40:22.0879
14:40:22.0879 2996 SystemInfo:
14:40:22.0879 2996
14:40:22.0880 2996 OS Version: 5.1.2600 ServicePack: 2.0
14:40:22.0880 2996 Product type: Workstation
14:40:22.0880 2996 ComputerName: GFXLAPTOP
14:40:22.0880 2996 UserName: GFX
14:40:22.0880 2996 Windows directory: C:\Windows
14:40:22.0880 2996 System windows directory: C:\Windows
14:40:22.0880 2996 Running under WOW64
14:40:22.0880 2996 Processor architecture: Intel x64
14:40:22.0880 2996 Number of processors: 2
14:40:22.0880 2996 Page size: 0x1000
14:40:22.0880 2996 Boot type: Normal boot
14:40:22.0880 2996 ============================================================
14:40:23.0564 2996 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:40:23.0574 2996 ============================================================
14:40:23.0574 2996 \Device\Harddisk0\DR0:
14:40:23.0574 2996 MBR partitions:
14:40:23.0574 2996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2710040, BlocksNum 0x9160742
14:40:23.0592 2996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB870F82, BlocksNum 0x19BB8B2E
14:40:23.0592 2996 ============================================================
14:40:23.0644 2996 C: <-> \Device\Harddisk0\DR0\Partition0
14:40:23.0690 2996 D: <-> \Device\Harddisk0\DR0\Partition1
14:40:23.0691 2996 ============================================================
14:40:23.0691 2996 Initialize success
14:40:23.0691 2996 ============================================================
14:40:41.0566 4960 ============================================================
14:40:41.0566 4960 Scan started
14:40:41.0566 4960 Mode: Manual; TDLFS;
14:40:41.0566 4960 ============================================================
14:40:44.0585 4960 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:40:44.0591 4960 !SASCORE - ok
14:40:44.0751 4960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:40:44.0770 4960 1394ohci - ok
14:40:44.0816 4960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:40:44.0837 4960 ACPI - ok
14:40:44.0866 4960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:40:44.0870 4960 AcpiPmi - ok
14:40:44.0935 4960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:40:44.0968 4960 adp94xx - ok
14:40:45.0011 4960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:40:45.0032 4960 adpahci - ok
14:40:45.0063 4960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:40:45.0070 4960 adpu320 - ok
14:40:45.0101 4960 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:40:45.0106 4960 AeLookupSvc - ok
14:40:45.0176 4960 AFBAgent (734d1ba96be6ad8d04e6afead569ea8a) C:\Windows\system32\FBAgent.exe
14:40:45.0200 4960 AFBAgent - ok
14:40:45.0260 4960 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:40:45.0293 4960 AFD - ok
14:40:45.0337 4960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:40:45.0341 4960 agp440 - ok
14:40:45.0382 4960 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:40:45.0386 4960 ALG - ok
14:40:45.0414 4960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:40:45.0418 4960 aliide - ok
14:40:45.0434 4960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:40:45.0438 4960 amdide - ok
14:40:45.0481 4960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:40:45.0485 4960 AmdK8 - ok
14:40:45.0495 4960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:40:45.0499 4960 AmdPPM - ok
14:40:45.0536 4960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:40:45.0542 4960 amdsata - ok
14:40:45.0575 4960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:40:45.0582 4960 amdsbs - ok
14:40:45.0594 4960 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:40:45.0597 4960 amdxata - ok
14:40:45.0713 4960 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:40:45.0730 4960 Amsp - ok
14:40:45.0797 4960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:40:45.0801 4960 AppID - ok
14:40:45.0828 4960 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:40:45.0832 4960 AppIDSvc - ok
14:40:45.0879 4960 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:40:45.0884 4960 Appinfo - ok
14:40:45.0916 4960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:40:45.0921 4960 arc - ok
14:40:45.0939 4960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:40:45.0944 4960 arcsas - ok
14:40:46.0042 4960 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
14:40:46.0047 4960 ASLDRService - ok
14:40:46.0076 4960 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
14:40:46.0080 4960 ASMMAP64 - ok
14:40:46.0101 4960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:40:46.0105 4960 AsyncMac - ok
14:40:46.0131 4960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:40:46.0135 4960 atapi - ok
14:40:46.0264 4960 atashost (2f3e8326c138f27fdded1c4e1dcb0b57) C:\Windows\SysWOW64\atashost.exe
14:40:46.0269 4960 atashost - ok
14:40:46.0426 4960 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
14:40:46.0515 4960 athr - ok
14:40:46.0576 4960 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
14:40:46.0581 4960 ATKGFNEXSrv - ok
14:40:46.0864 4960 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:40:46.0888 4960 AudioEndpointBuilder - ok
14:40:46.0900 4960 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:40:46.0908 4960 AudioSrv - ok
14:40:46.0991 4960 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:40:46.0996 4960 AxInstSV - ok
14:40:47.0071 4960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:40:47.0093 4960 b06bdrv - ok
14:40:47.0132 4960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:40:47.0149 4960 b57nd60a - ok
14:40:47.0183 4960 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:40:47.0187 4960 BDESVC - ok
14:40:47.0228 4960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:40:47.0230 4960 Beep - ok
14:40:47.0313 4960 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:40:47.0342 4960 BFE - ok
14:40:47.0398 4960 BITCOMET_HELPER_SERVICE - ok
14:40:47.0465 4960 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:40:47.0514 4960 BITS - ok
14:40:47.0573 4960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:40:47.0577 4960 blbdrive - ok
14:40:47.0679 4960 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:40:47.0700 4960 Bonjour Service - ok
14:40:47.0742 4960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:40:47.0747 4960 bowser - ok
14:40:47.0777 4960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:40:47.0780 4960 BrFiltLo - ok
14:40:47.0809 4960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:40:47.0813 4960 BrFiltUp - ok
14:40:47.0882 4960 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:40:47.0887 4960 BridgeMP - ok
14:40:47.0926 4960 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:40:47.0931 4960 Browser - ok
14:40:47.0969 4960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:40:47.0985 4960 Brserid - ok
14:40:48.0007 4960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:40:48.0011 4960 BrSerWdm - ok
14:40:48.0040 4960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:40:48.0043 4960 BrUsbMdm - ok
14:40:48.0057 4960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:40:48.0060 4960 BrUsbSer - ok
14:40:48.0075 4960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:40:48.0079 4960 BTHMODEM - ok
14:40:48.0113 4960 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:40:48.0131 4960 bthserv - ok
14:40:48.0152 4960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:40:48.0157 4960 cdfs - ok
14:40:48.0201 4960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:40:48.0207 4960 cdrom - ok
14:40:48.0260 4960 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:40:48.0265 4960 CertPropSvc - ok
14:40:48.0293 4960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:40:48.0297 4960 circlass - ok
14:40:48.0341 4960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:40:48.0364 4960 CLFS - ok
14:40:48.0422 4960 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:40:48.0436 4960 clr_optimization_v2.0.50727_32 - ok
14:40:48.0498 4960 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:40:48.0503 4960 clr_optimization_v2.0.50727_64 - ok
14:40:48.0541 4960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:40:48.0544 4960 CmBatt - ok
14:40:48.0569 4960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:40:48.0573 4960 cmdide - ok
14:40:48.0619 4960 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:40:48.0641 4960 CNG - ok
14:40:48.0709 4960 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
14:40:48.0739 4960 CnxtHdAudService - ok
14:40:48.0787 4960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:40:48.0791 4960 Compbatt - ok
14:40:48.0828 4960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:40:48.0832 4960 CompositeBus - ok
14:40:48.0849 4960 COMSysApp - ok
14:40:48.0871 4960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:40:48.0874 4960 crcdisk - ok
14:40:48.0924 4960 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:40:48.0931 4960 CryptSvc - ok
14:40:48.0998 4960 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:40:49.0043 4960 DcomLaunch - ok
14:40:49.0079 4960 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:40:49.0096 4960 defragsvc - ok
14:40:49.0147 4960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:40:49.0153 4960 DfsC - ok
14:40:49.0211 4960 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:40:49.0233 4960 Dhcp - ok
14:40:49.0269 4960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:40:49.0273 4960 discache - ok
14:40:49.0303 4960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:40:49.0307 4960 Disk - ok
14:40:49.0344 4960 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:40:49.0359 4960 Dnscache - ok
14:40:49.0410 4960 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:40:49.0426 4960 dot3svc - ok
14:40:49.0448 4960 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:40:49.0455 4960 DPS - ok
14:40:49.0490 4960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:40:49.0493 4960 drmkaud - ok
14:40:49.0572 4960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:40:49.0617 4960 DXGKrnl - ok
14:40:49.0658 4960 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:40:49.0665 4960 EapHost - ok
14:40:49.0819 4960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:40:49.0934 4960 ebdrv - ok
14:40:50.0058 4960 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:40:50.0063 4960 EFS - ok
14:40:50.0154 4960 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:40:50.0205 4960 ehRecvr - ok
14:40:50.0229 4960 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:40:50.0234 4960 ehSched - ok
14:40:50.0318 4960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:40:50.0338 4960 elxstor - ok
14:40:50.0369 4960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:40:50.0373 4960 ErrDev - ok
14:40:50.0414 4960 ETD (38b0a3e42de9b36aa56f72a5ecb62331) C:\Windows\system32\DRIVERS\ETD.sys
14:40:50.0420 4960 ETD - ok
14:40:50.0463 4960 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:40:50.0487 4960 EventSystem - ok
14:40:50.0525 4960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:40:50.0532 4960 exfat - ok
14:40:50.0556 4960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:40:50.0563 4960 fastfat - ok
14:40:50.0637 4960 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:40:50.0676 4960 Fax - ok
14:40:50.0706 4960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:40:50.0710 4960 fdc - ok
14:40:50.0752 4960 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:40:50.0757 4960 fdPHost - ok
14:40:50.0773 4960 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:40:50.0778 4960 FDResPub - ok
14:40:50.0809 4960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:40:50.0813 4960 FileInfo - ok
14:40:50.0828 4960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:40:50.0832 4960 Filetrace - ok
