Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse patched_c.DCH


  • This topic is locked This topic is locked
12 replies to this topic

#1 lightblue13

lightblue13

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 04 June 2012 - 03:29 PM

Hello,

AVG has been detecting numerous TrojanHorsepatched files but is unable to remove because it is either missing or inaccessible. The requested DDS and GMER logs are below. Thank you in advance for any help that you may provide.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.909 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Users\LUIS HERNANDEZ\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\LUIS HERNANDEZ\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\luishe~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\l\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7CEDD01E-CFCC-4EF1-87C8-122FDAD86D88} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA2AE54F-2803-40FC-9F80-6E1376686C04} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DF00BAC0-6FF7-4C43-8126-9A342DFEC63B} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\l\appdata\roaming\mozilla\firefox\profiles\kn8uxtot.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B893f3e90-2965-4e23-bd26-726afbf19306%7D&mid=f134da63e07547d09dd2757a838a7b0c-004e697ebe327b109c23881ade437eba3480790e&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-04%2013%3A58%3A29&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-4 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-4 40776]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-1 129976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-14 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-14 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S4 CrossLoopService;CrossLoop Service;c:\users\luis hernandez\appdata\local\crossloop\CrossLoopService.exe [2011-1-14 560848]
S4 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2011-4-15 1646056]
S4 tvnserver;TightVNC Server;c:\users\luis hernandez\appdata\local\crossloop\tvnserver.exe [2011-1-14 814080]
.
=============== Created Last 30 ================
.
2012-06-04 18:46:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-04 18:46:25 -------- d-----w- c:\users\l\appdata\roaming\Malwarebytes
2012-06-04 18:46:20 -------- d-----w- c:\programdata\Malwarebytes
2012-06-04 18:46:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 18:46:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-04 17:59:41 -------- d-----w- c:\users\l\appdata\roaming\AVG2012
2012-06-04 17:58:56 -------- d-----w- c:\users\l\appdata\local\AVG Secure Search
2012-06-04 17:58:26 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 17:58:24 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-04 17:58:23 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 17:56:40 -------- d--h--w- c:\programdata\Common Files
2012-06-04 17:56:03 -------- d--h--w- C:\$AVG
2012-06-04 17:56:03 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 17:56:03 -------- d-----w- c:\programdata\AVG2012
2012-06-04 17:55:36 -------- d-----w- c:\program files\AVG
2012-06-04 17:53:58 -------- d-----w- c:\programdata\MFAData
2012-06-01 17:33:49 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{63d984a2-2885-4671-a544-0cda3291f5b6}\mpengine.dll
2012-05-19 05:53:57 -------- d-----r- c:\users\l\Dropbox
2012-05-19 05:50:58 -------- d-----w- c:\users\l\appdata\roaming\Dropbox
2012-05-08 23:51:56 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 23:51:51 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-08 23:51:50 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-08 23:51:49 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-08 23:51:49 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-08 23:51:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-08 23:51:36 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 23:51:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 23:51:26 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 23:51:23 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2012-04-19 08:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-19 09:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 15:03:08.89 ===============





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-04 16:28:56
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.VT10
Running: gmer.exe; Driver: C:\Users\L~1\AppData\Local\Temp\awdcqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x96EC3004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x96EC30D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x96EC2D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x96EC2E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x96EC2EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x96EC2F56]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A4A3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A83D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82A8B00C 8 Bytes [04, 30, EC, 96, D4, 30, EC, ...] {ADD AL, 0x30; IN AL, DX ; XCHG ESI, EAX; AAM 0x30; IN AL, DX ; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82A8B054 4 Bytes [76, 2D, EC, 96] {JBE 0x2f; IN AL, DX ; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82A8B324 8 Bytes [1E, 2E, EC, 96, BA, 2E, EC, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82A8B398 4 Bytes [56, 2F, EC, 96] {PUSH ESI; DAS ; IN AL, DX ; XCHG ESI, EAX}
? C:\Users\LUISHE~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ntdll.dll!LdrLoadDll 7743223E 4 Bytes JMP 6402C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1480] kernel32.dll!MapViewOfFile 750293DB 5 Bytes JMP 6425E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1480] kernel32.dll!VirtualAlloc 7502C43A 5 Bytes JMP 6425E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1480] GDI32.dll!CreateDIBSection 76A18850 5 Bytes JMP 6425E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3312] USER32.dll!SetWindowLongA 76AD8BA3 5 Bytes JMP 643B5EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3312] USER32.dll!SetWindowLongW 76AE4449 5 Bytes JMP 643B5E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3312] USER32.dll!GetWindowInfo 76AE4B5E 5 Bytes JMP 641A4822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3312] USER32.dll!TrackPopupMenu 76AF2228 5 Bytes JMP 641A4DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61
Disk \Device\Harddisk0\DR0 PE file @ sector 488392065

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 05 June 2012 - 05:18 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 lightblue13

lightblue13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 05 June 2012 - 06:14 PM

Thank you for your response. Below are the requested logs.