14:40:50.0857 4960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:40:50.0860 4960 flpydisk - ok
14:40:50.0902 4960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:40:50.0917 4960 FltMgr - ok
14:40:51.0012 4960 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:40:51.0064 4960 FontCache - ok
14:40:51.0143 4960 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:40:51.0155 4960 FontCache3.0.0.0 - ok
14:40:51.0197 4960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:40:51.0201 4960 FsDepends - ok
14:40:51.0242 4960 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
14:40:51.0246 4960 fssfltr - ok
14:40:51.0395 4960 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:40:51.0453 4960 fsssvc - ok
14:40:51.0572 4960 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:40:51.0576 4960 Fs_Rec - ok
14:40:51.0644 4960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:40:51.0651 4960 fvevol - ok
14:40:51.0676 4960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:40:51.0680 4960 gagp30kx - ok
14:40:51.0746 4960 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:40:51.0784 4960 gpsvc - ok
14:40:51.0802 4960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:40:51.0806 4960 hcw85cir - ok
14:40:51.0875 4960 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:40:51.0896 4960 HdAudAddService - ok
14:40:51.0931 4960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:40:51.0936 4960 HDAudBus - ok
14:40:51.0977 4960 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:40:51.0981 4960 HECIx64 - ok
14:40:52.0000 4960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:40:52.0004 4960 HidBatt - ok
14:40:52.0023 4960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:40:52.0029 4960 HidBth - ok
14:40:52.0048 4960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:40:52.0052 4960 HidIr - ok
14:40:52.0078 4960 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:40:52.0082 4960 hidserv - ok
14:40:52.0130 4960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:40:52.0134 4960 HidUsb - ok
14:40:52.0175 4960 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:40:52.0180 4960 hkmsvc - ok
14:40:52.0220 4960 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:40:52.0236 4960 HomeGroupListener - ok
14:40:52.0276 4960 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:40:52.0285 4960 HomeGroupProvider - ok
14:40:52.0392 4960 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:40:52.0408 4960 hpqcxs08 - ok
14:40:52.0534 4960 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:40:52.0539 4960 hpqddsvc - ok
14:40:52.0571 4960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:40:52.0575 4960 HpSAMD - ok
14:40:52.0662 4960 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:40:52.0708 4960 HPSLPSVC - ok
14:40:52.0791 4960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:40:52.0830 4960 HTTP - ok
14:40:52.0908 4960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:40:52.0911 4960 hwpolicy - ok
14:40:52.0957 4960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:40:52.0962 4960 i8042prt - ok
14:40:53.0016 4960 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
14:40:53.0022 4960 iaStor - ok
14:40:53.0075 4960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:40:53.0099 4960 iaStorV - ok
14:40:53.0210 4960 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:40:53.0244 4960 idsvc - ok
14:40:53.0778 4960 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:40:54.0045 4960 igfx - ok
14:40:54.0157 4960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:40:54.0161 4960 iirsp - ok
14:40:54.0243 4960 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:40:54.0291 4960 IKEEXT - ok
14:40:54.0329 4960 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
14:40:54.0337 4960 Impcd - ok
14:40:54.0376 4960 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:40:54.0392 4960 IntcDAud - ok
14:40:54.0424 4960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:40:54.0428 4960 intelide - ok
14:40:54.0459 4960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:40:54.0463 4960 intelppm - ok
14:40:54.0486 4960 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:40:54.0492 4960 IPBusEnum - ok
14:40:54.0529 4960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:40:54.0533 4960 IpFilterDriver - ok
14:40:54.0592 4960 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:40:54.0618 4960 iphlpsvc - ok
14:40:54.0648 4960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:40:54.0653 4960 IPMIDRV - ok
14:40:54.0679 4960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:40:54.0684 4960 IPNAT - ok
14:40:54.0712 4960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:40:54.0715 4960 IRENUM - ok
14:40:54.0758 4960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:40:54.0769 4960 isapnp - ok
14:40:54.0809 4960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:40:54.0815 4960 iScsiPrt - ok
14:40:54.0858 4960 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
14:40:54.0863 4960 JMCR - ok
14:40:54.0892 4960 JME (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys
14:40:54.0896 4960 JME - ok
14:40:54.0934 4960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:40:54.0937 4960 kbdclass - ok
14:40:54.0977 4960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:40:54.0981 4960 kbdhid - ok
14:40:55.0009 4960 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
14:40:55.0013 4960 kbfiltr - ok
14:40:55.0042 4960 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:40:55.0046 4960 KeyIso - ok
14:40:55.0063 4960 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:40:55.0068 4960 KSecDD - ok
14:40:55.0084 4960 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:40:55.0090 4960 KSecPkg - ok
14:40:55.0134 4960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:40:55.0138 4960 ksthunk - ok
14:40:55.0185 4960 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:40:55.0209 4960 KtmRm - ok
14:40:55.0280 4960 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:40:55.0297 4960 LanmanServer - ok
14:40:55.0337 4960 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:40:55.0345 4960 LanmanWorkstation - ok
14:40:55.0372 4960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:40:55.0377 4960 lltdio - ok
14:40:55.0418 4960 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:40:55.0440 4960 lltdsvc - ok
14:40:55.0456 4960 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:40:55.0461 4960 lmhosts - ok
14:40:55.0560 4960 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:40:55.0577 4960 LMS - ok
14:40:55.0614 4960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:40:55.0619 4960 LSI_FC - ok
14:40:55.0635 4960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:40:55.0640 4960 LSI_SAS - ok
14:40:55.0659 4960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:40:55.0664 4960 LSI_SAS2 - ok
14:40:55.0695 4960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:40:55.0701 4960 LSI_SCSI - ok
14:40:55.0738 4960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:40:55.0743 4960 luafv - ok
14:40:55.0782 4960 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
14:40:55.0786 4960 lullaby - ok
14:40:55.0821 4960 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:40:55.0828 4960 Mcx2Svc - ok
14:40:55.0847 4960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:40:55.0851 4960 megasas - ok
14:40:55.0887 4960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:40:55.0904 4960 MegaSR - ok
14:40:55.0932 4960 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:40:55.0938 4960 MMCSS - ok
14:40:55.0949 4960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:40:55.0953 4960 Modem - ok
14:40:55.0978 4960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:40:55.0982 4960 monitor - ok
14:40:56.0014 4960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:40:56.0019 4960 mouclass - ok
14:40:56.0036 4960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:40:56.0040 4960 mouhid - ok
14:40:56.0078 4960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:40:56.0082 4960 mountmgr - ok
14:40:56.0130 4960 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:40:56.0133 4960 MozillaMaintenance - ok
14:40:56.0169 4960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:40:56.0176 4960 mpio - ok
14:40:56.0203 4960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:40:56.0208 4960 mpsdrv - ok
14:40:56.0284 4960 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:40:56.0332 4960 MpsSvc - ok
14:40:56.0370 4960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:40:56.0377 4960 MRxDAV - ok
14:40:56.0410 4960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:40:56.0416 4960 mrxsmb - ok
14:40:56.0441 4960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:40:56.0458 4960 mrxsmb10 - ok
14:40:56.0478 4960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:40:56.0484 4960 mrxsmb20 - ok
14:40:56.0513 4960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:40:56.0517 4960 msahci - ok
14:40:56.0554 4960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:40:56.0560 4960 msdsm - ok
14:40:56.0588 4960 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:40:56.0596 4960 MSDTC - ok
14:40:56.0633 4960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:40:56.0637 4960 Msfs - ok
14:40:56.0649 4960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:40:56.0653 4960 mshidkmdf - ok
14:40:56.0675 4960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:40:56.0679 4960 msisadrv - ok
14:40:56.0720 4960 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:40:56.0727 4960 MSiSCSI - ok
14:40:56.0731 4960 msiserver - ok
14:40:56.0752 4960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:40:56.0755 4960 MSKSSRV - ok
14:40:56.0765 4960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:40:56.0768 4960 MSPCLOCK - ok
14:40:56.0773 4960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:40:56.0776 4960 MSPQM - ok
14:40:56.0827 4960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:40:56.0848 4960 MsRPC - ok
14:40:56.0878 4960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:40:56.0882 4960 mssmbios - ok
14:40:56.0977 4960 MSSQL$VANTAGE - ok
14:40:57.0045 4960 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:40:57.0050 4960 MSSQLServerADHelper100 - ok
14:40:57.0090 4960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:40:57.0093 4960 MSTEE - ok
14:40:57.0102 4960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:40:57.0106 4960 MTConfig - ok
14:40:57.0144 4960 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
14:40:57.0148 4960 MTsensor - ok
14:40:57.0177 4960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:40:57.0180 4960 Mup - ok
14:40:57.0235 4960 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:40:57.0256 4960 napagent - ok
14:40:57.0301 4960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:40:57.0316 4960 NativeWifiP - ok
14:40:57.0397 4960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:40:57.0441 4960 NDIS - ok
14:40:57.0464 4960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:40:57.0467 4960 NdisCap - ok
14:40:57.0492 4960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:40:57.0495 4960 NdisTapi - ok
14:40:57.0533 4960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:40:57.0537 4960 Ndisuio - ok
14:40:57.0579 4960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:40:57.0585 4960 NdisWan - ok
14:40:57.0619 4960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:40:57.0624 4960 NDProxy - ok
14:40:57.0679 4960 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
14:40:57.0700 4960 Net Driver HPZ12 - ok
14:40:57.0736 4960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:40:57.0740 4960 NetBIOS - ok
14:40:57.0783 4960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:40:57.0799 4960 NetBT - ok
14:40:57.0815 4960 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:40:57.0819 4960 Netlogon - ok
14:40:57.0878 4960 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:40:57.0902 4960 Netman - ok
14:40:57.0938 4960 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:40:57.0960 4960 netprofm - ok
14:40:58.0034 4960 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:40:58.0040 4960 NetTcpPortSharing - ok
14:40:58.0075 4960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:40:58.0079 4960 nfrd960 - ok
14:40:58.0143 4960 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:40:58.0166 4960 NlaSvc - ok
14:40:58.0206 4960 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
14:40:58.0225 4960 NPF - ok
14:40:58.0251 4960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:40:58.0256 4960 Npfs - ok
14:40:58.0280 4960 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:40:58.0285 4960 nsi - ok
14:40:58.0303 4960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:40:58.0307 4960 nsiproxy - ok
14:40:58.0419 4960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:40:58.0483 4960 Ntfs - ok
14:40:58.0596 4960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:40:58.0601 4960 Null - ok
14:40:58.0647 4960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:40:58.0653 4960 nvraid - ok
14:40:58.0670 4960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:40:58.0676 4960 nvstor - ok
14:40:58.0710 4960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:40:58.0715 4960 nv_agp - ok
14:40:58.0747 4960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:40:58.0751 4960 ohci1394 - ok
14:40:58.0838 4960 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:40:58.0844 4960 ose - ok
14:40:59.0127 4960 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:40:59.0270 4960 osppsvc - ok
14:40:59.0418 4960 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:40:59.0443 4960 p2pimsvc - ok
14:40:59.0488 4960 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:40:59.0513 4960 p2psvc - ok
14:40:59.0713 4960 PaceLicenseDServices (f7bac457d6ae2f7e18fa69c8180a7843) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
14:40:59.0819 4960 PaceLicenseDServices - ok
14:40:59.0946 4960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:40:59.0951 4960 Parport - ok
14:40:59.0983 4960 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:40:59.0988 4960 partmgr - ok
14:41:00.0033 4960 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:41:00.0042 4960 PcaSvc - ok
14:41:00.0079 4960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:41:00.0086 4960 pci - ok
14:41:00.0098 4960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:41:00.0102 4960 pciide - ok
14:41:00.0141 4960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:41:00.0149 4960 pcmcia - ok
14:41:00.0167 4960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:41:00.0171 4960 pcw - ok
14:41:00.0214 4960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:41:00.0246 4960 PEAUTH - ok
14:41:00.0309 4960 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:41:00.0315 4960 PerfHost - ok
14:41:00.0429 4960 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:41:00.0488 4960 pla - ok
14:41:00.0548 4960 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:41:00.0572 4960 PlugPlay - ok
14:41:00.0635 4960 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
14:41:00.0655 4960 Pml Driver HPZ12 - ok
14:41:00.0680 4960 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:41:00.0686 4960 PNRPAutoReg - ok
14:41:00.0716 4960 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:41:00.0724 4960 PNRPsvc - ok
14:41:00.0782 4960 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:41:00.0803 4960 PolicyAgent - ok
14:41:00.0840 4960 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:41:00.0846 4960 Power - ok
14:41:00.0921 4960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:41:00.0926 4960 PptpMiniport - ok
14:41:00.0952 4960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:41:00.0956 4960 Processor - ok
14:41:00.0999 4960 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:41:01.0015 4960 ProfSvc - ok
14:41:01.0040 4960 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:41:01.0044 4960 ProtectedStorage - ok
14:41:01.0105 4960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:41:01.0112 4960 Psched - ok
14:41:01.0202 4960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:41:01.0268 4960 ql2300 - ok
14:41:01.0423 4960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:41:01.0428 4960 ql40xx - ok
14:41:01.0471 4960 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:41:01.0488 4960 QWAVE - ok
14:41:01.0509 4960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:41:01.0513 4960 QWAVEdrv - ok
14:41:01.0529 4960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:41:01.0533 4960 RasAcd - ok
14:41:01.0575 4960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:41:01.0579 4960 RasAgileVpn - ok
14:41:01.0621 4960 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:41:01.0628 4960 RasAuto - ok
14:41:01.0670 4960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:41:01.0676 4960 Rasl2tp - ok
14:41:01.0726 4960 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:41:01.0752 4960 RasMan - ok
14:41:01.0781 4960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:41:01.0786 4960 RasPppoe - ok
14:41:01.0806 4960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:41:01.0811 4960 RasSstp - ok
14:41:01.0856 4960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:41:01.0871 4960 rdbss - ok
14:41:01.0889 4960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:41:01.0892 4960 rdpbus - ok
14:41:01.0911 4960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:41:01.0915 4960 RDPCDD - ok
14:41:01.0944 4960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:41:01.0949 4960 RDPENCDD - ok
14:41:01.0968 4960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:41:01.0972 4960 RDPREFMP - ok
14:41:02.0003 4960 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:41:02.0009 4960 RDPWD - ok
14:41:02.0068 4960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:41:02.0075 4960 rdyboost - ok
14:41:02.0100 4960 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:41:02.0107 4960 RemoteAccess - ok
14:41:02.0130 4960 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:41:02.0139 4960 RemoteRegistry - ok
14:41:02.0236 4960 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:41:02.0289 4960 RichVideo - ok
14:41:02.0320 4960 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:41:02.0324 4960 RimUsb - ok
14:41:02.0372 4960 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:41:02.0375 4960 RimVSerPort - ok
14:41:02.0406 4960 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
14:41:02.0409 4960 ROOTMODEM - ok
14:41:02.0451 4960 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
14:41:02.0456 4960 rpcapd - ok
14:41:02.0483 4960 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:41:02.0489 4960 RpcEptMapper - ok
14:41:02.0513 4960 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:41:02.0518 4960 RpcLocator - ok
14:41:02.0578 4960 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:41:02.0588 4960 RpcSs - ok
14:41:02.0613 4960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:41:02.0616 4960 rspndr - ok
14:41:02.0677 4960 RUBotSrv (a0eea6f631349d0e0b7a6caa7e099cb0) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
14:41:02.0701 4960 RUBotSrv - ok
14:41:02.0735 4960 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:41:02.0740 4960 SamSs - ok
14:41:02.0827 4960 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:41:02.0829 4960 SASDIFSV - ok
14:41:02.0849 4960 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:41:02.0851 4960 SASKUTIL - ok
14:41:02.0876 4960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:41:02.0881 4960 sbp2port - ok
14:41:02.0922 4960 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:41:02.0940 4960 SCardSvr - ok
14:41:02.0980 4960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:41:02.0984 4960 scfilter - ok
14:41:03.0071 4960 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:41:03.0138 4960 Schedule - ok
14:41:03.0183 4960 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:41:03.0186 4960 SCPolicySvc - ok
14:41:03.0231 4960 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:41:03.0236 4960 sdbus - ok
14:41:03.0261 4960 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:41:03.0270 4960 SDRSVC - ok
14:41:03.0308 4960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:41:03.0312 4960 secdrv - ok
14:41:03.0323 4960 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:41:03.0328 4960 seclogon - ok
14:41:03.0349 4960 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:41:03.0356 4960 SENS - ok
14:41:03.0372 4960 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:41:03.0378 4960 SensrSvc - ok
14:41:03.0445 4960 Sentinel64 (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
14:41:03.0469 4960 Sentinel64 - ok
14:41:03.0507 4960 Ser2pl (bf5783f02519b4bb3521050377da307a) C:\Windows\system32\DRIVERS\ser2pl64.sys
14:41:03.0512 4960 Ser2pl - ok
14:41:03.0542 4960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:41:03.0546 4960 Serenum - ok
14:41:03.0576 4960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:41:03.0581 4960 Serial - ok
14:41:03.0612 4960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:41:03.0616 4960 sermouse - ok
14:41:03.0672 4960 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:41:03.0679 4960 SessionEnv - ok
14:41:03.0695 4960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:41:03.0699 4960 sffdisk - ok
14:41:03.0711 4960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:41:03.0715 4960 sffp_mmc - ok
14:41:03.0722 4960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:41:03.0725 4960 sffp_sd - ok
14:41:03.0754 4960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:41:03.0757 4960 sfloppy - ok
14:41:03.0807 4960 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:41:03.0832 4960 SharedAccess - ok
14:41:03.0883 4960 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:41:03.0909 4960 ShellHWDetection - ok
14:41:03.0939 4960 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
14:41:03.0943 4960 SiSGbeLH - ok
14:41:03.0965 4960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:41:03.0969 4960 SiSRaid2 - ok
14:41:03.0986 4960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:41:03.0990 4960 SiSRaid4 - ok
14:41:04.0059 4960 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:41:04.0065 4960 SkypeUpdate - ok
14:41:04.0099 4960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:41:04.0104 4960 Smb - ok
14:41:04.0139 4960 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:41:04.0145 4960 SNMPTRAP - ok
14:41:04.0335 4960 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
14:41:04.0387 4960 SNP2UVC - ok
14:41:04.0510 4960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:41:04.0513 4960 spldr - ok
14:41:04.0569 4960 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:41:04.0600 4960 Spooler - ok
14:41:04.0882 4960 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:41:05.0011 4960 sppsvc - ok
14:41:05.0136 4960 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:41:05.0143 4960 sppuinotify - ok
14:41:05.0253 4960 SQLAgent$VANTAGE (a892134c28777978ecde8283dc57ac0f) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.VANTAGE\MSSQL\Binn\SQLAGENT.EXE
14:41:05.0274 4960 SQLAgent$VANTAGE - ok
14:41:05.0331 4960 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:41:05.0348 4960 SQLBrowser - ok
14:41:05.0440 4960 SQLWriter (f92e5f93be572b512da3c016b675ede0) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:41:05.0447 4960 SQLWriter - ok