18:42:59.0578 4660 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
18:42:59.0968 4660 ============================================================
18:42:59.0969 4660 Current date / time: 2012/06/05 18:42:59.0968
18:42:59.0969 4660 SystemInfo:
18:42:59.0969 4660
18:42:59.0969 4660 OS Version: 6.1.7601 ServicePack: 1.0
18:42:59.0969 4660 Product type: Workstation
18:42:59.0969 4660 ComputerName: LUISHERNANDEZ
18:42:59.0969 4660 UserName: LUIS HERNANDEZ
18:42:59.0969 4660 Windows directory: C:\Windows
18:42:59.0969 4660 System windows directory: C:\Windows
18:42:59.0969 4660 Processor architecture: Intel x86
18:42:59.0969 4660 Number of processors: 2
18:42:59.0969 4660 Page size: 0x1000
18:42:59.0969 4660 Boot type: Normal boot
18:42:59.0969 4660 ============================================================
18:43:00.0214 4660 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:43:00.0347 4660 Drive \Device\Harddisk4\DR4 - Size: 0xEF800000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:43:00.0378 4660 ============================================================
18:43:00.0378 4660 \Device\Harddisk0\DR0:
18:43:00.0378 4660 MBR partitions:
18:43:00.0378 4660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C068915
18:43:00.0378 4660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C06C815, BlocksNum 0x1157D6C
18:43:00.0378 4660 \Device\Harddisk4\DR4:
18:43:00.0384 4660 MBR partitions:
18:43:00.0384 4660 \Device\Harddisk4\DR4\Partition0: MBR, Type 0xC, StartLBA 0x24, BlocksNum 0x779800
18:43:00.0384 4660 ============================================================
18:43:00.0394 4660 C: <-> \Device\Harddisk0\DR0\Partition0
18:43:00.0420 4660 E: <-> \Device\Harddisk0\DR0\Partition1
18:43:00.0420 4660 ============================================================
18:43:00.0420 4660 Initialize success
18:43:00.0420 4660 ============================================================
18:43:08.0449 5028 ============================================================
18:43:08.0449 5028 Scan started
18:43:08.0449 5028 Mode: Manual; TDLFS;
18:43:08.0449 5028 ============================================================
18:43:09.0021 5028 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:43:09.0022 5028 1394ohci - ok
18:43:09.0076 5028 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:43:09.0079 5028 ACPI - ok
18:43:09.0111 5028 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:43:09.0112 5028 AcpiPmi - ok
18:43:09.0191 5028 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:43:09.0193 5028 AdobeARMservice - ok
18:43:09.0260 5028 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:43:09.0263 5028 adp94xx - ok
18:43:09.0301 5028 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:43:09.0304 5028 adpahci - ok
18:43:09.0331 5028 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:43:09.0333 5028 adpu320 - ok
18:43:09.0356 5028 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:43:09.0357 5028 AeLookupSvc - ok
18:43:09.0416 5028 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:43:09.0417 5028 AFD - ok
18:43:09.0450 5028 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:43:09.0451 5028 agp440 - ok
18:43:09.0470 5028 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:43:09.0471 5028 aic78xx - ok
18:43:09.0503 5028 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:43:09.0504 5028 ALG - ok
18:43:09.0519 5028 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:43:09.0520 5028 aliide - ok
18:43:09.0549 5028 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys
18:43:09.0549 5028 amacpi - ok
18:43:09.0562 5028 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:43:09.0563 5028 amdagp - ok
18:43:09.0579 5028 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:43:09.0580 5028 amdide - ok
18:43:09.0612 5028 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:43:09.0613 5028 AmdK8 - ok
18:43:09.0628 5028 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:43:09.0629 5028 AmdPPM - ok
18:43:09.0674 5028 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:43:09.0676 5028 amdsata - ok
18:43:09.0703 5028 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:43:09.0705 5028 amdsbs - ok
18:43:09.0721 5028 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:43:09.0722 5028 amdxata - ok
18:43:09.0759 5028 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:43:09.0760 5028 AppID - ok
18:43:09.0796 5028 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:43:09.0798 5028 AppIDSvc - ok
18:43:09.0830 5028 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:43:09.0831 5028 Appinfo - ok
18:43:09.0954 5028 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:43:09.0955 5028 Apple Mobile Device - ok
18:43:10.0006 5028 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:43:10.0008 5028 AppMgmt - ok
18:43:10.0041 5028 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:43:10.0041 5028 arc - ok
18:43:10.0058 5028 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:43:10.0059 5028 arcsas - ok
18:43:10.0089 5028 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:43:10.0089 5028 AsyncMac - ok
18:43:10.0126 5028 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:43:10.0127 5028 atapi - ok
18:43:10.0226 5028 athr (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys
18:43:10.0234 5028 athr - ok
18:43:10.0309 5028 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:43:10.0312 5028 AudioEndpointBuilder - ok
18:43:10.0320 5028 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:43:10.0323 5028 Audiosrv - ok
18:43:10.0707 5028 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
18:43:10.0742 5028 AVGIDSAgent - ok
18:43:10.0877 5028 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
18:43:10.0879 5028 AVGIDSDriver - ok
18:43:10.0907 5028 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
18:43:10.0908 5028 AVGIDSFilter - ok
18:43:10.0924 5028 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
18:43:10.0925 5028 AVGIDSHX - ok
18:43:10.0936 5028 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
18:43:10.0937 5028 AVGIDSShim - ok
18:43:10.0990 5028 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
18:43:10.0993 5028 Avgldx86 - ok
18:43:11.0015 5028 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
18:43:11.0016 5028 Avgmfx86 - ok
18:43:11.0051 5028 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
18:43:11.0052 5028 Avgrkx86 - ok
18:43:11.0095 5028 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
18:43:11.0098 5028 Avgtdix - ok
18:43:11.0178 5028 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:43:11.0180 5028 avgwd - ok
18:43:11.0218 5028 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:43:11.0220 5028 AxInstSV - ok
18:43:11.0281 5028 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:43:11.0286 5028 b06bdrv - ok
18:43:11.0329 5028 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:43:11.0331 5028 b57nd60x - ok
18:43:11.0374 5028 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:43:11.0375 5028 BDESVC - ok
18:43:11.0388 5028 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:43:11.0389 5028 Beep - ok
18:43:11.0460 5028 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:43:11.0464 5028 BFE - ok
18:43:11.0532 5028 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:43:11.0539 5028 BITS - ok
18:43:11.0563 5028 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:43:11.0564 5028 blbdrive - ok
18:43:11.0668 5028 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:43:11.0671 5028 Bonjour Service - ok
18:43:11.0699 5028 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:43:11.0701 5028 bowser - ok
18:43:11.0713 5028 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:43:11.0714 5028 BrFiltLo - ok
18:43:11.0729 5028 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:43:11.0730 5028 BrFiltUp - ok
18:43:11.0766 5028 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
18:43:11.0768 5028 BridgeMP - ok
18:43:11.0801 5028 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:43:11.0802 5028 Browser - ok
18:43:11.0830 5028 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:43:11.0832 5028 Brserid - ok
18:43:11.0848 5028 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:43:11.0849 5028 BrSerWdm - ok
18:43:11.0853 5028 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:43:11.0854 5028 BrUsbMdm - ok
18:43:11.0871 5028 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:43:11.0871 5028 BrUsbSer - ok
18:43:11.0890 5028 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:43:11.0891 5028 BTHMODEM - ok
18:43:11.0938 5028 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:43:11.0939 5028 bthserv - ok
18:43:11.0983 5028 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
18:43:11.0984 5028 BVRPMPR5 - ok
18:43:12.0008 5028 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:43:12.0009 5028 cdfs - ok
18:43:12.0052 5028 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:43:12.0054 5028 cdrom - ok
18:43:12.0084 5028 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:43:12.0085 5028 CertPropSvc - ok
18:43:12.0112 5028 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:43:12.0113 5028 circlass - ok
18:43:12.0339 5028 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:43:12.0342 5028 CLFS - ok
18:43:12.0396 5028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:43:12.0398 5028 clr_optimization_v2.0.50727_32 - ok
18:43:12.0462 5028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:43:12.0464 5028 clr_optimization_v4.0.30319_32 - ok
18:43:12.0480 5028 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:43:12.0481 5028 CmBatt - ok
18:43:12.0509 5028 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:43:12.0510 5028 cmdide - ok
18:43:12.0565 5028 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:43:12.0569 5028 CNG - ok
18:43:12.0586 5028 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:43:12.0587 5028 Compbatt - ok
18:43:12.0630 5028 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:43:12.0631 5028 CompositeBus - ok
18:43:12.0648 5028 COMSysApp - ok
18:43:12.0670 5028 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:43:12.0671 5028 crcdisk - ok
18:43:12.0829 5028 CrossLoopService (c128e740cdb1048fb72f4f80fa384943) C:\Users\LUIS HERNANDEZ\AppData\Local\CrossLoop\CrossLoopService.exe
18:43:12.0834 5028 CrossLoopService - ok
18:43:12.0885 5028 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:43:12.0886 5028 CryptSvc - ok
18:43:12.0944 5028 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:43:12.0947 5028 CSC - ok
18:43:13.0006 5028 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
18:43:13.0012 5028 CscService - ok
18:43:13.0052 5028 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:43:13.0056 5028 DcomLaunch - ok
18:43:13.0093 5028 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:43:13.0095 5028 defragsvc - ok
18:43:13.0162 5028 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:43:13.0164 5028 DfsC - ok
18:43:13.0219 5028 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:43:13.0222 5028 Dhcp - ok
18:43:13.0245 5028 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:43:13.0246 5028 discache - ok
18:43:13.0279 5028 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:43:13.0280 5028 Disk - ok
18:43:13.0312 5028 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:43:13.0313 5028 Dnscache - ok
18:43:13.0365 5028 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:43:13.0368 5028 dot3svc - ok
18:43:13.0407 5028 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:43:13.0409 5028 DPS - ok
18:43:13.0443 5028 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:43:13.0444 5028 drmkaud - ok
18:43:13.0473 5028 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:43:13.0475 5028 dsNcAdpt - ok
18:43:13.0584 5028 dsNcService (0e08704523eacace8b2790114cc828aa) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
18:43:13.0590 5028 dsNcService - ok
18:43:13.0661 5028 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:43:13.0666 5028 DXGKrnl - ok
18:43:13.0718 5028 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
18:43:13.0720 5028 e1express - ok
18:43:13.0754 5028 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:43:13.0757 5028 EapHost - ok
18:43:13.0977 5028 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:43:14.0000 5028 ebdrv - ok
18:43:14.0108 5028 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:43:14.0110 5028 EFS - ok
18:43:14.0194 5028 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:43:14.0199 5028 ehRecvr - ok
18:43:14.0228 5028 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:43:14.0229 5028 ehSched - ok
18:43:14.0312 5028 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:43:14.0316 5028 elxstor - ok
18:43:14.0345 5028 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:43:14.0346 5028 ErrDev - ok
18:43:14.0406 5028 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:43:14.0409 5028 EventSystem - ok
18:43:14.0437 5028 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:43:14.0439 5028 exfat - ok
18:43:14.0461 5028 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:43:14.0463 5028 fastfat - ok
18:43:14.0529 5028 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:43:14.0535 5028 Fax - ok
18:43:14.0549 5028 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:43:14.0550 5028 fdc - ok
18:43:14.0573 5028 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:43:14.0575 5028 fdPHost - ok
18:43:14.0591 5028 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:43:14.0592 5028 FDResPub - ok
18:43:14.0606 5028 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:43:14.0607 5028 FileInfo - ok
18:43:14.0625 5028 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:43:14.0625 5028 Filetrace - ok
18:43:14.0644 5028 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:43:14.0645 5028 flpydisk - ok
18:43:14.0678 5028 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:43:14.0681 5028 FltMgr - ok
18:43:14.0753 5028 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:43:14.0761 5028 FontCache - ok
18:43:14.0837 5028 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:43:14.0839 5028 FontCache3.0.0.0 - ok
18:43:14.0860 5028 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:43:14.0861 5028 FsDepends - ok
18:43:14.0889 5028 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:43:14.0890 5028 Fs_Rec - ok
18:43:14.0939 5028 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:43:14.0942 5028 fvevol - ok
18:43:14.0975 5028 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:43:14.0976 5028 gagp30kx - ok
18:43:15.0016 5028 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:43:15.0017 5028 GEARAspiWDM - ok
18:43:15.0083 5028 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:43:15.0088 5028 gpsvc - ok
18:43:15.0105 5028 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:43:15.0106 5028 hcw85cir - ok
18:43:15.0146 5028 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\Windows\system32\DRIVERS\hcwPP2.sys
18:43:15.0148 5028 hcwPP2 - ok
18:43:15.0217 5028 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:43:15.0221 5028 HdAudAddService - ok
18:43:15.0257 5028 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:43:15.0258 5028 HDAudBus - ok
18:43:15.0279 5028 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:43:15.0280 5028 HidBatt - ok
18:43:15.0305 5028 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:43:15.0306 5028 HidBth - ok
18:43:15.0328 5028 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:43:15.0329 5028 HidIr - ok
18:43:15.0358 5028 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
18:43:15.0360 5028 hidserv - ok
18:43:15.0389 5028 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:43:15.0390 5028 HidUsb - ok
18:43:15.0428 5028 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:43:15.0429 5028 hkmsvc - ok
18:43:15.0469 5028 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:43:15.0472 5028 HomeGroupListener - ok
18:43:15.0506 5028 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:43:15.0509 5028 HomeGroupProvider - ok
18:43:15.0549 5028 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:43:15.0550 5028 HpSAMD - ok
18:43:15.0618 5028 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:43:15.0623 5028 HTTP - ok
18:43:15.0647 5028 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:43:15.0648 5028 hwpolicy - ok
18:43:15.0689 5028 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:43:15.0691 5028 i8042prt - ok
18:43:15.0727 5028 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:43:15.0730 5028 iaStorV - ok
18:43:15.0859 5028 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:43:15.0867 5028 idsvc - ok
18:43:15.0894 5028 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:43:15.0895 5028 iirsp - ok
18:43:15.0962 5028 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:43:15.0969 5028 IKEEXT - ok
18:43:15.0997 5028 IntcAzAudAddService - ok
18:43:16.0016 5028 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:43:16.0017 5028 intelide - ok
18:43:16.0050 5028 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:43:16.0051 5028 intelppm - ok
18:43:16.0083 5028 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:43:16.0085 5028 IPBusEnum - ok
18:43:16.0110 5028 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:43:16.0111 5028 IpFilterDriver - ok
18:43:16.0172 5028 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:43:16.0178 5028 iphlpsvc - ok
18:43:16.0208 5028 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:43:16.0210 5028 IPMIDRV - ok
18:43:16.0232 5028 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:43:16.0233 5028 IPNAT - ok
18:43:16.0352 5028 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
18:43:16.0359 5028 iPod Service - ok
18:43:16.0382 5028 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:43:16.0383 5028 IRENUM - ok
18:43:16.0401 5028 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:43:16.0402 5028 isapnp - ok
18:43:16.0438 5028 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:43:16.0440 5028 iScsiPrt - ok
18:43:16.0474 5028 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:43:16.0475 5028 kbdclass - ok
18:43:16.0497 5028 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:43:16.0498 5028 kbdhid - ok
18:43:16.0529 5028 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:16.0531 5028 KeyIso - ok