14:41:05.0516 4960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:41:05.0538 4960 srv - ok
14:41:05.0570 4960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:41:05.0595 4960 srv2 - ok
14:41:05.0630 4960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:41:05.0636 4960 srvnet - ok
14:41:05.0684 4960 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:41:05.0700 4960 SSDPSRV - ok
14:41:05.0719 4960 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:41:05.0727 4960 SstpSvc - ok
14:41:05.0748 4960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:41:05.0752 4960 stexstor - ok
14:41:05.0827 4960 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:41:05.0858 4960 stisvc - ok
14:41:05.0901 4960 Streaming - ok
14:41:05.0928 4960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:41:05.0932 4960 swenum - ok
14:41:06.0046 4960 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:41:06.0061 4960 SwitchBoard - ok
14:41:06.0105 4960 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:41:06.0133 4960 swprv - ok
14:41:06.0245 4960 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:41:06.0288 4960 SysMain - ok
14:41:06.0394 4960 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:41:06.0401 4960 TabletInputService - ok
14:41:06.0455 4960 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:41:06.0482 4960 TapiSrv - ok
14:41:06.0511 4960 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:41:06.0518 4960 TBS - ok
14:41:06.0663 4960 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:41:06.0758 4960 Tcpip - ok
14:41:06.0981 4960 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:41:07.0005 4960 TCPIP6 - ok
14:41:07.0099 4960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:41:07.0104 4960 tcpipreg - ok
14:41:07.0142 4960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:41:07.0147 4960 TDPIPE - ok
14:41:07.0177 4960 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:41:07.0181 4960 TDTCP - ok
14:41:07.0223 4960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:41:07.0229 4960 tdx - ok
14:41:07.0283 4960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:41:07.0287 4960 TermDD - ok
14:41:07.0332 4960 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:41:07.0362 4960 TermService - ok
14:41:07.0392 4960 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:41:07.0398 4960 Themes - ok
14:41:07.0421 4960 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:41:07.0425 4960 THREADORDER - ok
14:41:07.0475 4960 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe
14:41:07.0482 4960 TlntSvr - ok
14:41:07.0547 4960 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
14:41:07.0552 4960 tmactmon - ok
14:41:07.0608 4960 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
14:41:07.0614 4960 tmcomm - ok
14:41:07.0652 4960 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
14:41:07.0657 4960 tmevtmgr - ok
14:41:07.0703 4960 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
14:41:07.0707 4960 tmtdi - ok
14:41:07.0765 4960 Tpkd (8dd33a57339adae34cdb12994acbc50f) C:\Windows\system32\drivers\Tpkd.sys
14:41:07.0770 4960 Tpkd - ok
14:41:07.0800 4960 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:41:07.0808 4960 TrkWks - ok
14:41:07.0872 4960 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:41:07.0878 4960 TrustedInstaller - ok
14:41:07.0920 4960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:41:07.0924 4960 tssecsrv - ok
14:41:07.0980 4960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:41:07.0984 4960 TsUsbFlt - ok
14:41:08.0045 4960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:41:08.0050 4960 tunnel - ok
14:41:08.0079 4960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:41:08.0084 4960 uagp35 - ok
14:41:08.0133 4960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:41:08.0155 4960 udfs - ok
14:41:08.0184 4960 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:41:08.0191 4960 UI0Detect - ok
14:41:08.0219 4960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:41:08.0223 4960 uliagpkx - ok
14:41:08.0262 4960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:41:08.0266 4960 umbus - ok
14:41:08.0295 4960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:41:08.0299 4960 UmPass - ok
14:41:08.0464 4960 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:41:08.0529 4960 UNS - ok
14:41:08.0667 4960 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:41:08.0693 4960 upnphost - ok
14:41:08.0784 4960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:41:08.0808 4960 usbccgp - ok
14:41:08.0845 4960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:41:08.0850 4960 usbcir - ok
14:41:08.0879 4960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:41:08.0883 4960 usbehci - ok
14:41:08.0910 4960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:41:08.0932 4960 usbhub - ok
14:41:08.0951 4960 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:41:08.0955 4960 usbohci - ok
14:41:08.0973 4960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:41:08.0977 4960 usbprint - ok
14:41:09.0004 4960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:41:09.0009 4960 USBSTOR - ok
14:41:09.0021 4960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:41:09.0025 4960 usbuhci - ok
14:41:09.0080 4960 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:41:09.0087 4960 usbvideo - ok
14:41:09.0113 4960 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:41:09.0119 4960 UxSms - ok
14:41:09.0150 4960 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:41:09.0154 4960 VaultSvc - ok
14:41:09.0190 4960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:41:09.0193 4960 vdrvroot - ok
14:41:09.0252 4960 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:41:09.0279 4960 vds - ok
14:41:09.0302 4960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:41:09.0306 4960 vga - ok
14:41:09.0320 4960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:41:09.0324 4960 VgaSave - ok
14:41:09.0351 4960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:41:09.0359 4960 vhdmp - ok
14:41:09.0392 4960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:41:09.0396 4960 viaide - ok
14:41:09.0424 4960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:41:09.0428 4960 volmgr - ok
14:41:09.0479 4960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:41:09.0500 4960 volmgrx - ok
14:41:09.0536 4960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:41:09.0552 4960 volsnap - ok
14:41:09.0592 4960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:41:09.0599 4960 vsmraid - ok
14:41:09.0718 4960 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:41:09.0784 4960 VSS - ok
14:41:09.0928 4960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:41:09.0931 4960 vwifibus - ok
14:41:09.0947 4960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:41:09.0951 4960 vwififlt - ok
14:41:09.0975 4960 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:41:09.0979 4960 vwifimp - ok
14:41:10.0025 4960 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:41:10.0050 4960 W32Time - ok
14:41:10.0069 4960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:41:10.0073 4960 WacomPen - ok
14:41:10.0124 4960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:41:10.0129 4960 WANARP - ok
14:41:10.0134 4960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:41:10.0137 4960 Wanarpv6 - ok
14:41:10.0216 4960 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:41:10.0256 4960 WatAdminSvc - ok
14:41:10.0369 4960 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:41:10.0414 4960 wbengine - ok
14:41:10.0555 4960 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:41:10.0572 4960 WbioSrvc - ok
14:41:10.0624 4960 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:41:10.0649 4960 wcncsvc - ok
14:41:10.0668 4960 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:41:10.0675 4960 WcsPlugInService - ok
14:41:10.0728 4960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:41:10.0732 4960 Wd - ok
14:41:10.0781 4960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:41:10.0812 4960 Wdf01000 - ok
14:41:10.0830 4960 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:41:10.0838 4960 WdiServiceHost - ok
14:41:10.0843 4960 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:41:10.0849 4960 WdiSystemHost - ok
14:41:10.0903 4960 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:41:10.0920 4960 WebClient - ok
14:41:10.0954 4960 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:41:10.0972 4960 Wecsvc - ok
14:41:10.0986 4960 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:41:10.0993 4960 wercplsupport - ok
14:41:11.0025 4960 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:41:11.0033 4960 WerSvc - ok
14:41:11.0098 4960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:41:11.0102 4960 WfpLwf - ok
14:41:11.0140 4960 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
14:41:11.0146 4960 WimFltr - ok
14:41:11.0154 4960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:41:11.0157 4960 WIMMount - ok
14:41:11.0203 4960 WinDefend - ok
14:41:11.0213 4960 WinHttpAutoProxySvc - ok
14:41:11.0268 4960 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:41:11.0284 4960 Winmgmt - ok
14:41:11.0415 4960 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:41:11.0493 4960 WinRM - ok
14:41:11.0654 4960 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:41:11.0658 4960 WinUsb - ok
14:41:11.0777 4960 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
14:41:11.0800 4960 WinVNC4 - ok
14:41:11.0867 4960 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:41:11.0914 4960 Wlansvc - ok
14:41:12.0089 4960 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:41:12.0163 4960 wlidsvc - ok
14:41:12.0308 4960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:41:12.0311 4960 WmiAcpi - ok
14:41:12.0365 4960 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:41:12.0371 4960 wmiApSrv - ok
14:41:12.0425 4960 WMPNetworkSvc - ok
14:41:12.0460 4960 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:41:12.0467 4960 WPCSvc - ok
14:41:12.0503 4960 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:41:12.0511 4960 WPDBusEnum - ok
14:41:12.0541 4960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:41:12.0546 4960 ws2ifsl - ok
14:41:12.0567 4960 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:41:12.0575 4960 wscsvc - ok
14:41:12.0580 4960 WSearch - ok
14:41:12.0726 4960 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:41:12.0791 4960 wuauserv - ok
14:41:12.0918 4960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:41:12.0923 4960 WudfPf - ok
14:41:12.0957 4960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:41:12.0963 4960 WUDFRd - ok
14:41:13.0002 4960 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:41:13.0011 4960 wudfsvc - ok
14:41:13.0039 4960 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:41:13.0056 4960 WwanSvc - ok
14:41:13.0091 4960 MBR (0x1B8) (44c997c5fe7fcba0df916fa9b911fa24) \Device\Harddisk0\DR0
14:41:13.0093 4960 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
14:41:13.0093 4960 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
14:41:13.0250 4960 Boot (0x1200) (49e9d94aa05989d3f4ab9b0981c3f99a) \Device\Harddisk0\DR0\Partition0
14:41:13.0254 4960 \Device\Harddisk0\DR0\Partition0 - ok
14:41:13.0277 4960 Boot (0x1200) (3a289744129d71807144ac64c79251e6) \Device\Harddisk0\DR0\Partition1
14:41:13.0280 4960 \Device\Harddisk0\DR0\Partition1 - ok
14:41:13.0281 4960 ============================================================
14:41:13.0281 4960 Scan finished
14:41:13.0281 4960 ============================================================
14:41:13.0299 1144 Detected object count: 1
14:41:13.0299 1144 Actual detected object count: 1
14:41:45.0723 1144 \Device\Harddisk0\DR0\# - copied to quarantine
14:41:45.0737 1144 \Device\Harddisk0\DR0 - copied to quarantine
14:41:45.0865 1144 \Device\Harddisk0\DR0 - processing error
14:42:02.0587 1144 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
14:42:07.0884 2760 ============================================================
14:42:07.0885 2760 Scan started
14:42:07.0885 2760 Mode: Manual; TDLFS;
14:42:07.0885 2760 ============================================================
14:42:08.0680 2760 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:42:08.0683 2760 !SASCORE - ok
14:42:08.0730 2760 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:42:08.0732 2760 1394ohci - ok
14:42:08.0777 2760 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:42:08.0781 2760 ACPI - ok
14:42:08.0796 2760 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:42:08.0798 2760 AcpiPmi - ok
14:42:08.0842 2760 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:42:08.0846 2760 adp94xx - ok
14:42:08.0874 2760 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:42:08.0877 2760 adpahci - ok
14:42:08.0904 2760 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:42:08.0907 2760 adpu320 - ok
14:42:08.0943 2760 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:42:08.0945 2760 AeLookupSvc - ok
14:42:08.0983 2760 AFBAgent (734d1ba96be6ad8d04e6afead569ea8a) C:\Windows\system32\FBAgent.exe
14:42:08.0988 2760 AFBAgent - ok
14:42:09.0034 2760 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:42:09.0039 2760 AFD - ok
14:42:09.0068 2760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:42:09.0070 2760 agp440 - ok
14:42:09.0091 2760 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:42:09.0093 2760 ALG - ok
14:42:09.0112 2760 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:42:09.0114 2760 aliide - ok
14:42:09.0133 2760 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:42:09.0135 2760 amdide - ok
14:42:09.0168 2760 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:42:09.0170 2760 AmdK8 - ok
14:42:09.0179 2760 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:42:09.0181 2760 AmdPPM - ok
14:42:09.0212 2760 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:42:09.0214 2760 amdsata - ok
14:42:09.0240 2760 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:42:09.0243 2760 amdsbs - ok
14:42:09.0260 2760 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:42:09.0262 2760 amdxata - ok
14:42:09.0346 2760 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:42:09.0351 2760 Amsp - ok
14:42:09.0396 2760 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:42:09.0399 2760 AppID - ok
14:42:09.0428 2760 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:42:09.0430 2760 AppIDSvc - ok
14:42:09.0479 2760 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:42:09.0482 2760 Appinfo - ok
14:42:09.0505 2760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:42:09.0507 2760 arc - ok
14:42:09.0528 2760 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:42:09.0530 2760 arcsas - ok
14:42:09.0609 2760 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
14:42:09.0612 2760 ASLDRService - ok
14:42:09.0686 2760 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
14:42:09.0687 2760 ASMMAP64 - ok
14:42:09.0712 2760 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:09.0714 2760 AsyncMac - ok
14:42:09.0742 2760 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:42:09.0744 2760 atapi - ok
14:42:09.0830 2760 atashost (2f3e8326c138f27fdded1c4e1dcb0b57) C:\Windows\SysWOW64\atashost.exe
14:42:09.0833 2760 atashost - ok
14:42:09.0984 2760 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
14:42:10.0013 2760 athr - ok
14:42:10.0077 2760 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
14:42:10.0080 2760 ATKGFNEXSrv - ok
14:42:10.0250 2760 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:42:10.0259 2760 AudioEndpointBuilder - ok
14:42:10.0271 2760 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:42:10.0278 2760 AudioSrv - ok
14:42:10.0315 2760 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:42:10.0317 2760 AxInstSV - ok
14:42:10.0372 2760 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:42:10.0377 2760 b06bdrv - ok
14:42:10.0435 2760 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:42:10.0439 2760 b57nd60a - ok
14:42:10.0486 2760 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:42:10.0489 2760 BDESVC - ok
14:42:10.0508 2760 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:42:10.0510 2760 Beep - ok
14:42:10.0571 2760 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:42:10.0581 2760 BFE - ok
14:42:10.0624 2760 BITCOMET_HELPER_SERVICE - ok
14:42:10.0691 2760 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:42:10.0705 2760 BITS - ok
14:42:10.0766 2760 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:42:10.0768 2760 blbdrive - ok
14:42:10.0839 2760 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:42:10.0844 2760 Bonjour Service - ok
14:42:10.0879 2760 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:42:10.0882 2760 bowser - ok
14:42:10.0892 2760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:42:10.0894 2760 BrFiltLo - ok
14:42:10.0914 2760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:42:10.0915 2760 BrFiltUp - ok
14:42:10.0932 2760 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:42:10.0935 2760 BridgeMP - ok
14:42:10.0976 2760 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:42:10.0979 2760 Browser - ok
14:42:11.0008 2760 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:42:11.0013 2760 Brserid - ok
14:42:11.0034 2760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:42:11.0037 2760 BrSerWdm - ok
14:42:11.0046 2760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:42:11.0048 2760 BrUsbMdm - ok
14:42:11.0062 2760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:42:11.0065 2760 BrUsbSer - ok
14:42:11.0081 2760 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:42:11.0084 2760 BTHMODEM - ok
14:42:11.0108 2760 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:42:11.0111 2760 bthserv - ok
14:42:11.0125 2760 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:42:11.0127 2760 cdfs - ok
14:42:11.0162 2760 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:42:11.0165 2760 cdrom - ok
14:42:11.0200 2760 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:42:11.0202 2760 CertPropSvc - ok
14:42:11.0222 2760 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:42:11.0224 2760 circlass - ok
14:42:11.0267 2760 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:42:11.0272 2760 CLFS - ok
14:42:11.0328 2760 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:11.0331 2760 clr_optimization_v2.0.50727_32 - ok
14:42:11.0393 2760 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:42:11.0397 2760 clr_optimization_v2.0.50727_64 - ok
14:42:11.0426 2760 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:42:11.0427 2760 CmBatt - ok
14:42:11.0454 2760 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:42:11.0456 2760 cmdide - ok
14:42:11.0503 2760 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:42:11.0508 2760 CNG - ok
14:42:11.0560 2760 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
14:42:11.0567 2760 CnxtHdAudService - ok
14:42:11.0595 2760 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:42:11.0596 2760 Compbatt - ok
14:42:11.0625 2760 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:42:11.0626 2760 CompositeBus - ok
14:42:11.0630 2760 COMSysApp - ok
14:42:11.0645 2760 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:42:11.0647 2760 crcdisk - ok
14:42:11.0688 2760 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:42:11.0692 2760 CryptSvc - ok
14:42:11.0762 2760 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:42:11.0771 2760 DcomLaunch - ok
14:42:11.0821 2760 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:42:11.0826 2760 defragsvc - ok
14:42:11.0867 2760 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:42:11.0870 2760 DfsC - ok
14:42:11.0918 2760 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:42:11.0922 2760 Dhcp - ok
14:42:11.0955 2760 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:42:11.0957 2760 discache - ok
14:42:11.0979 2760 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:42:11.0981 2760 Disk - ok
14:42:12.0018 2760 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:42:12.0022 2760 Dnscache - ok
14:42:12.0075 2760 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:42:12.0080 2760 dot3svc - ok
14:42:12.0102 2760 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:42:12.0106 2760 DPS - ok
14:42:12.0132 2760 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:42:12.0134 2760 drmkaud - ok
14:42:12.0214 2760 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:42:12.0227 2760 DXGKrnl - ok
14:42:12.0267 2760 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:42:12.0270 2760 EapHost - ok
14:42:12.0430 2760 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:42:12.0452 2760 ebdrv - ok
14:42:12.0579 2760 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:42:12.0583 2760 EFS - ok
14:42:12.0664 2760 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:42:12.0674 2760 ehRecvr - ok
14:42:12.0706 2760 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:42:12.0710 2760 ehSched - ok
14:42:12.0783 2760 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:42:12.0791 2760 elxstor - ok
14:42:12.0836 2760 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:42:12.0838 2760 ErrDev - ok
14:42:12.0870 2760 ETD (38b0a3e42de9b36aa56f72a5ecb62331) C:\Windows\system32\DRIVERS\ETD.sys
14:42:12.0873 2760 ETD - ok
14:42:12.0918 2760 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:42:12.0925 2760 EventSystem - ok
14:42:12.0958 2760 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:42:12.0962 2760 exfat - ok
14:42:12.0995 2760 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:42:12.0999 2760 fastfat - ok
14:42:13.0069 2760 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:42:13.0079 2760 Fax - ok
14:42:13.0095 2760 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:42:13.0097 2760 fdc - ok
14:42:13.0120 2760 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:42:13.0121 2760 fdPHost - ok
14:42:13.0130 2760 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:42:13.0132 2760 FDResPub - ok
14:42:13.0165 2760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:42:13.0167 2760 FileInfo - ok
14:42:13.0184 2760 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:42:13.0185 2760 Filetrace - ok
14:42:13.0203 2760 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:42:13.0204 2760 flpydisk - ok
14:42:13.0247 2760 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:42:13.0252 2760 FltMgr - ok
14:42:13.0334 2760 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:42:13.0349 2760 FontCache - ok
14:42:13.0434 2760 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:42:13.0436 2760 FontCache3.0.0.0 - ok
14:42:13.0487 2760 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:42:13.0490 2760 FsDepends - ok
14:42:13.0521 2760 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
14:42:13.0524 2760 fssfltr - ok
14:42:13.0677 2760 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:42:13.0696 2760 fsssvc - ok
14:42:13.0830 2760 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:42:13.0832 2760 Fs_Rec - ok
14:42:13.0879 2760 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:42:13.0884 2760 fvevol - ok
14:42:13.0911 2760 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:42:13.0913 2760 gagp30kx - ok
14:42:13.0981 2760 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:42:13.0993 2760 gpsvc - ok
14:42:14.0026 2760 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:42:14.0028 2760 hcw85cir - ok