18:43:16.0544 5028 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:43:16.0545 5028 KSecDD - ok
18:43:16.0563 5028 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:43:16.0565 5028 KSecPkg - ok
18:43:16.0612 5028 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:43:16.0617 5028 KtmRm - ok
18:43:16.0656 5028 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
18:43:16.0660 5028 LanmanServer - ok
18:43:16.0689 5028 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:43:16.0693 5028 LanmanWorkstation - ok
18:43:16.0735 5028 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:43:16.0736 5028 lltdio - ok
18:43:16.0776 5028 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:43:16.0780 5028 lltdsvc - ok
18:43:16.0800 5028 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:43:16.0802 5028 lmhosts - ok
18:43:16.0836 5028 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:43:16.0838 5028 LSI_FC - ok
18:43:16.0860 5028 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:43:16.0861 5028 LSI_SAS - ok
18:43:16.0878 5028 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:43:16.0879 5028 LSI_SAS2 - ok
18:43:16.0902 5028 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:43:16.0904 5028 LSI_SCSI - ok
18:43:16.0921 5028 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:43:16.0923 5028 luafv - ok
18:43:16.0953 5028 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:43:16.0955 5028 Mcx2Svc - ok
18:43:16.0974 5028 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:43:16.0975 5028 megasas - ok
18:43:17.0003 5028 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:43:17.0005 5028 MegaSR - ok
18:43:17.0030 5028 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:43:17.0032 5028 MMCSS - ok
18:43:17.0043 5028 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:43:17.0044 5028 Modem - ok
18:43:17.0074 5028 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:43:17.0075 5028 monitor - ok
18:43:17.0106 5028 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:43:17.0107 5028 mouclass - ok
18:43:17.0120 5028 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:43:17.0121 5028 mouhid - ok
18:43:17.0157 5028 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:43:17.0159 5028 mountmgr - ok
18:43:17.0250 5028 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:43:17.0251 5028 MozillaMaintenance - ok
18:43:17.0284 5028 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:43:17.0286 5028 mpio - ok
18:43:17.0306 5028 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:43:17.0307 5028 mpsdrv - ok
18:43:17.0433 5028 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:43:17.0439 5028 MpsSvc - ok
18:43:17.0473 5028 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:43:17.0475 5028 MRxDAV - ok
18:43:17.0522 5028 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:43:17.0524 5028 mrxsmb - ok
18:43:17.0562 5028 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:43:17.0565 5028 mrxsmb10 - ok
18:43:17.0585 5028 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:43:17.0586 5028 mrxsmb20 - ok
18:43:17.0619 5028 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:43:17.0621 5028 msahci - ok
18:43:17.0652 5028 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:43:17.0653 5028 msdsm - ok
18:43:17.0691 5028 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:43:17.0694 5028 MSDTC - ok
18:43:17.0736 5028 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:43:17.0737 5028 Msfs - ok
18:43:17.0750 5028 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:43:17.0751 5028 mshidkmdf - ok
18:43:17.0766 5028 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:43:17.0767 5028 msisadrv - ok
18:43:17.0803 5028 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:43:17.0805 5028 MSiSCSI - ok
18:43:17.0810 5028 msiserver - ok
18:43:17.0834 5028 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:43:17.0835 5028 MSKSSRV - ok
18:43:17.0847 5028 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:43:17.0848 5028 MSPCLOCK - ok
18:43:17.0862 5028 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:43:17.0863 5028 MSPQM - ok
18:43:17.0886 5028 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:43:17.0888 5028 MsRPC - ok
18:43:17.0905 5028 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:43:17.0906 5028 mssmbios - ok
18:43:17.0919 5028 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:43:17.0920 5028 MSTEE - ok
18:43:17.0927 5028 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:43:17.0928 5028 MTConfig - ok
18:43:17.0945 5028 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:43:17.0946 5028 Mup - ok
18:43:17.0999 5028 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:43:18.0002 5028 napagent - ok
18:43:18.0051 5028 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:43:18.0054 5028 NativeWifiP - ok
18:43:18.0122 5028 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:43:18.0128 5028 NDIS - ok
18:43:18.0149 5028 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:43:18.0150 5028 NdisCap - ok
18:43:18.0173 5028 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:43:18.0174 5028 NdisTapi - ok
18:43:18.0200 5028 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:43:18.0201 5028 Ndisuio - ok
18:43:18.0242 5028 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:43:18.0244 5028 NdisWan - ok
18:43:18.0276 5028 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:43:18.0277 5028 NDProxy - ok
18:43:18.0293 5028 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:43:18.0294 5028 NetBIOS - ok
18:43:18.0339 5028 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:43:18.0341 5028 NetBT - ok
18:43:18.0370 5028 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:18.0372 5028 Netlogon - ok
18:43:18.0430 5028 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:43:18.0434 5028 Netman - ok
18:43:18.0468 5028 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:43:18.0474 5028 netprofm - ok
18:43:18.0569 5028 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:43:18.0571 5028 NetTcpPortSharing - ok
18:43:18.0613 5028 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:43:18.0614 5028 nfrd960 - ok
18:43:18.0660 5028 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:43:18.0664 5028 NlaSvc - ok
18:43:18.0674 5028 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:43:18.0676 5028 Npfs - ok
18:43:18.0702 5028 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:43:18.0705 5028 nsi - ok
18:43:18.0718 5028 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:43:18.0719 5028 nsiproxy - ok
18:43:18.0829 5028 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:43:18.0838 5028 Ntfs - ok
18:43:18.0854 5028 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:43:18.0855 5028 Null - ok
18:43:19.0553 5028 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:43:19.0620 5028 nvlddmkm - ok
18:43:19.0780 5028 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:43:19.0782 5028 nvraid - ok
18:43:19.0803 5028 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:43:19.0805 5028 nvstor - ok
18:43:19.0871 5028 NVSvc (e55877be77a8a31b0416b4e7c3dbe3f2) C:\Windows\system32\nvvsvc.exe
18:43:19.0877 5028 NVSvc - ok
18:43:19.0902 5028 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:43:19.0904 5028 nv_agp - ok
18:43:19.0925 5028 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:43:19.0927 5028 ohci1394 - ok
18:43:19.0995 5028 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:43:19.0996 5028 ose - ok
18:43:20.0048 5028 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:43:20.0052 5028 p2pimsvc - ok
18:43:20.0094 5028 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:43:20.0099 5028 p2psvc - ok
18:43:20.0134 5028 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:43:20.0135 5028 Parport - ok
18:43:20.0158 5028 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
18:43:20.0160 5028 partmgr - ok
18:43:20.0172 5028 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:43:20.0173 5028 Parvdm - ok
18:43:20.0197 5028 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:43:20.0200 5028 PcaSvc - ok
18:43:20.0236 5028 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:43:20.0238 5028 pci - ok
18:43:20.0247 5028 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:43:20.0249 5028 pciide - ok
18:43:20.0273 5028 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:43:20.0275 5028 pcmcia - ok
18:43:20.0293 5028 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:43:20.0294 5028 pcw - ok
18:43:20.0363 5028 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:43:20.0368 5028 PEAUTH - ok
18:43:20.0471 5028 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
18:43:20.0481 5028 PeerDistSvc - ok
18:43:20.0610 5028 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:43:20.0624 5028 pla - ok
18:43:20.0752 5028 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:43:20.0757 5028 PlugPlay - ok
18:43:20.0780 5028 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:43:20.0783 5028 PNRPAutoReg - ok
18:43:20.0809 5028 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:43:20.0814 5028 PNRPsvc - ok
18:43:20.0855 5028 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:43:20.0859 5028 PolicyAgent - ok
18:43:20.0894 5028 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:43:20.0898 5028 Power - ok
18:43:20.0955 5028 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:43:20.0956 5028 PptpMiniport - ok
18:43:20.0981 5028 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:43:20.0983 5028 Processor - ok
18:43:21.0020 5028 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:43:21.0024 5028 ProfSvc - ok
18:43:21.0051 5028 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:21.0054 5028 ProtectedStorage - ok
18:43:21.0088 5028 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:43:21.0089 5028 Psched - ok
18:43:21.0195 5028 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:43:21.0207 5028 ql2300 - ok
18:43:21.0333 5028 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:43:21.0334 5028 ql40xx - ok
18:43:21.0378 5028 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:43:21.0382 5028 QWAVE - ok
18:43:21.0398 5028 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:43:21.0399 5028 QWAVEdrv - ok
18:43:21.0412 5028 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:43:21.0413 5028 RasAcd - ok
18:43:21.0450 5028 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:43:21.0451 5028 RasAgileVpn - ok
18:43:21.0471 5028 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:43:21.0474 5028 RasAuto - ok
18:43:21.0493 5028 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:43:21.0495 5028 Rasl2tp - ok
18:43:21.0555 5028 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:43:21.0560 5028 RasMan - ok
18:43:21.0580 5028 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:43:21.0582 5028 RasPppoe - ok
18:43:21.0613 5028 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:43:21.0615 5028 RasSstp - ok
18:43:21.0658 5028 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:43:21.0661 5028 rdbss - ok
18:43:21.0671 5028 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:43:21.0672 5028 rdpbus - ok
18:43:21.0705 5028 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:43:21.0706 5028 RDPCDD - ok
18:43:21.0750 5028 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:43:21.0752 5028 RDPDR - ok
18:43:21.0780 5028 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:43:21.0781 5028 RDPENCDD - ok
18:43:21.0790 5028 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:43:21.0791 5028 RDPREFMP - ok
18:43:21.0826 5028 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
18:43:21.0827 5028 RdpVideoMiniport - ok
18:43:21.0862 5028 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:43:21.0865 5028 RDPWD - ok
18:43:21.0918 5028 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:43:21.0920 5028 rdyboost - ok
18:43:21.0954 5028 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:43:21.0956 5028 RemoteAccess - ok
18:43:21.0994 5028 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:43:21.0997 5028 RemoteRegistry - ok
18:43:22.0174 5028 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
18:43:22.0188 5028 RosettaStoneDaemon - ok
18:43:22.0288 5028 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:43:22.0291 5028 RpcEptMapper - ok
18:43:22.0300 5028 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:43:22.0302 5028 RpcLocator - ok
18:43:22.0358 5028 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:43:22.0364 5028 RpcSs - ok
18:43:22.0441 5028 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:43:22.0442 5028 rspndr - ok
18:43:22.0474 5028 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:43:22.0475 5028 s3cap - ok
18:43:22.0503 5028 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:22.0505 5028 SamSs - ok
18:43:22.0531 5028 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:43:22.0533 5028 sbp2port - ok
18:43:22.0573 5028 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:43:22.0577 5028 SCardSvr - ok
18:43:22.0606 5028 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:43:22.0607 5028 scfilter - ok
18:43:22.0679 5028 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:43:22.0688 5028 Schedule - ok
18:43:22.0716 5028 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:43:22.0718 5028 SCPolicySvc - ok
18:43:22.0749 5028 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:43:22.0752 5028 SDRSVC - ok
18:43:22.0789 5028 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:43:22.0790 5028 secdrv - ok
18:43:22.0817 5028 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:43:22.0820 5028 seclogon - ok
18:43:22.0854 5028 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:43:22.0857 5028 SENS - ok
18:43:22.0886 5028 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:43:22.0889 5028 SensrSvc - ok
18:43:22.0901 5028 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:43:22.0903 5028 Serenum - ok
18:43:22.0923 5028 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:43:22.0924 5028 Serial - ok
18:43:22.0957 5028 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:43:22.0958 5028 sermouse - ok
18:43:23.0001 5028 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:43:23.0005 5028 SessionEnv - ok
18:43:23.0019 5028 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:43:23.0020 5028 sffdisk - ok
18:43:23.0035 5028 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:43:23.0036 5028 sffp_mmc - ok
18:43:23.0047 5028 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:43:23.0048 5028 sffp_sd - ok
18:43:23.0064 5028 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:43:23.0065 5028 sfloppy - ok
18:43:23.0107 5028 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:43:23.0110 5028 SharedAccess - ok
18:43:23.0161 5028 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:43:23.0165 5028 ShellHWDetection - ok
18:43:23.0175 5028 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:43:23.0176 5028 sisagp - ok
18:43:23.0201 5028 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:43:23.0202 5028 SiSRaid2 - ok
18:43:23.0221 5028 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:43:23.0223 5028 SiSRaid4 - ok
18:43:23.0247 5028 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:43:23.0249 5028 Smb - ok
18:43:23.0292 5028 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:43:23.0294 5028 SNMPTRAP - ok
18:43:23.0305 5028 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:43:23.0306 5028 spldr - ok
18:43:23.0363 5028 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:43:23.0367 5028 Spooler - ok
18:43:23.0579 5028 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:43:23.0601 5028 sppsvc - ok
18:43:23.0712 5028 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:43:23.0715 5028 sppuinotify - ok
18:43:23.0787 5028 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:43:23.0790 5028 srv - ok
18:43:23.0822 5028 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:43:23.0824 5028 srv2 - ok
18:43:23.0846 5028 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:43:23.0848 5028 srvnet - ok
18:43:23.0878 5028 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:43:23.0881 5028 SSDPSRV - ok
18:43:23.0896 5028 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:43:23.0899 5028 SstpSvc - ok
18:43:23.0925 5028 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:43:23.0926 5028 stexstor - ok
18:43:23.0983 5028 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:43:23.0988 5028 StiSvc - ok
18:43:24.0014 5028 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:43:24.0016 5028 storflt - ok
18:43:24.0041 5028 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:43:24.0041 5028 storvsc - ok
18:43:24.0066 5028 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:43:24.0067 5028 swenum - ok
18:43:24.0096 5028 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:43:24.0100 5028 swprv - ok
18:43:24.0119 5028 Synth3dVsc - ok
18:43:24.0216 5028 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:43:24.0226 5028 SysMain - ok
18:43:24.0250 5028 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:43:24.0253 5028 TabletInputService - ok
18:43:24.0294 5028 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:43:24.0298 5028 TapiSrv - ok
18:43:24.0314 5028 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:43:24.0317 5028 TBS - ok
18:43:24.0453 5028 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
18:43:24.0462 5028 Tcpip - ok
18:43:24.0477 5028 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
18:43:24.0487 5028 TCPIP6 - ok
18:43:24.0516 5028 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:43:24.0517 5028 tcpipreg - ok
18:43:24.0549 5028 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:43:24.0550 5028 TDPIPE - ok
18:43:24.0581 5028 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:43:24.0582 5028 TDTCP - ok
18:43:24.0612 5028 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:43:24.0613 5028 tdx - ok
18:43:24.0642 5028 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:43:24.0643 5028 TermDD - ok
18:43:24.0700 5028 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:43:24.0705 5028 TermService - ok
18:43:24.0729 5028 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:43:24.0732 5028 Themes - ok
18:43:24.0752 5028 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:43:24.0754 5028 THREADORDER - ok
18:43:24.0783 5028 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:43:24.0786 5028 TrkWks - ok
18:43:24.0836 5028 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:43:24.0838 5028 TrustedInstaller - ok
18:43:24.0872 5028 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:43:24.0873 5028 tssecsrv - ok
18:43:24.0922 5028 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:43:24.0923 5028 TsUsbFlt - ok
18:43:24.0928 5028 tsusbhub - ok
18:43:24.0972 5028 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:43:24.0973 5028 tunnel - ok
18:43:25.0129 5028 tvnserver (7694dca064d0b7e0d1a6972bb9c71b39) C:\Users\LUIS HERNANDEZ\AppData\Local\CrossLoop\tvnserver.exe
18:43:25.0136 5028 tvnserver - ok
18:43:25.0166 5028 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:43:25.0166 5028 uagp35 - ok
18:43:25.0217 5028 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:43:25.0219 5028 udfs - ok
18:43:25.0253 5028 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:43:25.0256 5028 UI0Detect - ok
18:43:25.0292 5028 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:43:25.0293 5028 uliagpkx - ok
18:43:25.0322 5028 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:43:25.0323 5028 umbus - ok
18:43:25.0350 5028 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:43:25.0351 5028 UmPass - ok
18:43:25.0402 5028 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
18:43:25.0405 5028 UmRdpService - ok
18:43:25.0432 5028 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:43:25.0436 5028 upnphost - ok
18:43:25.0474 5028 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:43:25.0475 5028 USBAAPL - ok
18:43:25.0498 5028 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:43:25.0499 5028 usbccgp - ok
18:43:25.0545 5028 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:43:25.0547 5028 usbcir - ok
18:43:25.0576 5028 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:43:25.0578 5028 usbehci - ok
18:43:25.0626 5028 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:43:25.0628 5028 usbhub - ok
18:43:25.0640 5028 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:43:25.0641 5028 usbohci - ok
18:43:25.0688 5028 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:43:25.0689 5028 usbprint - ok
18:43:25.0723 5028 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:43:25.0724 5028 usbscan - ok
18:43:25.0738 5028 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:43:25.0739 5028 USBSTOR - ok
18:43:25.0755 5028 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:43:25.0756 5028 usbuhci - ok
18:43:25.0773 5028 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
18:43:25.0774 5028 USB_RNDIS - ok
18:43:25.0802 5028 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:43:25.0805 5028 UxSms - ok
18:43:25.0837 5028 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:25.0839 5028 VaultSvc - ok
18:43:25.0868 5028 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:43:25.0869 5028 vdrvroot - ok
18:43:25.0926 5028 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:43:25.0932 5028 vds - ok
18:43:25.0952 5028 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:43:25.0953 5028 vga - ok
18:43:25.0967 5028 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:43:25.0968 5028 VgaSave - ok
18:43:25.0984 5028 VGPU - ok
18:43:26.0022 5028 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:43:26.0024 5028 vhdmp - ok
18:43:26.0055 5028 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:43:26.0056 5028 viaagp - ok
18:43:26.0071 5028 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:43:26.0072 5028 ViaC7 - ok
18:43:26.0082 5028 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:43:26.0083 5028 viaide - ok
18:43:26.0104 5028 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:43:26.0106 5028 vmbus - ok
18:43:26.0112 5028 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:43:26.0113 5028 VMBusHID - ok
18:43:26.0133 5028 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:43:26.0134 5028 volmgr - ok
18:43:26.0167 5028 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:43:26.0169 5028 volmgrx - ok
18:43:26.0196 5028 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:43:26.0198 5028 volsnap - ok
18:43:26.0239 5028 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:43:26.0241 5028 vsmraid - ok
18:43:26.0334 5028 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:43:26.0343 5028 VSS - ok
18:43:26.0399 5028 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
18:43:26.0401 5028 VSTHWBS2 - ok
18:43:26.0476 5028 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:43:26.0483 5028 VST_DPV - ok
18:43:26.0622 5028 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
18:43:26.0628 5028 vToolbarUpdater11.1.0 - ok
18:43:26.0754 5028 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:43:26.0755 5028 vwifibus - ok
18:43:26.0786 5028 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:43:26.0788 5028 vwififlt - ok
18:43:26.0835 5028 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:43:26.0839 5028 W32Time - ok
18:43:26.0857 5028 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:43:26.0858 5028 WacomPen - ok
18:43:26.0889 5028 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:26.0891 5028 WANARP - ok
18:43:26.0894 5028 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:26.0896 5028 Wanarpv6 - ok
18:43:27.0037 5028 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:43:27.0045 5028 WatAdminSvc - ok
18:43:27.0139 5028 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:43:27.0149 5028 wbengine - ok
18:43:27.0173 5028 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:43:27.0176 5028 WbioSrvc - ok
18:43:27.0216 5028 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:43:27.0220 5028 wcncsvc - ok
18:43:27.0239 5028 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:43:27.0242 5028 WcsPlugInService - ok
18:43:27.0289 5028 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:43:27.0290 5028 Wd - ok
18:43:27.0335 5028 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:43:27.0340 5028 Wdf01000 - ok
18:43:27.0356 5028 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:43:27.0360 5028 WdiServiceHost - ok
18:43:27.0366 5028 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:43:27.0370 5028 WdiSystemHost - ok
18:43:27.0413 5028 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:43:27.0416 5028 WebClient - ok
18:43:27.0434 5028 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:43:27.0437 5028 Wecsvc - ok
18:43:27.0455 5028 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:43:27.0458 5028 wercplsupport - ok
18:43:27.0492 5028 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:43:27.0496 5028 WerSvc - ok
18:43:27.0543 5028 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:43:27.0544 5028 WfpLwf - ok
18:43:27.0561 5028 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:43:27.0562 5028 WIMMount - ok
18:43:27.0647 5028 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:43:27.0654 5028 winachsf - ok
18:43:27.0763 5028 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:43:27.0769 5028 WinDefend - ok
18:43:27.0777 5028 WinHttpAutoProxySvc - ok
18:43:27.0923 5028 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:43:27.0925 5028 Winmgmt - ok
18:43:28.0029 5028 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:43:28.0041 5028 WinRM - ok
18:43:28.0108 5028 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:43:28.0109 5028 WinUsb - ok
18:43:28.0190 5028 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:43:28.0200 5028 Wlansvc - ok
18:43:28.0213 5028 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:43:28.0213 5028 WmiAcpi - ok
18:43:28.0267 5028 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:43:28.0268 5028 wmiApSrv - ok
18:43:28.0399 5028 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:43:28.0409 5028 WMPNetworkSvc - ok
18:43:28.0438 5028 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:43:28.0440 5028 WPCSvc - ok
18:43:28.0476 5028 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:43:28.0479 5028 WPDBusEnum - ok
18:43:28.0536 5028 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:43:28.0537 5028 ws2ifsl - ok
18:43:28.0557 5028 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
18:43:28.0560 5028 wscsvc - ok
18:43:28.0565 5028 WSearch - ok
18:43:28.0730 5028 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:43:28.0749 5028 wuauserv - ok
18:43:28.0859 5028 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:43:28.0860 5028 WudfPf - ok
18:43:28.0897 5028 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:43:28.0899 5028 WUDFRd - ok
18:43:28.0936 5028 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:43:28.0940 5028 wudfsvc - ok
18:43:28.0981 5028 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:43:28.0985 5028 WwanSvc - ok
18:43:29.0057 5028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:43:29.0480 5028 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:43:29.0480 5028 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:43:29.0521 5028 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
18:43:30.0797 5028 \Device\Harddisk4\DR4 - ok
18:43:30.0816 5028 Boot (0x1200) (34ce6db5c1b6b9ded4c9038d6b68a33c) \Device\Harddisk0\DR0\Partition0
18:43:30.0818 5028 \Device\Harddisk0\DR0\Partition0 - ok
18:43:30.0847 5028 Boot (0x1200) (08721546857fdf938fcb7e36b4171af8) \Device\Harddisk0\DR0\Partition1
18:43:30.0848 5028 \Device\Harddisk0\DR0\Partition1 - ok
18:43:30.0860 5028 Boot (0x1200) (7f5c6a791be51759f3e6ef44a0b9db93) \Device\Harddisk4\DR4\Partition0
18:43:30.0866 5028 \Device\Harddisk4\DR4\Partition0 - ok
18:43:30.0867 5028 ============================================================
18:43:30.0867 5028 Scan finished
18:43:30.0867 5028 ============================================================
18:43:30.0882 5772 Detected object count: 1
18:43:30.0882 5772 Actual detected object count: 1
18:43:36.0072 5772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:43:36.0072 5772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:43:46.0777 4800 ============================================================
18:43:46.0777 4800 Scan started
18:43:46.0777 4800 Mode: Manual; TDLFS;
18:43:46.0777 4800 ============================================================
18:43:47.0036 4800 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:43:47.0037 4800 1394ohci - ok
18:43:47.0082 4800 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:43:47.0084 4800 ACPI - ok
18:43:47.0110 4800 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:43:47.0111 4800 AcpiPmi - ok
18:43:47.0175 4800 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:43:47.0176 4800 AdobeARMservice - ok
18:43:47.0224 4800 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:43:47.0227 4800 adp94xx - ok
18:43:47.0265 4800 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:43:47.0267 4800 adpahci - ok
18:43:47.0289 4800 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:43:47.0291 4800 adpu320 - ok
18:43:47.0323 4800 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:43:47.0324 4800 AeLookupSvc - ok
18:43:47.0373 4800 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:43:47.0375 4800 AFD - ok
18:43:47.0399 4800 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:43:47.0400 4800 agp440 - ok
18:43:47.0420 4800 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:43:47.0421 4800 aic78xx - ok
18:43:47.0436 4800 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:43:47.0437 4800 ALG - ok
18:43:47.0453 4800 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:43:47.0454 4800 aliide - ok
18:43:47.0482 4800 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys
18:43:47.0483 4800 amacpi - ok
18:43:47.0496 4800 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:43:47.0497 4800 amdagp - ok
18:43:47.0511 4800 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:43:47.0512 4800 amdide - ok
18:43:47.0528 4800 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:43:47.0529 4800 AmdK8 - ok
18:43:47.0544 4800 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:43:47.0545 4800 AmdPPM - ok
18:43:47.0575 4800 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:43:47.0576 4800 amdsata - ok
18:43:47.0595 4800 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:43:47.0596 4800 amdsbs - ok
18:43:47.0613 4800 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:43:47.0614 4800 amdxata - ok
18:43:47.0643 4800 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:43:47.0644 4800 AppID - ok
18:43:47.0673 4800 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:43:47.0674 4800 AppIDSvc - ok
18:43:47.0696 4800 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:43:47.0697 4800 Appinfo - ok
18:43:47.0813 4800 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:43:47.0815 4800 Apple Mobile Device - ok
18:43:47.0857 4800 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:43:47.0858 4800 AppMgmt - ok
18:43:47.0882 4800 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:43:47.0884 4800 arc - ok
18:43:47.0901 4800 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:43:47.0902 4800 arcsas - ok
18:43:47.0922 4800 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:43:47.0923 4800 AsyncMac - ok
18:43:47.0960 4800 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:43:47.0961 4800 atapi - ok
18:43:48.0052 4800 athr (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys
18:43:48.0060 4800 athr - ok
18:43:48.0117 4800 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:43:48.0120 4800 AudioEndpointBuilder - ok
18:43:48.0126 4800 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:43:48.0130 4800 Audiosrv - ok
18:43:48.0509 4800 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
18:43:48.0543 4800 AVGIDSAgent - ok
18:43:48.0687 4800 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
18:43:48.0689 4800 AVGIDSDriver - ok
18:43:48.0700 4800 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
18:43:48.0701 4800 AVGIDSFilter - ok
18:43:48.0726 4800 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
18:43:48.0727 4800 AVGIDSHX - ok
18:43:48.0738 4800 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
18:43:48.0738 4800 AVGIDSShim - ok
18:43:48.0784 4800 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
18:43:48.0786 4800 Avgldx86 - ok
18:43:48.0799 4800 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
18:43:48.0800 4800 Avgmfx86 - ok
18:43:48.0828 4800 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
18:43:48.0829 4800 Avgrkx86 - ok
18:43:48.0864 4800 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
18:43:48.0867 4800 Avgtdix - ok
18:43:48.0947 4800 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:43:48.0949 4800 avgwd - ok
18:43:48.0979 4800 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:43:48.0980 4800 AxInstSV - ok
18:43:49.0024 4800 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:43:49.0027 4800 b06bdrv - ok
18:43:49.0064 4800 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:43:49.0066 4800 b57nd60x - ok
18:43:49.0100 4800 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:43:49.0102 4800 BDESVC - ok
18:43:49.0115 4800 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:43:49.0116 4800 Beep - ok
18:43:49.0169 4800 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:43:49.0172 4800 BFE - ok
18:43:49.0234 4800 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:43:49.0239 4800 BITS - ok
18:43:49.0265 4800 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:43:49.0266 4800 blbdrive - ok
18:43:49.0362 4800 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:43:49.0365 4800 Bonjour Service - ok
18:43:49.0392 4800 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:43:49.0393 4800 bowser - ok
18:43:49.0406 4800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:43:49.0407 4800 BrFiltLo - ok
18:43:49.0414 4800 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:43:49.0415 4800 BrFiltUp - ok
18:43:49.0450 4800 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
18:43:49.0451 4800 BridgeMP - ok
18:43:49.0487 4800 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:43:49.0488 4800 Browser - ok
18:43:49.0515 4800 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:43:49.0517 4800 Brserid - ok
18:43:49.0533 4800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:43:49.0534 4800 BrSerWdm - ok
18:43:49.0539 4800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:43:49.0540 4800 BrUsbMdm - ok
18:43:49.0555 4800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:43:49.0556 4800 BrUsbSer - ok
18:43:49.0575 4800 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:43:49.0576 4800 BTHMODEM - ok
18:43:49.0607 4800 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:43:49.0608 4800 bthserv - ok
18:43:49.0635 4800 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
18:43:49.0636 4800 BVRPMPR5 - ok
18:43:49.0652 4800 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:43:49.0653 4800 cdfs - ok
18:43:49.0679 4800 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:43:49.0680 4800 cdrom - ok
18:43:49.0711 4800 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:43:49.0712 4800 CertPropSvc - ok
18:43:49.0730 4800 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:43:49.0731 4800 circlass - ok
18:43:49.0765 4800 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:43:49.0767 4800 CLFS - ok
18:43:49.0817 4800 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:43:49.0818 4800 clr_optimization_v2.0.50727_32 - ok
18:43:49.0875 4800 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:43:49.0876 4800 clr_optimization_v4.0.30319_32 - ok
18:43:49.0884 4800 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:43:49.0885 4800 CmBatt - ok
18:43:49.0914 4800 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:43:49.0915 4800 cmdide - ok
18:43:49.0970 4800 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:43:49.0972 4800 CNG - ok
18:43:49.0982 4800 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:43:49.0983 4800 Compbatt - ok
18:43:50.0009 4800 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:43:50.0010 4800 CompositeBus - ok
18:43:50.0014 4800 COMSysApp - ok
18:43:50.0033 4800 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:43:50.0034 4800 crcdisk - ok