14:42:14.0066 2760 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:42:14.0071 2760 HdAudAddService - ok
14:42:14.0111 2760 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:42:14.0115 2760 HDAudBus - ok
14:42:14.0135 2760 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:42:14.0137 2760 HECIx64 - ok
14:42:14.0158 2760 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:42:14.0159 2760 HidBatt - ok
14:42:14.0181 2760 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:42:14.0183 2760 HidBth - ok
14:42:14.0195 2760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:42:14.0197 2760 HidIr - ok
14:42:14.0225 2760 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:42:14.0228 2760 hidserv - ok
14:42:14.0244 2760 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:42:14.0245 2760 HidUsb - ok
14:42:14.0278 2760 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:42:14.0281 2760 hkmsvc - ok
14:42:14.0323 2760 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:42:14.0327 2760 HomeGroupListener - ok
14:42:14.0368 2760 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:42:14.0372 2760 HomeGroupProvider - ok
14:42:14.0451 2760 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:42:14.0454 2760 hpqcxs08 - ok
14:42:14.0471 2760 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:42:14.0473 2760 hpqddsvc - ok
14:42:14.0509 2760 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:42:14.0510 2760 HpSAMD - ok
14:42:14.0578 2760 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:42:14.0589 2760 HPSLPSVC - ok
14:42:14.0650 2760 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:42:14.0656 2760 HTTP - ok
14:42:14.0703 2760 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:42:14.0704 2760 hwpolicy - ok
14:42:14.0743 2760 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:42:14.0744 2760 i8042prt - ok
14:42:14.0788 2760 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
14:42:14.0791 2760 iaStor - ok
14:42:14.0836 2760 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:42:14.0840 2760 iaStorV - ok
14:42:14.0950 2760 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:42:14.0959 2760 idsvc - ok
14:42:15.0497 2760 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:42:15.0568 2760 igfx - ok
14:42:15.0699 2760 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:42:15.0701 2760 iirsp - ok
14:42:15.0774 2760 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:42:15.0787 2760 IKEEXT - ok
14:42:15.0827 2760 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
14:42:15.0830 2760 Impcd - ok
14:42:15.0863 2760 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:42:15.0868 2760 IntcDAud - ok
14:42:15.0900 2760 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:42:15.0903 2760 intelide - ok
14:42:15.0924 2760 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:42:15.0925 2760 intelppm - ok
14:42:15.0950 2760 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:42:15.0953 2760 IPBusEnum - ok
14:42:15.0993 2760 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:42:15.0995 2760 IpFilterDriver - ok
14:42:16.0057 2760 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:42:16.0066 2760 iphlpsvc - ok
14:42:16.0091 2760 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:42:16.0094 2760 IPMIDRV - ok
14:42:16.0122 2760 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:42:16.0125 2760 IPNAT - ok
14:42:16.0144 2760 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:42:16.0146 2760 IRENUM - ok
14:42:16.0169 2760 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:42:16.0171 2760 isapnp - ok
14:42:16.0209 2760 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:42:16.0214 2760 iScsiPrt - ok
14:42:16.0246 2760 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
14:42:16.0249 2760 JMCR - ok
14:42:16.0291 2760 JME (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys
14:42:16.0293 2760 JME - ok
14:42:16.0322 2760 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:42:16.0323 2760 kbdclass - ok
14:42:16.0354 2760 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:42:16.0356 2760 kbdhid - ok
14:42:16.0386 2760 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
14:42:16.0387 2760 kbfiltr - ok
14:42:16.0419 2760 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:42:16.0421 2760 KeyIso - ok
14:42:16.0439 2760 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:42:16.0441 2760 KSecDD - ok
14:42:16.0460 2760 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:42:16.0462 2760 KSecPkg - ok
14:42:16.0489 2760 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:42:16.0490 2760 ksthunk - ok
14:42:16.0539 2760 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:42:16.0543 2760 KtmRm - ok
14:42:16.0590 2760 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:42:16.0594 2760 LanmanServer - ok
14:42:16.0636 2760 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:42:16.0643 2760 LanmanWorkstation - ok
14:42:16.0661 2760 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:42:16.0664 2760 lltdio - ok
14:42:16.0706 2760 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:42:16.0713 2760 lltdsvc - ok
14:42:16.0734 2760 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:42:16.0739 2760 lmhosts - ok
14:42:16.0816 2760 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:42:16.0821 2760 LMS - ok
14:42:16.0848 2760 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:42:16.0851 2760 LSI_FC - ok
14:42:16.0862 2760 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:42:16.0865 2760 LSI_SAS - ok
14:42:16.0882 2760 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:42:16.0883 2760 LSI_SAS2 - ok
14:42:16.0895 2760 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:42:16.0897 2760 LSI_SCSI - ok
14:42:16.0917 2760 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:42:16.0919 2760 luafv - ok
14:42:16.0950 2760 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
14:42:16.0951 2760 lullaby - ok
14:42:16.0989 2760 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:42:16.0992 2760 Mcx2Svc - ok
14:42:17.0004 2760 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:42:17.0005 2760 megasas - ok
14:42:17.0043 2760 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:42:17.0046 2760 MegaSR - ok
14:42:17.0067 2760 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:42:17.0070 2760 MMCSS - ok
14:42:17.0084 2760 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:42:17.0086 2760 Modem - ok
14:42:17.0102 2760 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:42:17.0103 2760 monitor - ok
14:42:17.0127 2760 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:42:17.0129 2760 mouclass - ok
14:42:17.0148 2760 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:42:17.0150 2760 mouhid - ok
14:42:17.0189 2760 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:42:17.0191 2760 mountmgr - ok
14:42:17.0231 2760 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:42:17.0233 2760 MozillaMaintenance - ok
14:42:17.0270 2760 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:42:17.0272 2760 mpio - ok
14:42:17.0304 2760 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:42:17.0306 2760 mpsdrv - ok
14:42:17.0372 2760 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:42:17.0382 2760 MpsSvc - ok
14:42:17.0415 2760 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:42:17.0417 2760 MRxDAV - ok
14:42:17.0444 2760 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:42:17.0446 2760 mrxsmb - ok
14:42:17.0475 2760 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:42:17.0480 2760 mrxsmb10 - ok
14:42:17.0502 2760 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:42:17.0505 2760 mrxsmb20 - ok
14:42:17.0537 2760 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:42:17.0539 2760 msahci - ok
14:42:17.0578 2760 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:42:17.0581 2760 msdsm - ok
14:42:17.0612 2760 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:42:17.0617 2760 MSDTC - ok
14:42:17.0657 2760 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:42:17.0659 2760 Msfs - ok
14:42:17.0673 2760 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:42:17.0676 2760 mshidkmdf - ok
14:42:17.0699 2760 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:42:17.0701 2760 msisadrv - ok
14:42:17.0732 2760 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:42:17.0737 2760 MSiSCSI - ok
14:42:17.0743 2760 msiserver - ok
14:42:17.0775 2760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:42:17.0778 2760 MSKSSRV - ok
14:42:17.0789 2760 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:42:17.0791 2760 MSPCLOCK - ok
14:42:17.0798 2760 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:42:17.0801 2760 MSPQM - ok
14:42:17.0851 2760 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:42:17.0857 2760 MsRPC - ok
14:42:17.0891 2760 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:42:17.0893 2760 mssmbios - ok
14:42:17.0967 2760 MSSQL$VANTAGE - ok
14:42:18.0038 2760 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:42:18.0041 2760 MSSQLServerADHelper100 - ok
14:42:18.0069 2760 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:42:18.0071 2760 MSTEE - ok
14:42:18.0082 2760 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:42:18.0084 2760 MTConfig - ok
14:42:18.0113 2760 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
14:42:18.0115 2760 MTsensor - ok
14:42:18.0136 2760 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:42:18.0138 2760 Mup - ok
14:42:18.0193 2760 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:42:18.0203 2760 napagent - ok
14:42:18.0249 2760 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:42:18.0254 2760 NativeWifiP - ok
14:42:18.0310 2760 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:42:18.0323 2760 NDIS - ok
14:42:18.0344 2760 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:42:18.0347 2760 NdisCap - ok
14:42:18.0361 2760 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:42:18.0364 2760 NdisTapi - ok
14:42:18.0403 2760 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:42:18.0405 2760 Ndisuio - ok
14:42:18.0449 2760 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:42:18.0452 2760 NdisWan - ok
14:42:18.0489 2760 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:42:18.0492 2760 NDProxy - ok
14:42:18.0516 2760 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
14:42:18.0519 2760 Net Driver HPZ12 - ok
14:42:18.0540 2760 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:42:18.0542 2760 NetBIOS - ok
14:42:18.0587 2760 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:42:18.0591 2760 NetBT - ok
14:42:18.0607 2760 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:42:18.0611 2760 Netlogon - ok
14:42:18.0648 2760 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:42:18.0656 2760 Netman - ok
14:42:18.0697 2760 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:42:18.0705 2760 netprofm - ok
14:42:18.0772 2760 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:42:18.0775 2760 NetTcpPortSharing - ok
14:42:18.0801 2760 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:42:18.0804 2760 nfrd960 - ok
14:42:18.0859 2760 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:42:18.0866 2760 NlaSvc - ok
14:42:18.0888 2760 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
14:42:18.0890 2760 NPF - ok
14:42:18.0912 2760 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:42:18.0914 2760 Npfs - ok
14:42:18.0940 2760 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:42:18.0944 2760 nsi - ok
14:42:18.0963 2760 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:42:18.0965 2760 nsiproxy - ok
14:42:19.0066 2760 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:42:19.0084 2760 Ntfs - ok
14:42:19.0202 2760 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:42:19.0204 2760 Null - ok
14:42:19.0242 2760 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:42:19.0245 2760 nvraid - ok
14:42:19.0265 2760 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:42:19.0269 2760 nvstor - ok
14:42:19.0304 2760 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:42:19.0306 2760 nv_agp - ok
14:42:19.0329 2760 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:42:19.0331 2760 ohci1394 - ok
14:42:19.0411 2760 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:42:19.0414 2760 ose - ok
14:42:19.0679 2760 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:42:19.0710 2760 osppsvc - ok
14:42:19.0858 2760 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:42:19.0866 2760 p2pimsvc - ok
14:42:19.0907 2760 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:42:19.0916 2760 p2psvc - ok
14:42:20.0108 2760 PaceLicenseDServices (f7bac457d6ae2f7e18fa69c8180a7843) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
14:42:20.0129 2760 PaceLicenseDServices - ok
14:42:20.0265 2760 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:42:20.0268 2760 Parport - ok
14:42:20.0302 2760 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:42:20.0305 2760 partmgr - ok
14:42:20.0342 2760 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:42:20.0348 2760 PcaSvc - ok
14:42:20.0388 2760 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:42:20.0391 2760 pci - ok
14:42:20.0407 2760 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:42:20.0409 2760 pciide - ok
14:42:20.0449 2760 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:42:20.0453 2760 pcmcia - ok
14:42:20.0464 2760 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:42:20.0466 2760 pcw - ok
14:42:20.0512 2760 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:42:20.0520 2760 PEAUTH - ok
14:42:20.0574 2760 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:42:20.0577 2760 PerfHost - ok
14:42:20.0692 2760 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:42:20.0712 2760 pla - ok
14:42:20.0759 2760 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:42:20.0768 2760 PlugPlay - ok
14:42:20.0801 2760 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
14:42:20.0804 2760 Pml Driver HPZ12 - ok
14:42:20.0824 2760 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:42:20.0828 2760 PNRPAutoReg - ok
14:42:20.0860 2760 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:42:20.0868 2760 PNRPsvc - ok
14:42:20.0928 2760 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:42:20.0936 2760 PolicyAgent - ok
14:42:20.0995 2760 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:42:21.0001 2760 Power - ok
14:42:21.0064 2760 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:42:21.0067 2760 PptpMiniport - ok
14:42:21.0095 2760 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:42:21.0098 2760 Processor - ok
14:42:21.0142 2760 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:42:21.0148 2760 ProfSvc - ok
14:42:21.0193 2760 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:42:21.0197 2760 ProtectedStorage - ok
14:42:21.0238 2760 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:42:21.0241 2760 Psched - ok
14:42:21.0327 2760 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:42:21.0345 2760 ql2300 - ok
14:42:21.0467 2760 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:42:21.0470 2760 ql40xx - ok
14:42:21.0505 2760 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:42:21.0512 2760 QWAVE - ok
14:42:21.0531 2760 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:42:21.0534 2760 QWAVEdrv - ok
14:42:21.0551 2760 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:42:21.0554 2760 RasAcd - ok
14:42:21.0575 2760 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:42:21.0577 2760 RasAgileVpn - ok
14:42:21.0600 2760 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:42:21.0605 2760 RasAuto - ok
14:42:21.0649 2760 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:42:21.0652 2760 Rasl2tp - ok
14:42:21.0705 2760 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:42:21.0713 2760 RasMan - ok
14:42:21.0738 2760 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:42:21.0741 2760 RasPppoe - ok
14:42:21.0763 2760 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:42:21.0765 2760 RasSstp - ok
14:42:21.0813 2760 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:42:21.0818 2760 rdbss - ok
14:42:21.0834 2760 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:42:21.0836 2760 rdpbus - ok
14:42:21.0857 2760 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:42:21.0859 2760 RDPCDD - ok
14:42:21.0879 2760 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:42:21.0881 2760 RDPENCDD - ok
14:42:21.0892 2760 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:42:21.0895 2760 RDPREFMP - ok
14:42:21.0927 2760 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:42:21.0930 2760 RDPWD - ok
14:42:21.0980 2760 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:42:21.0984 2760 rdyboost - ok
14:42:22.0013 2760 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:42:22.0018 2760 RemoteAccess - ok
14:42:22.0043 2760 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:42:22.0049 2760 RemoteRegistry - ok
14:42:22.0137 2760 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:42:22.0142 2760 RichVideo - ok
14:42:22.0178 2760 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:42:22.0180 2760 RimUsb - ok
14:42:22.0218 2760 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:42:22.0220 2760 RimVSerPort - ok
14:42:22.0241 2760 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
14:42:22.0244 2760 ROOTMODEM - ok
14:42:22.0276 2760 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
14:42:22.0279 2760 rpcapd - ok
14:42:22.0307 2760 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:42:22.0312 2760 RpcEptMapper - ok
14:42:22.0337 2760 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:42:22.0341 2760 RpcLocator - ok
14:42:22.0402 2760 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:42:22.0413 2760 RpcSs - ok
14:42:22.0426 2760 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:42:22.0428 2760 rspndr - ok
14:42:22.0491 2760 RUBotSrv (a0eea6f631349d0e0b7a6caa7e099cb0) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
14:42:22.0498 2760 RUBotSrv - ok
14:42:22.0527 2760 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:42:22.0530 2760 SamSs - ok
14:42:22.0596 2760 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:42:22.0598 2760 SASDIFSV - ok
14:42:22.0606 2760 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:42:22.0608 2760 SASKUTIL - ok
14:42:22.0634 2760 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:42:22.0637 2760 sbp2port - ok
14:42:22.0681 2760 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:42:22.0687 2760 SCardSvr - ok
14:42:22.0728 2760 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:42:22.0730 2760 scfilter - ok
14:42:22.0819 2760 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:42:22.0836 2760 Schedule - ok
14:42:22.0886 2760 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:42:22.0889 2760 SCPolicySvc - ok
14:42:22.0923 2760 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:42:22.0926 2760 sdbus - ok
14:42:22.0954 2760 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:42:22.0960 2760 SDRSVC - ok
14:42:22.0989 2760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:42:22.0991 2760 secdrv - ok
14:42:23.0037 2760 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:42:23.0042 2760 seclogon - ok
14:42:23.0064 2760 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:42:23.0069 2760 SENS - ok
14:42:23.0086 2760 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:42:23.0091 2760 SensrSvc - ok
14:42:23.0126 2760 Sentinel64 (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
14:42:23.0129 2760 Sentinel64 - ok
14:42:23.0155 2760 Ser2pl (bf5783f02519b4bb3521050377da307a) C:\Windows\system32\DRIVERS\ser2pl64.sys
14:42:23.0158 2760 Ser2pl - ok
14:42:23.0191 2760 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:42:23.0193 2760 Serenum - ok
14:42:23.0214 2760 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:42:23.0217 2760 Serial - ok
14:42:23.0240 2760 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:42:23.0242 2760 sermouse - ok
14:42:23.0298 2760 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:42:23.0304 2760 SessionEnv - ok
14:42:23.0322 2760 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:42:23.0324 2760 sffdisk - ok
14:42:23.0332 2760 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:42:23.0335 2760 sffp_mmc - ok
14:42:23.0355 2760 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:42:23.0356 2760 sffp_sd - ok
14:42:23.0392 2760 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:42:23.0393 2760 sfloppy - ok
14:42:23.0432 2760 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:42:23.0437 2760 SharedAccess - ok
14:42:23.0489 2760 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:42:23.0497 2760 ShellHWDetection - ok
14:42:23.0522 2760 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
14:42:23.0524 2760 SiSGbeLH - ok
14:42:23.0537 2760 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:42:23.0539 2760 SiSRaid2 - ok
14:42:23.0558 2760 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:42:23.0561 2760 SiSRaid4 - ok
14:42:23.0621 2760 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:42:23.0624 2760 SkypeUpdate - ok
14:42:23.0649 2760 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:42:23.0653 2760 Smb - ok
14:42:23.0679 2760 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:42:23.0683 2760 SNMPTRAP - ok
14:42:23.0791 2760 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
14:42:23.0810 2760 SNP2UVC - ok
14:42:23.0928 2760 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:42:23.0930 2760 spldr - ok
14:42:23.0987 2760 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:42:23.0998 2760 Spooler - ok
14:42:24.0198 2760 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:42:24.0221 2760 sppsvc - ok
14:42:24.0334 2760 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:42:24.0340 2760 sppuinotify - ok
14:42:24.0441 2760 SQLAgent$VANTAGE (a892134c28777978ecde8283dc57ac0f) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.VANTAGE\MSSQL\Binn\SQLAGENT.EXE
14:42:24.0447 2760 SQLAgent$VANTAGE - ok
14:42:24.0519 2760 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:42:24.0523 2760 SQLBrowser - ok
14:42:24.0606 2760 SQLWriter (f92e5f93be572b512da3c016b675ede0) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:42:24.0609 2760 SQLWriter - ok
14:42:24.0682 2760 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:42:24.0690 2760 srv - ok
14:42:24.0723 2760 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:42:24.0728 2760 srv2 - ok
14:42:24.0773 2760 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:42:24.0777 2760 srvnet - ok
14:42:24.0816 2760 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:42:24.0823 2760 SSDPSRV - ok
14:42:24.0851 2760 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:42:24.0857 2760 SstpSvc - ok
14:42:24.0881 2760 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:42:24.0883 2760 stexstor - ok
14:42:24.0948 2760 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:42:24.0960 2760 stisvc - ok
14:42:24.0964 2760 Streaming - ok
14:42:24.0994 2760 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:42:24.0995 2760 swenum - ok
14:42:25.0090 2760 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:42:25.0098 2760 SwitchBoard - ok
14:42:25.0172 2760 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:42:25.0182 2760 swprv - ok