18:43:50.0177 4800 CrossLoopService (c128e740cdb1048fb72f4f80fa384943) C:\Users\LUIS HERNANDEZ\AppData\Local\CrossLoop\CrossLoopService.exe
18:43:50.0182 4800 CrossLoopService - ok
18:43:50.0225 4800 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:43:50.0227 4800 CryptSvc - ok
18:43:50.0280 4800 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:43:50.0284 4800 CSC - ok
18:43:50.0345 4800 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
18:43:50.0350 4800 CscService - ok
18:43:50.0390 4800 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:43:50.0395 4800 DcomLaunch - ok
18:43:50.0431 4800 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:43:50.0434 4800 defragsvc - ok
18:43:50.0492 4800 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:43:50.0493 4800 DfsC - ok
18:43:50.0525 4800 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:43:50.0528 4800 Dhcp - ok
18:43:50.0558 4800 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:43:50.0559 4800 discache - ok
18:43:50.0576 4800 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:43:50.0577 4800 Disk - ok
18:43:50.0609 4800 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:43:50.0611 4800 Dnscache - ok
18:43:50.0652 4800 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:43:50.0655 4800 dot3svc - ok
18:43:50.0697 4800 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:43:50.0699 4800 DPS - ok
18:43:50.0724 4800 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:43:50.0725 4800 drmkaud - ok
18:43:50.0755 4800 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:43:50.0756 4800 dsNcAdpt - ok
18:43:50.0856 4800 dsNcService (0e08704523eacace8b2790114cc828aa) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
18:43:50.0862 4800 dsNcService - ok
18:43:50.0932 4800 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:43:50.0938 4800 DXGKrnl - ok
18:43:50.0975 4800 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
18:43:50.0977 4800 e1express - ok
18:43:51.0011 4800 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:43:51.0013 4800 EapHost - ok
18:43:51.0225 4800 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:43:51.0252 4800 ebdrv - ok
18:43:51.0357 4800 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:43:51.0359 4800 EFS - ok
18:43:51.0425 4800 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:43:51.0430 4800 ehRecvr - ok
18:43:51.0459 4800 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:43:51.0461 4800 ehSched - ok
18:43:51.0590 4800 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:43:51.0593 4800 elxstor - ok
18:43:51.0627 4800 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:43:51.0627 4800 ErrDev - ok
18:43:51.0679 4800 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:43:51.0682 4800 EventSystem - ok
18:43:51.0710 4800 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:43:51.0711 4800 exfat - ok
18:43:51.0734 4800 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:43:51.0736 4800 fastfat - ok
18:43:51.0794 4800 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:43:51.0799 4800 Fax - ok
18:43:51.0815 4800 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:43:51.0816 4800 fdc - ok
18:43:51.0830 4800 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:43:51.0831 4800 fdPHost - ok
18:43:51.0839 4800 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:43:51.0840 4800 FDResPub - ok
18:43:51.0854 4800 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:43:51.0855 4800 FileInfo - ok
18:43:51.0865 4800 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:43:51.0866 4800 Filetrace - ok
18:43:51.0884 4800 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:43:51.0885 4800 flpydisk - ok
18:43:51.0910 4800 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:43:51.0912 4800 FltMgr - ok
18:43:51.0989 4800 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:43:51.0997 4800 FontCache - ok
18:43:52.0079 4800 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:43:52.0080 4800 FontCache3.0.0.0 - ok
18:43:52.0100 4800 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:43:52.0101 4800 FsDepends - ok
18:43:52.0121 4800 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:43:52.0122 4800 Fs_Rec - ok
18:43:52.0154 4800 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:43:52.0157 4800 fvevol - ok
18:43:52.0173 4800 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:43:52.0175 4800 gagp30kx - ok
18:43:52.0199 4800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:43:52.0200 4800 GEARAspiWDM - ok
18:43:52.0266 4800 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:43:52.0272 4800 gpsvc - ok
18:43:52.0288 4800 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:43:52.0289 4800 hcw85cir - ok
18:43:52.0328 4800 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\Windows\system32\DRIVERS\hcwPP2.sys
18:43:52.0330 4800 hcwPP2 - ok
18:43:52.0374 4800 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:43:52.0376 4800 HdAudAddService - ok
18:43:52.0398 4800 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:43:52.0399 4800 HDAudBus - ok
18:43:52.0419 4800 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:43:52.0420 4800 HidBatt - ok
18:43:52.0447 4800 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:43:52.0448 4800 HidBth - ok
18:43:52.0459 4800 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:43:52.0460 4800 HidIr - ok
18:43:52.0490 4800 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
18:43:52.0492 4800 hidserv - ok
18:43:52.0504 4800 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:43:52.0505 4800 HidUsb - ok
18:43:52.0536 4800 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:43:52.0538 4800 hkmsvc - ok
18:43:52.0577 4800 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:43:52.0580 4800 HomeGroupListener - ok
18:43:52.0630 4800 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:43:52.0633 4800 HomeGroupProvider - ok
18:43:52.0666 4800 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:43:52.0666 4800 HpSAMD - ok
18:43:52.0725 4800 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:43:52.0730 4800 HTTP - ok
18:43:52.0754 4800 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:43:52.0755 4800 hwpolicy - ok
18:43:52.0789 4800 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:43:52.0790 4800 i8042prt - ok
18:43:52.0823 4800 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:43:52.0827 4800 iaStorV - ok
18:43:52.0958 4800 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:43:52.0965 4800 idsvc - ok
18:43:52.0993 4800 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:43:52.0995 4800 iirsp - ok
18:43:53.0045 4800 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:43:53.0052 4800 IKEEXT - ok
18:43:53.0060 4800 IntcAzAudAddService - ok
18:43:53.0074 4800 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:43:53.0075 4800 intelide - ok
18:43:53.0091 4800 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:43:53.0092 4800 intelppm - ok
18:43:53.0125 4800 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:43:53.0126 4800 IPBusEnum - ok
18:43:53.0142 4800 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:43:53.0143 4800 IpFilterDriver - ok
18:43:53.0197 4800 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:43:53.0201 4800 iphlpsvc - ok
18:43:53.0223 4800 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:43:53.0224 4800 IPMIDRV - ok
18:43:53.0240 4800 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:43:53.0241 4800 IPNAT - ok
18:43:53.0344 4800 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
18:43:53.0350 4800 iPod Service - ok
18:43:53.0364 4800 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:43:53.0365 4800 IRENUM - ok
18:43:53.0391 4800 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:43:53.0392 4800 isapnp - ok
18:43:53.0444 4800 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:43:53.0446 4800 iScsiPrt - ok
18:43:53.0464 4800 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:43:53.0465 4800 kbdclass - ok
18:43:53.0479 4800 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:43:53.0480 4800 kbdhid - ok
18:43:53.0511 4800 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:53.0512 4800 KeyIso - ok
18:43:53.0533 4800 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:43:53.0535 4800 KSecDD - ok
18:43:53.0737 4800 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:43:53.0739 4800 KSecPkg - ok
18:43:53.0785 4800 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:43:53.0789 4800 KtmRm - ok
18:43:53.0828 4800 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
18:43:53.0831 4800 LanmanServer - ok
18:43:53.0860 4800 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:43:53.0863 4800 LanmanWorkstation - ok
18:43:53.0891 4800 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:43:53.0892 4800 lltdio - ok
18:43:53.0931 4800 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:43:53.0933 4800 lltdsvc - ok
18:43:53.0948 4800 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:43:53.0950 4800 lmhosts - ok
18:43:53.0976 4800 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:43:53.0977 4800 LSI_FC - ok
18:43:53.0999 4800 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:43:54.0000 4800 LSI_SAS - ok
18:43:54.0017 4800 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:43:54.0018 4800 LSI_SAS2 - ok
18:43:54.0033 4800 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:43:54.0035 4800 LSI_SCSI - ok
18:43:54.0051 4800 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:43:54.0052 4800 luafv - ok
18:43:54.0083 4800 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:43:54.0084 4800 Mcx2Svc - ok
18:43:54.0105 4800 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:43:54.0106 4800 megasas - ok
18:43:54.0133 4800 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:43:54.0135 4800 MegaSR - ok
18:43:54.0167 4800 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:43:54.0169 4800 MMCSS - ok
18:43:54.0182 4800 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:43:54.0183 4800 Modem - ok
18:43:54.0196 4800 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:43:54.0197 4800 monitor - ok
18:43:54.0228 4800 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:43:54.0229 4800 mouclass - ok
18:43:54.0242 4800 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:43:54.0243 4800 mouhid - ok
18:43:54.0271 4800 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:43:54.0272 4800 mountmgr - ok
18:43:54.0339 4800 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:43:54.0340 4800 MozillaMaintenance - ok
18:43:54.0363 4800 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:43:54.0365 4800 mpio - ok
18:43:54.0378 4800 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:43:54.0379 4800 mpsdrv - ok
18:43:54.0435 4800 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:43:54.0442 4800 MpsSvc - ok
18:43:54.0478 4800 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:43:54.0479 4800 MRxDAV - ok
18:43:54.0510 4800 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:43:54.0511 4800 mrxsmb - ok
18:43:54.0549 4800 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:43:54.0552 4800 mrxsmb10 - ok
18:43:54.0574 4800 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:43:54.0575 4800 mrxsmb20 - ok
18:43:54.0599 4800 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:43:54.0600 4800 msahci - ok
18:43:54.0639 4800 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:43:54.0641 4800 msdsm - ok
18:43:54.0670 4800 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:43:54.0673 4800 MSDTC - ok
18:43:54.0716 4800 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:43:54.0717 4800 Msfs - ok
18:43:54.0731 4800 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:43:54.0732 4800 mshidkmdf - ok
18:43:54.0763 4800 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:43:54.0764 4800 msisadrv - ok
18:43:54.0799 4800 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:43:54.0801 4800 MSiSCSI - ok
18:43:54.0806 4800 msiserver - ok
18:43:54.0823 4800 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:43:54.0824 4800 MSKSSRV - ok
18:43:54.0835 4800 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:43:54.0836 4800 MSPCLOCK - ok
18:43:54.0850 4800 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:43:54.0851 4800 MSPQM - ok
18:43:54.0875 4800 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:43:54.0876 4800 MsRPC - ok
18:43:54.0893 4800 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:43:54.0894 4800 mssmbios - ok
18:43:54.0908 4800 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:43:54.0909 4800 MSTEE - ok
18:43:54.0914 4800 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:43:54.0915 4800 MTConfig - ok
18:43:54.0933 4800 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:43:54.0934 4800 Mup - ok
18:43:54.0989 4800 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:43:54.0994 4800 napagent - ok
18:43:55.0023 4800 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:43:55.0026 4800 NativeWifiP - ok
18:43:55.0083 4800 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:43:55.0089 4800 NDIS - ok
18:43:55.0104 4800 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:43:55.0105 4800 NdisCap - ok
18:43:55.0121 4800 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:43:55.0122 4800 NdisTapi - ok
18:43:55.0146 4800 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:43:55.0148 4800 Ndisuio - ok
18:43:55.0180 4800 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:43:55.0182 4800 NdisWan - ok
18:43:55.0214 4800 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:43:55.0215 4800 NDProxy - ok
18:43:55.0232 4800 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:43:55.0233 4800 NetBIOS - ok
18:43:55.0277 4800 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:43:55.0280 4800 NetBT - ok
18:43:55.0308 4800 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:55.0310 4800 Netlogon - ok
18:43:55.0360 4800 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:43:55.0364 4800 Netman - ok
18:43:55.0399 4800 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:43:55.0404 4800 netprofm - ok
18:43:55.0491 4800 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:43:55.0493 4800 NetTcpPortSharing - ok
18:43:55.0527 4800 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:43:55.0528 4800 nfrd960 - ok
18:43:55.0573 4800 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:43:55.0577 4800 NlaSvc - ok
18:43:55.0588 4800 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:43:55.0589 4800 Npfs - ok
18:43:55.0616 4800 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:43:55.0618 4800 nsi - ok
18:43:55.0631 4800 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:43:55.0632 4800 nsiproxy - ok
18:43:55.0739 4800 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:43:55.0750 4800 Ntfs - ok
18:43:55.0761 4800 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:43:55.0762 4800 Null - ok
18:43:56.0391 4800 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:43:56.0457 4800 nvlddmkm - ok
18:43:56.0748 4800 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:43:56.0749 4800 nvraid - ok
18:43:56.0770 4800 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:43:56.0771 4800 nvstor - ok
18:43:56.0821 4800 NVSvc (e55877be77a8a31b0416b4e7c3dbe3f2) C:\Windows\system32\nvvsvc.exe
18:43:56.0826 4800 NVSvc - ok
18:43:56.0843 4800 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:43:56.0844 4800 nv_agp - ok
18:43:56.0859 4800 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:43:56.0860 4800 ohci1394 - ok
18:43:56.0912 4800 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:43:56.0913 4800 ose - ok
18:43:56.0964 4800 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:43:56.0968 4800 p2pimsvc - ok
18:43:57.0019 4800 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:43:57.0023 4800 p2psvc - ok
18:43:57.0059 4800 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:43:57.0060 4800 Parport - ok
18:43:57.0083 4800 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
18:43:57.0084 4800 partmgr - ok
18:43:57.0097 4800 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:43:57.0098 4800 Parvdm - ok
18:43:57.0122 4800 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:43:57.0125 4800 PcaSvc - ok
18:43:57.0161 4800 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:43:57.0163 4800 pci - ok
18:43:57.0172 4800 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:43:57.0173 4800 pciide - ok
18:43:57.0198 4800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:43:57.0200 4800 pcmcia - ok
18:43:57.0218 4800 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:43:57.0219 4800 pcw - ok
18:43:57.0269 4800 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:43:57.0274 4800 PEAUTH - ok
18:43:57.0364 4800 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
18:43:57.0373 4800 PeerDistSvc - ok
18:43:57.0502 4800 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:43:57.0514 4800 pla - ok
18:43:57.0638 4800 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:43:57.0642 4800 PlugPlay - ok
18:43:57.0666 4800 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:43:57.0667 4800 PNRPAutoReg - ok
18:43:57.0695 4800 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:43:57.0699 4800 PNRPsvc - ok
18:43:57.0731 4800 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:43:57.0734 4800 PolicyAgent - ok
18:43:57.0754 4800 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:43:57.0757 4800 Power - ok
18:43:57.0807 4800 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:43:57.0809 4800 PptpMiniport - ok
18:43:57.0826 4800 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:43:57.0827 4800 Processor - ok
18:43:57.0873 4800 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:43:57.0875 4800 ProfSvc - ok
18:43:57.0904 4800 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:57.0906 4800 ProtectedStorage - ok
18:43:57.0923 4800 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:43:57.0925 4800 Psched - ok
18:43:58.0023 4800 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:43:58.0032 4800 ql2300 - ok
18:43:58.0160 4800 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:43:58.0161 4800 ql40xx - ok
18:43:58.0206 4800 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:43:58.0208 4800 QWAVE - ok
18:43:58.0225 4800 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:43:58.0226 4800 QWAVEdrv - ok
18:43:58.0239 4800 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:43:58.0240 4800 RasAcd - ok
18:43:58.0269 4800 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:43:58.0270 4800 RasAgileVpn - ok
18:43:58.0290 4800 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:43:58.0292 4800 RasAuto - ok
18:43:58.0312 4800 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:43:58.0313 4800 Rasl2tp - ok
18:43:58.0357 4800 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:43:58.0361 4800 RasMan - ok
18:43:58.0429 4800 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:43:58.0430 4800 RasPppoe - ok
18:43:58.0449 4800 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:43:58.0450 4800 RasSstp - ok
18:43:58.0494 4800 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:43:58.0496 4800 rdbss - ok
18:43:58.0507 4800 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:43:58.0508 4800 rdpbus - ok
18:43:58.0532 4800 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:43:58.0533 4800 RDPCDD - ok
18:43:58.0561 4800 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:43:58.0562 4800 RDPDR - ok
18:43:58.0575 4800 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:43:58.0576 4800 RDPENCDD - ok
18:43:58.0583 4800 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:43:58.0583 4800 RDPREFMP - ok
18:43:58.0603 4800 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
18:43:58.0604 4800 RdpVideoMiniport - ok
18:43:58.0640 4800 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:43:58.0642 4800 RDPWD - ok
18:43:58.0679 4800 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:43:58.0681 4800 rdyboost - ok
18:43:58.0707 4800 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:43:58.0708 4800 RemoteAccess - ok
18:43:58.0747 4800 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:43:58.0750 4800 RemoteRegistry - ok
18:43:58.0917 4800 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
18:43:58.0930 4800 RosettaStoneDaemon - ok
18:43:59.0023 4800 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:43:59.0026 4800 RpcEptMapper - ok
18:43:59.0052 4800 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:43:59.0054 4800 RpcLocator - ok
18:43:59.0110 4800 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:43:59.0116 4800 RpcSs - ok
18:43:59.0167 4800 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:43:59.0169 4800 rspndr - ok
18:43:59.0201 4800 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:43:59.0202 4800 s3cap - ok
18:43:59.0230 4800 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:59.0232 4800 SamSs - ok
18:43:59.0250 4800 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:43:59.0251 4800 sbp2port - ok
18:43:59.0285 4800 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:43:59.0289 4800 SCardSvr - ok
18:43:59.0316 4800 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:43:59.0318 4800 scfilter - ok
18:43:59.0390 4800 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:43:59.0399 4800 Schedule - ok
18:43:59.0424 4800 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:43:59.0426 4800 SCPolicySvc - ok
18:43:59.0467 4800 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:43:59.0471 4800 SDRSVC - ok
18:43:59.0516 4800 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:43:59.0517 4800 secdrv - ok
18:43:59.0544 4800 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:43:59.0548 4800 seclogon - ok
18:43:59.0564 4800 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:43:59.0567 4800 SENS - ok
18:43:59.0597 4800 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:43:59.0600 4800 SensrSvc - ok
18:43:59.0612 4800 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:43:59.0613 4800 Serenum - ok
18:43:59.0633 4800 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:43:59.0634 4800 Serial - ok
18:43:59.0666 4800 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:43:59.0667 4800 sermouse - ok
18:43:59.0711 4800 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:43:59.0714 4800 SessionEnv - ok
18:43:59.0729 4800 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:43:59.0730 4800 sffdisk - ok
18:43:59.0745 4800 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:43:59.0746 4800 sffp_mmc - ok
18:43:59.0757 4800 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:43:59.0758 4800 sffp_sd - ok
18:43:59.0774 4800 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:43:59.0775 4800 sfloppy - ok
18:43:59.0826 4800 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:43:59.0829 4800 SharedAccess - ok
18:43:59.0880 4800 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:43:59.0884 4800 ShellHWDetection - ok
18:43:59.0903 4800 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:43:59.0904 4800 sisagp - ok
18:43:59.0919 4800 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:43:59.0920 4800 SiSRaid2 - ok
18:43:59.0940 4800 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:43:59.0941 4800 SiSRaid4 - ok
18:43:59.0965 4800 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:43:59.0966 4800 Smb - ok
18:44:00.0002 4800 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:44:00.0005 4800 SNMPTRAP - ok
18:44:00.0032 4800 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:44:00.0033 4800 spldr - ok
18:44:00.0080 4800 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:44:00.0083 4800 Spooler - ok
18:44:00.0308 4800 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:44:00.0331 4800 sppsvc - ok
18:44:00.0440 4800 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:44:00.0443 4800 sppuinotify - ok
18:44:00.0513 4800 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:44:00.0515 4800 srv - ok
18:44:00.0548 4800 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:44:00.0550 4800 srv2 - ok
18:44:00.0574 4800 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:44:00.0575 4800 srvnet - ok
18:44:00.0614 4800 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:44:00.0617 4800 SSDPSRV - ok
18:44:00.0631 4800 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:44:00.0633 4800 SstpSvc - ok
18:44:00.0661 4800 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:44:00.0662 4800 stexstor - ok
18:44:00.0720 4800 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:44:00.0726 4800 StiSvc - ok
18:44:00.0758 4800 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:44:00.0759 4800 storflt - ok
18:44:00.0776 4800 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:44:00.0777 4800 storvsc - ok
18:44:00.0801 4800 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:44:00.0802 4800 swenum - ok
18:44:00.0840 4800 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:44:00.0844 4800 swprv - ok
18:44:00.0849 4800 Synth3dVsc - ok
18:44:00.0958 4800 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:44:00.0969 4800 SysMain - ok
18:44:01.0001 4800 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:44:01.0004 4800 TabletInputService - ok
18:44:01.0043 4800 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:44:01.0047 4800 TapiSrv - ok
18:44:01.0065 4800 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:44:01.0068 4800 TBS - ok
18:44:01.0208 4800 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
18:44:01.0216 4800 Tcpip - ok
18:44:01.0233 4800 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
18:44:01.0244 4800 TCPIP6 - ok
18:44:01.0275 4800 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:44:01.0276 4800 tcpipreg - ok
18:44:01.0308 4800 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:44:01.0309 4800 TDPIPE - ok
18:44:01.0339 4800 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:44:01.0340 4800 TDTCP - ok
18:44:01.0372 4800 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:44:01.0373 4800 tdx - ok
18:44:01.0401 4800 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:44:01.0402 4800 TermDD - ok
18:44:01.0466 4800 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:44:01.0472 4800 TermService - ok
18:44:01.0497 4800 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:44:01.0499 4800 Themes - ok
18:44:01.0529 4800 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:44:01.0531 4800 THREADORDER - ok
18:44:01.0549 4800 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:44:01.0553 4800 TrkWks - ok
18:44:01.0617 4800 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:44:01.0619 4800 TrustedInstaller - ok
18:44:01.0753 4800 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:44:01.0754 4800 tssecsrv - ok
18:44:01.0921 4800 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:44:01.0923 4800 TsUsbFlt - ok
18:44:01.0928 4800 tsusbhub - ok
18:44:01.0972 4800 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:44:01.0973 4800 tunnel - ok
18:44:02.0121 4800 tvnserver (7694dca064d0b7e0d1a6972bb9c71b39) C:\Users\L\AppData\Local\CrossLoop\tvnserver.exe
18:44:02.0128 4800 tvnserver - ok
18:44:02.0156 4800 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:44:02.0157 4800 uagp35 - ok
18:44:02.0200 4800 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:44:02.0203 4800 udfs - ok
18:44:02.0236 4800 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:44:02.0238 4800 UI0Detect - ok
18:44:02.0266 4800 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:44:02.0267 4800 uliagpkx - ok
18:44:02.0287 4800 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:44:02.0289 4800 umbus - ok
18:44:02.0299 4800 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:44:02.0300 4800 UmPass - ok
18:44:02.0335 4800 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
18:44:02.0338 4800 UmRdpService - ok
18:44:02.0374 4800 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:44:02.0377 4800 upnphost - ok
18:44:02.0407 4800 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:44:02.0408 4800 USBAAPL - ok
18:44:02.0421 4800 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:44:02.0422 4800 usbccgp - ok
18:44:02.0453 4800 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:44:02.0455 4800 usbcir - ok
18:44:02.0467 4800 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:44:02.0468 4800 usbehci - ok
18:44:02.0489 4800 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:44:02.0491 4800 usbhub - ok
18:44:02.0506 4800 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:44:02.0507 4800 usbohci - ok
18:44:02.0529 4800 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:44:02.0530 4800 usbprint - ok
18:44:02.0564 4800 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:44:02.0565 4800 usbscan - ok
18:44:02.0587 4800 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:44:02.0588 4800 USBSTOR - ok
18:44:02.0605 4800 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:44:02.0606 4800 usbuhci - ok
18:44:02.0623 4800 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
18:44:02.0624 4800 USB_RNDIS - ok
18:44:02.0652 4800 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:44:02.0655 4800 UxSms - ok
18:44:02.0719 4800 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:44:02.0721 4800 VaultSvc - ok
18:44:02.0733 4800 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:44:02.0735 4800 vdrvroot - ok
18:44:02.0792 4800 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:44:02.0799 4800 vds - ok
18:44:02.0817 4800 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:44:02.0818 4800 vga - ok
18:44:02.0833 4800 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:44:02.0834 4800 VgaSave - ok
18:44:02.0839 4800 VGPU - ok
18:44:02.0879 4800 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:44:02.0880 4800 vhdmp - ok
18:44:02.0896 4800 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:44:02.0897 4800 viaagp - ok
18:44:02.0912 4800 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:44:02.0913 4800 ViaC7 - ok
18:44:02.0929 4800 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:44:02.0930 4800 viaide - ok
18:44:02.0954 4800 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:44:02.0955 4800 vmbus - ok
18:44:02.0960 4800 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:44:02.0961 4800 VMBusHID - ok
18:44:02.0982 4800 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:44:02.0983 4800 volmgr - ok
18:44:03.0024 4800 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:44:03.0026 4800 volmgrx - ok
18:44:03.0055 4800 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:44:03.0057 4800 volsnap - ok
18:44:03.0080 4800 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:44:03.0082 4800 vsmraid - ok
18:44:03.0177 4800 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:44:03.0188 4800 VSS - ok
18:44:03.0239 4800 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
18:44:03.0241 4800 VSTHWBS2 - ok
18:44:03.0316 4800 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:44:03.0325 4800 VST_DPV - ok
18:44:03.0472 4800 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
18:44:03.0480 4800 vToolbarUpdater11.1.0 - ok
18:44:03.0603 4800 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:44:03.0604 4800 vwifibus - ok
18:44:03.0619 4800 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:44:03.0620 4800 vwififlt - ok
18:44:03.0660 4800 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:44:03.0665 4800 W32Time - ok
18:44:03.0680 4800 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:44:03.0681 4800 WacomPen - ok
18:44:03.0713 4800 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:44:03.0714 4800 WANARP - ok
18:44:03.0721 4800 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:44:03.0723 4800 Wanarpv6 - ok
18:44:03.0837 4800 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:44:03.0849 4800 WatAdminSvc - ok
18:44:03.0950 4800 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:44:03.0962 4800 wbengine - ok
18:44:03.0989 4800 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:44:03.0992 4800 WbioSrvc - ok
18:44:04.0037 4800 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:44:04.0041 4800 wcncsvc - ok
18:44:04.0054 4800 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:44:04.0057 4800 WcsPlugInService - ok
18:44:04.0105 4800 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:44:04.0106 4800 Wd - ok
18:44:04.0151 4800 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:44:04.0155 4800 Wdf01000 - ok
18:44:04.0172 4800 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:44:04.0175 4800 WdiServiceHost - ok
18:44:04.0179 4800 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:44:04.0183 4800 WdiSystemHost - ok
18:44:04.0230 4800 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:44:04.0234 4800 WebClient - ok
18:44:04.0267 4800 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:44:04.0270 4800 Wecsvc - ok
18:44:04.0288 4800 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:44:04.0291 4800 wercplsupport - ok
18:44:04.0308 4800 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:44:04.0311 4800 WerSvc - ok
18:44:04.0343 4800 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:44:04.0344 4800 WfpLwf - ok
18:44:04.0353 4800 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:44:04.0354 4800 WIMMount - ok
18:44:04.0420 4800 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:44:04.0425 4800 winachsf - ok
18:44:04.0539 4800 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:44:04.0543 4800 WinDefend - ok
18:44:04.0551 4800 WinHttpAutoProxySvc - ok
18:44:04.0692 4800 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:44:04.0694 4800 Winmgmt - ok
18:44:04.0796 4800 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:44:04.0807 4800 WinRM - ok
18:44:04.0876 4800 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:44:04.0877 4800 WinUsb - ok
18:44:04.0958 4800 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:44:04.0967 4800 Wlansvc - ok
18:44:04.0981 4800 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:44:04.0982 4800 WmiAcpi - ok
18:44:05.0019 4800 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:44:05.0020 4800 wmiApSrv - ok
18:44:05.0153 4800 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:44:05.0162 4800 WMPNetworkSvc - ok
18:44:05.0174 4800 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:44:05.0177 4800 WPCSvc - ok
18:44:05.0211 4800 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:44:05.0214 4800 WPDBusEnum - ok
18:44:05.0271 4800 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:44:05.0272 4800 ws2ifsl - ok
18:44:05.0293 4800 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
18:44:05.0296 4800 wscsvc - ok
18:44:05.0301 4800 WSearch - ok
18:44:05.0458 4800 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:44:05.0476 4800 wuauserv - ok
18:44:05.0587 4800 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:44:05.0589 4800 WudfPf - ok
18:44:05.0625 4800 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:44:05.0627 4800 WUDFRd - ok
18:44:05.0666 4800 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:44:05.0669 4800 wudfsvc - ok
18:44:05.0709 4800 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:44:05.0713 4800 WwanSvc - ok
18:44:05.0745 4800 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:44:06.0194 4800 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:44:06.0194 4800 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:44:06.0235 4800 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
18:44:07.0529 4800 \Device\Harddisk4\DR4 - ok
18:44:07.0553 4800 Boot (0x1200) (34ce6db5c1b6b9ded4c9038d6b68a33c) \Device\Harddisk0\DR0\Partition0
18:44:07.0555 4800 \Device\Harddisk0\DR0\Partition0 - ok
18:44:07.0584 4800 Boot (0x1200) (08721546857fdf938fcb7e36b4171af8) \Device\Harddisk0\DR0\Partition1
18:44:07.0585 4800 \Device\Harddisk0\DR0\Partition1 - ok
18:44:07.0598 4800 Boot (0x1200) (7f5c6a791be51759f3e6ef44a0b9db93) \Device\Harddisk4\DR4\Partition0
18:44:07.0605 4800 \Device\Harddisk4\DR4\Partition0 - ok
18:44:07.0605 4800 ============================================================
18:44:07.0605 4800 Scan finished
18:44:07.0606 4800 ============================================================
18:44:07.0618 1860 Detected object count: 1
18:44:07.0619 1860 Actual detected object count: 1
18:44:17.0967 1860 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:44:17.0967 1860 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