14:42:25.0310 2760 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:42:25.0334 2760 SysMain - ok
14:42:25.0482 2760 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:42:25.0488 2760 TabletInputService - ok
14:42:25.0521 2760 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:42:25.0529 2760 TapiSrv - ok
14:42:25.0556 2760 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:42:25.0561 2760 TBS - ok
14:42:25.0699 2760 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:42:25.0723 2760 Tcpip - ok
14:42:25.0959 2760 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:42:25.0976 2760 TCPIP6 - ok
14:42:26.0066 2760 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:42:26.0068 2760 tcpipreg - ok
14:42:26.0099 2760 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:42:26.0101 2760 TDPIPE - ok
14:42:26.0133 2760 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:42:26.0135 2760 TDTCP - ok
14:42:26.0179 2760 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:42:26.0182 2760 tdx - ok
14:42:26.0217 2760 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:42:26.0220 2760 TermDD - ok
14:42:26.0266 2760 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:42:26.0278 2760 TermService - ok
14:42:26.0315 2760 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:42:26.0321 2760 Themes - ok
14:42:26.0344 2760 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:42:26.0349 2760 THREADORDER - ok
14:42:26.0376 2760 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe
14:42:26.0382 2760 TlntSvr - ok
14:42:26.0416 2760 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
14:42:26.0419 2760 tmactmon - ok
14:42:26.0443 2760 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
14:42:26.0447 2760 tmcomm - ok
14:42:26.0465 2760 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
14:42:26.0468 2760 tmevtmgr - ok
14:42:26.0494 2760 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
14:42:26.0496 2760 tmtdi - ok
14:42:26.0534 2760 Tpkd (8dd33a57339adae34cdb12994acbc50f) C:\Windows\system32\drivers\Tpkd.sys
14:42:26.0537 2760 Tpkd - ok
14:42:26.0570 2760 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:42:26.0575 2760 TrkWks - ok
14:42:26.0641 2760 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:42:26.0645 2760 TrustedInstaller - ok
14:42:26.0689 2760 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:42:26.0691 2760 tssecsrv - ok
14:42:26.0743 2760 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:42:26.0745 2760 TsUsbFlt - ok
14:42:26.0792 2760 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:42:26.0795 2760 tunnel - ok
14:42:26.0826 2760 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:42:26.0829 2760 uagp35 - ok
14:42:26.0880 2760 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:42:26.0886 2760 udfs - ok
14:42:26.0920 2760 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:42:26.0924 2760 UI0Detect - ok
14:42:26.0944 2760 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:42:26.0946 2760 uliagpkx - ok
14:42:26.0976 2760 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:42:26.0978 2760 umbus - ok
14:42:27.0009 2760 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:42:27.0011 2760 UmPass - ok
14:42:27.0171 2760 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:42:27.0197 2760 UNS - ok
14:42:27.0338 2760 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:42:27.0347 2760 upnphost - ok
14:42:27.0421 2760 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:42:27.0424 2760 usbccgp - ok
14:42:27.0460 2760 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:42:27.0463 2760 usbcir - ok
14:42:27.0495 2760 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:42:27.0497 2760 usbehci - ok
14:42:27.0526 2760 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:42:27.0531 2760 usbhub - ok
14:42:27.0544 2760 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:42:27.0546 2760 usbohci - ok
14:42:27.0566 2760 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:42:27.0568 2760 usbprint - ok
14:42:27.0597 2760 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:42:27.0599 2760 USBSTOR - ok
14:42:27.0614 2760 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:42:27.0616 2760 usbuhci - ok
14:42:27.0650 2760 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:42:27.0653 2760 usbvideo - ok
14:42:27.0684 2760 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:42:27.0688 2760 UxSms - ok
14:42:27.0721 2760 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:42:27.0724 2760 VaultSvc - ok
14:42:27.0749 2760 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:42:27.0751 2760 vdrvroot - ok
14:42:27.0799 2760 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:42:27.0809 2760 vds - ok
14:42:27.0829 2760 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:42:27.0831 2760 vga - ok
14:42:27.0847 2760 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:42:27.0849 2760 VgaSave - ok
14:42:27.0878 2760 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:42:27.0882 2760 vhdmp - ok
14:42:27.0908 2760 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:42:27.0910 2760 viaide - ok
14:42:27.0939 2760 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:42:27.0942 2760 volmgr - ok
14:42:27.0995 2760 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:42:28.0000 2760 volmgrx - ok
14:42:28.0041 2760 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:42:28.0045 2760 volsnap - ok
14:42:28.0086 2760 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:42:28.0090 2760 vsmraid - ok
14:42:28.0187 2760 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:42:28.0207 2760 VSS - ok
14:42:28.0345 2760 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:42:28.0347 2760 vwifibus - ok
14:42:28.0364 2760 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:42:28.0367 2760 vwififlt - ok
14:42:28.0381 2760 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:42:28.0383 2760 vwifimp - ok
14:42:28.0431 2760 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:42:28.0440 2760 W32Time - ok
14:42:28.0475 2760 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:42:28.0477 2760 WacomPen - ok
14:42:28.0508 2760 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:42:28.0511 2760 WANARP - ok
14:42:28.0516 2760 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:42:28.0519 2760 Wanarpv6 - ok
14:42:28.0601 2760 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:42:28.0612 2760 WatAdminSvc - ok
14:42:28.0716 2760 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:42:28.0734 2760 wbengine - ok
14:42:28.0873 2760 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:42:28.0880 2760 WbioSrvc - ok
14:42:28.0931 2760 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:42:28.0940 2760 wcncsvc - ok
14:42:28.0975 2760 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:42:28.0980 2760 WcsPlugInService - ok
14:42:29.0035 2760 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:42:29.0037 2760 Wd - ok
14:42:29.0088 2760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:42:29.0097 2760 Wdf01000 - ok
14:42:29.0115 2760 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:42:29.0121 2760 WdiServiceHost - ok
14:42:29.0126 2760 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:42:29.0132 2760 WdiSystemHost - ok
14:42:29.0188 2760 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:42:29.0195 2760 WebClient - ok
14:42:29.0227 2760 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:42:29.0232 2760 Wecsvc - ok
14:42:29.0249 2760 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:42:29.0253 2760 wercplsupport - ok
14:42:29.0266 2760 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:42:29.0270 2760 WerSvc - ok
14:42:29.0317 2760 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:42:29.0318 2760 WfpLwf - ok
14:42:29.0347 2760 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
14:42:29.0350 2760 WimFltr - ok
14:42:29.0356 2760 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:42:29.0358 2760 WIMMount - ok
14:42:29.0400 2760 WinDefend - ok
14:42:29.0407 2760 WinHttpAutoProxySvc - ok
14:42:29.0464 2760 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:42:29.0467 2760 Winmgmt - ok
14:42:29.0586 2760 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:42:29.0608 2760 WinRM - ok
14:42:29.0741 2760 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:42:29.0743 2760 WinUsb - ok
14:42:29.0831 2760 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
14:42:29.0837 2760 WinVNC4 - ok
14:42:29.0899 2760 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:42:29.0914 2760 Wlansvc - ok
14:42:30.0088 2760 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:42:30.0112 2760 wlidsvc - ok
14:42:30.0240 2760 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:42:30.0242 2760 WmiAcpi - ok
14:42:30.0298 2760 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:42:30.0302 2760 wmiApSrv - ok
14:42:30.0347 2760 WMPNetworkSvc - ok
14:42:30.0382 2760 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:42:30.0387 2760 WPCSvc - ok
14:42:30.0425 2760 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:42:30.0431 2760 WPDBusEnum - ok
14:42:30.0463 2760 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:42:30.0465 2760 ws2ifsl - ok
14:42:30.0489 2760 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:42:30.0495 2760 wscsvc - ok
14:42:30.0500 2760 WSearch - ok
14:42:30.0647 2760 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:42:30.0667 2760 wuauserv - ok
14:42:30.0807 2760 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:42:30.0810 2760 WudfPf - ok
14:42:30.0845 2760 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:42:30.0848 2760 WUDFRd - ok
14:42:30.0891 2760 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:42:30.0897 2760 wudfsvc - ok
14:42:30.0928 2760 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:42:30.0935 2760 WwanSvc - ok
14:42:30.0979 2760 MBR (0x1B8) (44c997c5fe7fcba0df916fa9b911fa24) \Device\Harddisk0\DR0
14:42:30.0981 2760 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
14:42:30.0981 2760 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
14:42:31.0173 2760 Boot (0x1200) (49e9d94aa05989d3f4ab9b0981c3f99a) \Device\Harddisk0\DR0\Partition0
14:42:31.0178 2760 \Device\Harddisk0\DR0\Partition0 - ok
14:42:31.0209 2760 Boot (0x1200) (3a289744129d71807144ac64c79251e6) \Device\Harddisk0\DR0\Partition1
14:42:31.0212 2760 \Device\Harddisk0\DR0\Partition1 - ok
14:42:31.0214 2760 ============================================================
14:42:31.0214 2760 Scan finished
14:42:31.0214 2760 ============================================================
14:42:31.0226 5108 Detected object count: 1
14:42:31.0226 5108 Actual detected object count: 1
14:42:36.0390 5108 \Device\Harddisk0\DR0\# - copied to quarantine
14:42:36.0400 5108 \Device\Harddisk0\DR0 - copied to quarantine
14:42:36.0497 5108 \Device\Harddisk0\DR0 - processing error
14:42:37.0588 5108 \Device\Harddisk0\DR0 - will be restored on reboot
14:42:37.0595 5108 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
14:42:40.0232 5888 Deinitialize success

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 16 May 2012 - 10:42 PM

That's looking better! Please do this now:

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 Jon1984

Jon1984
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 May 2012 - 08:44 AM

Ok ive done as asked, when the scan finished it said it had found one rootkit and needed a restart to fix it, i did that but it did not produce a log....is there anywhere it stores it?

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 17 May 2012 - 10:01 AM

Open MBAM again and click on the 'Logs' tab. It should be easy to spot from there.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users