ComboFix 12-06-05.03 - L 06/05/2012 18:48:02.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1112 [GMT -4:00]
Running from: c:\users\L\Desktop\computer fix\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 22:55 . 2012-06-05 22:59 -------- d-----w- c:\users\L\AppData\Local\temp
2012-06-05 22:55 . 2012-06-05 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-05 22:39 . 2012-06-05 22:39 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-05 22:39 . 2012-06-05 22:39 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-04 18:46 . 2012-06-04 18:46 -------- d-----w- c:\users\L\AppData\Roaming\Malwarebytes
2012-06-04 18:46 . 2012-06-04 18:46 -------- d-----w- c:\programdata\Malwarebytes
2012-06-04 18:46 . 2012-06-04 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-04 18:46 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 17:59 . 2012-06-04 17:59 -------- d-----w- c:\users\L\AppData\Roaming\AVG2012
2012-06-04 17:58 . 2012-06-04 17:58 -------- d-----w- c:\users\L\AppData\Local\AVG Secure Search
2012-06-04 17:58 . 2012-06-04 18:00 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 17:58 . 2012-06-04 17:58 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 17:58 . 2012-06-04 17:58 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 17:56 . 2012-06-04 17:56 -------- d--h--w- c:\programdata\Common Files
2012-06-04 17:56 . 2012-06-05 15:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 17:56 . 2012-06-04 18:30 -------- d-----w- c:\programdata\AVG2012
2012-06-04 17:56 . 2012-06-04 17:56 -------- d-----w- C:\$AVG
2012-06-04 17:55 . 2012-06-04 17:55 -------- d-----w- c:\program files\AVG
2012-06-04 17:53 . 2012-06-05 22:18 -------- d-----w- c:\programdata\MFAData
2012-06-01 17:33 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63D984A2-2885-4671-A544-0CDA3291F5B6}\mpengine.dll
2012-05-19 05:53 . 2012-06-05 19:50 -------- d-----r- c:\users\L\Dropbox
2012-05-19 05:50 . 2012-06-05 22:29 -------- d-----w- c:\users\L\AppData\Roaming\Dropbox
2012-05-08 23:51 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 23:51 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 23:51 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-08 23:51 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 23:51 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-08 23:51 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-08 23:51 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 23:51 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 23:51 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 23:51 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-06-05 22:39 . 2012-05-01 17:01 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 17:58 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\L\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-05 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 CrossLoopService;CrossLoop Service;c:\users\LUIS HERNANDEZ\AppData\Local\CrossLoop\CrossLoopService.exe [2010-08-18 560848]
R4 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-04-15 1646056]
R4 tvnserver;TightVNC Server;c:\users\LUIS HERNANDEZ\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 86118350
*NewlyCreated* - 98670661
*NewlyCreated* - AVGIDSHX
*NewlyCreated* - AWDCQPOC
*Deregistered* - 86118350
*Deregistered* - 98670661
*Deregistered* - awdcqpoc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\LUIS HERNANDEZ\AppData\Roaming\Mozilla\Firefox\Profiles\kn8uxtot.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B893f3e90-2965-4e23-bd26-726afbf19306%7D&mid=f134da63e07547d09dd2757a838a7b0c-004e697ebe327b109c23881ade437eba3480790e&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-04%2013%3A58%3A29&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-05 19:06:17
ComboFix-quarantined-files.txt 2012-06-05 23:06
.
Pre-Run: 206,494,810,112 bytes free
Post-Run: 206,542,241,792 bytes free
.
- - End Of File - - 28707A56A4C8FD4A94B9784430E50460

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 05 June 2012 - 08:13 PM

Please do this next:

Posted Image Run TDSSKiller again, but this time let it cure this entry:

\Device\Harddisk0\DR0 ( TDSS File System )


Posted Image Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • TDSSKiller log
  • Security Check log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 lightblue13

lightblue13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 05 June 2012 - 08:27 PM

TDSSKiller does not provide the option of curing the file, so I opted to Skip it as was instructed in the previous post. Should I quarantine or delete it instead?

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 05 June 2012 - 09:54 PM

Sorry about that - please run it again and choose "Delete" on that detection.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 lightblue13

lightblue13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 05 June 2012 - 11:00 PM

Not a problem. The following reports were produced:

21:25:25.0931 4192 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
21:25:26.0491 4192 ============================================================
21:25:26.0491 4192 Current date / time: 2012/06/05 21:25:26.0491
21:25:26.0491 4192 SystemInfo:
21:25:26.0491 4192
21:25:26.0491 4192 OS Version: 6.1.7601 ServicePack: 1.0
21:25:26.0491 4192 Product type: Workstation
21:25:26.0491 4192 ComputerName: L
21:25:26.0492 4192 UserName: L
21:25:26.0492 4192 Windows directory: C:\Windows
21:25:26.0492 4192 System windows directory: C:\Windows
21:25:26.0492 4192 Processor architecture: Intel x86
21:25:26.0492 4192 Number of processors: 2
21:25:26.0492 4192 Page size: 0x1000
21:25:26.0492 4192 Boot type: Normal boot
21:25:26.0492 4192 ============================================================
21:25:26.0722 4192 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:25:26.0823 4192 Drive \Device\Harddisk4\DR4 - Size: 0xEF800000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:25:26.0853 4192 ============================================================
21:25:26.0853 4192 \Device\Harddisk0\DR0:
21:25:26.0853 4192 MBR partitions:
21:25:26.0853 4192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C068915
21:25:26.0853 4192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C06C815, BlocksNum 0x1157D6C
21:25:26.0853 4192 \Device\Harddisk4\DR4:
21:25:26.0860 4192 MBR partitions:
21:25:26.0860 4192 \Device\Harddisk4\DR4\Partition0: MBR, Type 0xC, StartLBA 0x24, BlocksNum 0x779800
21:25:26.0860 4192 ============================================================
21:25:26.0869 4192 C: <-> \Device\Harddisk0\DR0\Partition0
21:25:26.0895 4192 E: <-> \Device\Harddisk0\DR0\Partition1
21:25:26.0895 4192 ============================================================
21:25:26.0895 4192 Initialize success
21:25:26.0895 4192 ============================================================
21:25:32.0041 4076 ============================================================
21:25:32.0041 4076 Scan started
21:25:32.0041 4076 Mode: Manual; TDLFS;
21:25:32.0041 4076 ============================================================
21:25:32.0868 4076 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:25:32.0870 4076 1394ohci - ok
21:25:32.0924 4076 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:25:32.0927 4076 ACPI - ok
21:25:32.0958 4076 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:25:32.0958 4076 AcpiPmi - ok
21:25:33.0055 4076 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:25:33.0057 4076 AdobeARMservice - ok
21:25:33.0116 4076 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:25:33.0119 4076 adp94xx - ok
21:25:33.0156 4076 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:25:33.0158 4076 adpahci - ok
21:25:33.0178 4076 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:25:33.0179 4076 adpu320 - ok
21:25:33.0211 4076 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:25:33.0213 4076 AeLookupSvc - ok
21:25:33.0270 4076 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:25:33.0273 4076 AFD - ok
21:25:33.0304 4076 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:25:33.0305 4076 agp440 - ok
21:25:33.0326 4076 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:25:33.0327 4076 aic78xx - ok
21:25:33.0358 4076 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:25:33.0360 4076 ALG - ok
21:25:33.0375 4076 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:25:33.0375 4076 aliide - ok
21:25:33.0405 4076 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys
21:25:33.0405 4076 amacpi - ok
21:25:33.0417 4076 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:25:33.0418 4076 amdagp - ok
21:25:33.0434 4076 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:25:33.0435 4076 amdide - ok
21:25:33.0467 4076 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:25:33.0468 4076 AmdK8 - ok
21:25:33.0484 4076 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:25:33.0485 4076 AmdPPM - ok
21:25:33.0531 4076 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:25:33.0532 4076 amdsata - ok
21:25:33.0567 4076 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:25:33.0568 4076 amdsbs - ok
21:25:33.0584 4076 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:25:33.0585 4076 amdxata - ok
21:25:33.0617 4076 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:25:33.0618 4076 AppID - ok
21:25:33.0654 4076 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:25:33.0655 4076 AppIDSvc - ok
21:25:33.0693 4076 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:25:33.0694 4076 Appinfo - ok
21:25:33.0825 4076 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:25:33.0828 4076 Apple Mobile Device - ok
21:25:33.0878 4076 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:25:33.0879 4076 AppMgmt - ok
21:25:33.0913 4076 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:25:33.0915 4076 arc - ok
21:25:33.0930 4076 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:25:33.0932 4076 arcsas - ok
21:25:33.0961 4076 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:33.0962 4076 AsyncMac - ok
21:25:34.0007 4076 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:25:34.0008 4076 atapi - ok
21:25:34.0105 4076 athr (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys
21:25:34.0113 4076 athr - ok
21:25:34.0179 4076 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:25:34.0182 4076 AudioEndpointBuilder - ok
21:25:34.0190 4076 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:25:34.0193 4076 Audiosrv - ok
21:25:34.0581 4076 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
21:25:34.0613 4076 AVGIDSAgent - ok
21:25:34.0792 4076 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
21:25:34.0793 4076 AVGIDSDriver - ok
21:25:34.0822 4076 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
21:25:34.0823 4076 AVGIDSFilter - ok
21:25:34.0839 4076 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
21:25:34.0840 4076 AVGIDSHX - ok
21:25:34.0850 4076 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
21:25:34.0851 4076 AVGIDSShim - ok
21:25:34.0896 4076 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
21:25:34.0898 4076 Avgldx86 - ok
21:25:34.0938 4076 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:25:34.0939 4076 Avgmfx86 - ok
21:25:34.0974 4076 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:25:34.0975 4076 Avgrkx86 - ok
21:25:35.0018 4076 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
21:25:35.0020 4076 Avgtdix - ok
21:25:35.0101 4076 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:25:35.0103 4076 avgwd - ok
21:25:35.0150 4076 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:25:35.0152 4076 AxInstSV - ok
21:25:35.0211 4076 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:25:35.0214 4076 b06bdrv - ok
21:25:35.0259 4076 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:25:35.0261 4076 b57nd60x - ok
21:25:35.0297 4076 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:25:35.0299 4076 BDESVC - ok
21:25:35.0328 4076 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:25:35.0329 4076 Beep - ok
21:25:35.0398 4076 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:25:35.0402 4076 BFE - ok
21:25:35.0461 4076 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:25:35.0467 4076 BITS - ok
21:25:35.0502 4076 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:35.0503 4076 blbdrive - ok
21:25:35.0607 4076 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:25:35.0612 4076 Bonjour Service - ok
21:25:35.0638 4076 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:25:35.0640 4076 bowser - ok
21:25:35.0652 4076 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:25:35.0653 4076 BrFiltLo - ok
21:25:35.0660 4076 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:25:35.0661 4076 BrFiltUp - ok
21:25:35.0697 4076 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:25:35.0699 4076 BridgeMP - ok
21:25:35.0732 4076 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:25:35.0734 4076 Browser - ok
21:25:35.0760 4076 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:25:35.0762 4076 Brserid - ok
21:25:35.0779 4076 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:35.0780 4076 BrSerWdm - ok
21:25:35.0785 4076 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:35.0786 4076 BrUsbMdm - ok
21:25:35.0801 4076 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:35.0802 4076 BrUsbSer - ok
21:25:35.0821 4076 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:25:35.0822 4076 BTHMODEM - ok
21:25:35.0861 4076 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:25:35.0863 4076 bthserv - ok
21:25:35.0906 4076 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
21:25:35.0907 4076 BVRPMPR5 - ok
21:25:36.0011 4076 catchme - ok
21:25:36.0039 4076 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:25:36.0041 4076 cdfs - ok
21:25:36.0100 4076 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:25:36.0102 4076 cdrom - ok
21:25:36.0140 4076 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:25:36.0141 4076 CertPropSvc - ok
21:25:36.0175 4076 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:25:36.0176 4076 circlass - ok
21:25:36.0209 4076 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:25:36.0213 4076 CLFS - ok
21:25:36.0270 4076 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:36.0272 4076 clr_optimization_v2.0.50727_32 - ok
21:25:36.0344 4076 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:25:36.0347 4076 clr_optimization_v4.0.30319_32 - ok
21:25:36.0363 4076 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:25:36.0364 4076 CmBatt - ok
21:25:36.0391 4076 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:25:36.0392 4076 cmdide - ok
21:25:36.0439 4076 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:25:36.0444 4076 CNG - ok
21:25:36.0460 4076 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:25:36.0461 4076 Compbatt - ok
21:25:36.0504 4076 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:25:36.0505 4076 CompositeBus - ok
21:25:36.0521 4076 COMSysApp - ok
21:25:36.0536 4076 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:25:36.0537 4076 crcdisk - ok
21:25:36.0693 4076 CrossLoopService (c128e740cdb1048fb72f4f80fa384943) C:\Users\LUIS HERNANDEZ\AppData\Local\CrossLoop\CrossLoopService.exe
21:25:36.0698 4076 CrossLoopService - ok
21:25:36.0753 4076 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:25:36.0755 4076 CryptSvc - ok
21:25:36.0807 4076 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:25:36.0812 4076 CSC - ok
21:25:36.0864 4076 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:25:36.0871 4076 CscService - ok
21:25:36.0911 4076 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:25:36.0915 4076 DcomLaunch - ok
21:25:36.0952 4076 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:25:36.0956 4076 defragsvc - ok
21:25:37.0012 4076 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:25:37.0015 4076 DfsC - ok
21:25:37.0086 4076 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:25:37.0090 4076 Dhcp - ok
21:25:37.0112 4076 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:25:37.0114 4076 discache - ok
21:25:37.0146 4076 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:25:37.0147 4076 Disk - ok
21:25:37.0179 4076 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:25:37.0182 4076 Dnscache - ok
21:25:37.0230 4076 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:25:37.0234 4076 dot3svc - ok
21:25:37.0275 4076 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:25:37.0279 4076 DPS - ok
21:25:37.0320 4076 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:25:37.0321 4076 drmkaud - ok
21:25:37.0350 4076 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
21:25:37.0351 4076 dsNcAdpt - ok
21:25:37.0469 4076 dsNcService (0e08704523eacace8b2790114cc828aa) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
21:25:37.0477 4076 dsNcService - ok
21:25:37.0542 4076 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:25:37.0551 4076 DXGKrnl - ok
21:25:37.0595 4076 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
21:25:37.0596 4076 e1express - ok
21:25:37.0631 4076 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:25:37.0634 4076 EapHost - ok
21:25:37.0848 4076 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:25:37.0868 4076 ebdrv - ok
21:25:38.0027 4076 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:25:38.0029 4076 EFS - ok
21:25:38.0121 4076 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:25:38.0127 4076 ehRecvr - ok
21:25:38.0164 4076 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:25:38.0166 4076 ehSched - ok
21:25:38.0256 4076 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:25:38.0259 4076 elxstor - ok
21:25:38.0290 4076 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:25:38.0291 4076 ErrDev - ok
21:25:38.0341 4076 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:25:38.0343 4076 EventSystem - ok
21:25:38.0373 4076 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:25:38.0375 4076 exfat - ok
21:25:38.0405 4076 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:25:38.0408 4076 fastfat - ok
21:25:38.0473 4076 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:25:38.0480 4076 Fax - ok
21:25:38.0494 4076 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:25:38.0496 4076 fdc - ok
21:25:38.0517 4076 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:25:38.0518 4076 fdPHost - ok
21:25:38.0527 4076 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:25:38.0529 4076 FDResPub - ok
21:25:38.0541 4076 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:25:38.0543 4076 FileInfo - ok
21:25:38.0560 4076 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:25:38.0562 4076 Filetrace - ok
21:25:38.0580 4076 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:25:38.0581 4076 flpydisk - ok
21:25:38.0605 4076 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:25:38.0607 4076 FltMgr - ok
21:25:38.0679 4076 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:25:38.0690 4076 FontCache - ok
21:25:38.0774 4076 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:25:38.0776 4076 FontCache3.0.0.0 - ok
21:25:38.0796 4076 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:25:38.0797 4076 FsDepends - ok
21:25:38.0825 4076 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:25:38.0827 4076 Fs_Rec - ok
21:25:38.0875 4076 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:25:38.0876 4076 fvevol - ok
21:25:38.0911 4076 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:25:38.0912 4076 gagp30kx - ok
21:25:38.0952 4076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:25:38.0953 4076 GEARAspiWDM - ok
21:25:39.0017 4076 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:25:39.0026 4076 gpsvc - ok
21:25:39.0041 4076 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:25:39.0041 4076 hcw85cir - ok
21:25:39.0082 4076 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\Windows\system32\DRIVERS\hcwPP2.sys
21:25:39.0083 4076 hcwPP2 - ok
21:25:39.0152 4076 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:25:39.0157 4076 HdAudAddService - ok
21:25:39.0200 4076 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:25:39.0202 4076 HDAudBus - ok
21:25:39.0214 4076 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:25:39.0215 4076 HidBatt - ok
21:25:39.0233 4076 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:25:39.0235 4076 HidBth - ok
21:25:39.0263 4076 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:25:39.0264 4076 HidIr - ok
21:25:39.0293 4076 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:25:39.0296 4076 hidserv - ok
21:25:39.0325 4076 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:25:39.0326 4076 HidUsb - ok
21:25:39.0355 4076 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:25:39.0358 4076 hkmsvc - ok
21:25:39.0397 4076 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:25:39.0401 4076 HomeGroupListener - ok
21:25:39.0451 4076 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:25:39.0455 4076 HomeGroupProvider - ok
21:25:39.0494 4076 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:25:39.0496 4076 HpSAMD - ok
21:25:39.0559 4076 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:25:39.0563 4076 HTTP - ok
21:25:39.0583 4076 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:25:39.0584 4076 hwpolicy - ok
21:25:39.0625 4076 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:25:39.0628 4076 i8042prt - ok
21:25:39.0668 4076 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:25:39.0672 4076 iaStorV - ok
21:25:39.0803 4076 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:25:39.0815 4076 idsvc - ok
21:25:39.0839 4076 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:25:39.0840 4076 iirsp - ok
21:25:39.0915 4076 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:25:39.0923 4076 IKEEXT - ok
21:25:39.0950 4076 IntcAzAudAddService - ok
21:25:39.0970 4076 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:25:39.0971 4076 intelide - ok
21:25:40.0003 4076 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:25:40.0004 4076 intelppm - ok
21:25:40.0037 4076 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:25:40.0040 4076 IPBusEnum - ok
21:25:40.0063 4076 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:40.0064 4076 IpFilterDriver - ok
21:25:40.0118 4076 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:25:40.0125 4076 iphlpsvc - ok
21:25:40.0152 4076 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:25:40.0153 4076 IPMIDRV - ok
21:25:40.0169 4076 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:25:40.0170 4076 IPNAT - ok
21:25:40.0289 4076 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
21:25:40.0295 4076 iPod Service - ok
21:25:40.0328 4076 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:25:40.0328 4076 IRENUM - ok
21:25:40.0354 4076 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:25:40.0355 4076 isapnp - ok
21:25:40.0391 4076 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:25:40.0393 4076 iScsiPrt - ok
21:25:40.0418 4076 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:25:40.0419 4076 kbdclass - ok
21:25:40.0442 4076 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:25:40.0443 4076 kbdhid - ok
21:25:40.0474 4076 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:25:40.0476 4076 KeyIso - ok
21:25:40.0489 4076 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:25:40.0490 4076 KSecDD - ok
21:25:40.0508 4076 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:25:40.0509 4076 KSecPkg - ok
21:25:40.0559 4076 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:25:40.0562 4076 KtmRm - ok
21:25:40.0601 4076 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:25:40.0604 4076 LanmanServer - ok
21:25:40.0642 4076 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:25:40.0645 4076 LanmanWorkstation - ok
21:25:40.0697 4076 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:25:40.0698 4076 lltdio - ok
21:25:40.0729 4076 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:25:40.0734 4076 lltdsvc - ok
21:25:40.0754 4076 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:25:40.0755 4076 lmhosts - ok
21:25:40.0791 4076 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:25:40.0791 4076 LSI_FC - ok
21:25:40.0813 4076 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:25:40.0814 4076 LSI_SAS - ok
21:25:40.0832 4076 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:25:40.0833 4076 LSI_SAS2 - ok
21:25:40.0847 4076 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:25:40.0848 4076 LSI_SCSI - ok
21:25:40.0867 4076 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:25:40.0868 4076 luafv - ok
21:25:40.0898 4076 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:25:40.0899 4076 Mcx2Svc - ok
21:25:40.0919 4076 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:25:40.0920 4076 megasas - ok
21:25:40.0949 4076 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:25:40.0951 4076 MegaSR - ok
21:25:40.0974 4076 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:25:40.0976 4076 MMCSS - ok
21:25:40.0989 4076 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:25:40.0990 4076 Modem - ok
21:25:41.0011 4076 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:25:41.0012 4076 monitor - ok
21:25:41.0042 4076 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:25:41.0043 4076 mouclass - ok
21:25:41.0073 4076 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:25:41.0074 4076 mouhid - ok
21:25:41.0102 4076 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:25:41.0104 4076 mountmgr - ok
21:25:41.0204 4076 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:25:41.0205 4076 MozillaMaintenance - ok
21:25:41.0236 4076 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:25:41.0237 4076 mpio - ok
21:25:41.0268 4076 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:25:41.0269 4076 mpsdrv - ok
21:25:41.0331 4076 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:25:41.0335 4076 MpsSvc - ok
21:25:41.0369 4076 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:25:41.0370 4076 MRxDAV - ok
21:25:41.0416 4076 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:41.0418 4076 mrxsmb - ok
21:25:41.0458 4076 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:41.0458 4076 mrxsmb10 - ok
21:25:41.0481 4076 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:41.0482 4076 mrxsmb20 - ok
21:25:41.0514 4076 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:25:41.0515 4076 msahci - ok
21:25:41.0555 4076 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:25:41.0556 4076 msdsm - ok
21:25:41.0586 4076 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:25:41.0588 4076 MSDTC - ok
21:25:41.0623 4076 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:25:41.0625 4076 Msfs - ok
21:25:41.0637 4076 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:25:41.0638 4076 mshidkmdf - ok
21:25:41.0662 4076 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:25:41.0663 4076 msisadrv - ok
21:25:41.0698 4076 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:25:41.0700 4076 MSiSCSI - ok
21:25:41.0705 4076 msiserver - ok
21:25:41.0730 4076 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:25:41.0731 4076 MSKSSRV - ok
21:25:41.0743 4076 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:41.0744 4076 MSPCLOCK - ok
21:25:41.0757 4076 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:25:41.0758 4076 MSPQM - ok
21:25:41.0782 4076 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:25:41.0786 4076 MsRPC - ok
21:25:41.0799 4076 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:25:41.0800 4076 mssmbios - ok
21:25:41.0815 4076 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:25:41.0816 4076 MSTEE - ok
21:25:41.0820 4076 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:25:41.0821 4076 MTConfig - ok
21:25:41.0840 4076 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:25:41.0841 4076 Mup - ok
21:25:41.0885 4076 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:25:41.0889 4076 napagent - ok
21:25:41.0939 4076 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:25:41.0941 4076 NativeWifiP - ok
21:25:42.0012 4076 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:25:42.0017 4076 NDIS - ok
21:25:42.0037 4076 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:42.0039 4076 NdisCap - ok
21:25:42.0062 4076 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:42.0062 4076 NdisTapi - ok
21:25:42.0096 4076 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:42.0097 4076 Ndisuio - ok
21:25:42.0138 4076 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:42.0139 4076 NdisWan - ok
21:25:42.0171 4076 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:25:42.0173 4076 NDProxy - ok
21:25:42.0207 4076 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:25:42.0208 4076 NetBIOS - ok
21:25:42.0251 4076 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:25:42.0253 4076 NetBT - ok
21:25:42.0283 4076 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:25:42.0285 4076 Netlogon - ok
21:25:42.0350 4076 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:25:42.0353 4076 Netman - ok
21:25:42.0389 4076 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:25:42.0393 4076 netprofm - ok
21:25:42.0482 4076 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:25:42.0483 4076 NetTcpPortSharing - ok
21:25:42.0526 4076 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:25:42.0528 4076 nfrd960 - ok
21:25:42.0572 4076 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:25:42.0575 4076 NlaSvc - ok
21:25:42.0587 4076 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:25:42.0589 4076 Npfs - ok
21:25:42.0615 4076 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:25:42.0617 4076 nsi - ok
21:25:42.0631 4076 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:25:42.0631 4076 nsiproxy - ok
21:25:42.0738 4076 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:25:42.0751 4076 Ntfs - ok
21:25:42.0760 4076 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:25:42.0761 4076 Null - ok
21:25:43.0405 4076 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:25:43.0468 4076 nvlddmkm - ok
21:25:43.0647 4076 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:25:43.0648 4076 nvraid - ok
21:25:43.0669 4076 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:25:43.0671 4076 nvstor - ok
21:25:43.0735 4076 NVSvc (e55877be77a8a31b0416b4e7c3dbe3f2) C:\Windows\system32\nvvsvc.exe
21:25:43.0741 4076 NVSvc - ok
21:25:43.0759 4076 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:25:43.0761 4076 nv_agp - ok
21:25:43.0775 4076 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:25:43.0776 4076 ohci1394 - ok
21:25:43.0844 4076 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:25:43.0845 4076 ose - ok
21:25:43.0897 4076 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:25:43.0901 4076 p2pimsvc - ok
21:25:43.0959 4076 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:25:43.0963 4076 p2psvc - ok
21:25:44.0000 4076 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:25:44.0000 4076 Parport - ok
21:25:44.0033 4076 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:25:44.0034 4076 partmgr - ok
21:25:44.0046 4076 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:25:44.0047 4076 Parvdm - ok
21:25:44.0071 4076 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:25:44.0074 4076 PcaSvc - ok
21:25:44.0110 4076 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:25:44.0111 4076 pci - ok
21:25:44.0122 4076 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:25:44.0123 4076 pciide - ok
21:25:44.0147 4076 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:25:44.0149 4076 pcmcia - ok
21:25:44.0160 4076 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:25:44.0161 4076 pcw - ok
21:25:44.0226 4076 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:25:44.0230 4076 PEAUTH - ok
21:25:44.0331 4076 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:25:44.0338 4076 PeerDistSvc - ok
21:25:44.0464 4076 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:25:44.0475 4076 pla - ok
21:25:44.0638 4076 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:25:44.0641 4076 PlugPlay - ok
21:25:44.0665 4076 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:25:44.0666 4076 PNRPAutoReg - ok
21:25:44.0694 4076 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:25:44.0698 4076 PNRPsvc - ok
21:25:44.0747 4076 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:25:44.0750 4076 PolicyAgent - ok
21:25:44.0794 4076 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:25:44.0797 4076 Power - ok
21:25:44.0856 4076 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:25:44.0857 4076 PptpMiniport - ok
21:25:44.0874 4076 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:25:44.0875 4076 Processor - ok
21:25:44.0921 4076 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:25:44.0924 4076 ProfSvc - ok
21:25:44.0953 4076 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:25:44.0954 4076 ProtectedStorage - ok
21:25:44.0990 4076 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:25:44.0991 4076 Psched - ok
21:25:45.0086 4076 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:25:45.0095 4076 ql2300 - ok
21:25:45.0250 4076 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:25:45.0251 4076 ql40xx - ok
21:25:45.0296 4076 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:25:45.0300 4076 QWAVE - ok
21:25:45.0332 4076 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:25:45.0333 4076 QWAVEdrv - ok
21:25:45.0346 4076 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:25:45.0347 4076 RasAcd - ok
21:25:45.0384 4076 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:25:45.0385 4076 RasAgileVpn - ok
21:25:45.0404 4076 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:25:45.0406 4076 RasAuto - ok
21:25:45.0427 4076 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:25:45.0428 4076 Rasl2tp - ok
21:25:45.0481 4076 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:25:45.0484 4076 RasMan - ok
21:25:45.0498 4076 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:25:45.0500 4076 RasPppoe - ok
21:25:45.0515 4076 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:25:45.0516 4076 RasSstp - ok
21:25:45.0559 4076 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:25:45.0561 4076 rdbss - ok
21:25:45.0573 4076 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:25:45.0574 4076 rdpbus - ok
21:25:45.0605 4076 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:25:45.0606 4076 RDPCDD - ok
21:25:45.0652 4076 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:25:45.0655 4076 RDPDR - ok
21:25:45.0681 4076 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:25:45.0682 4076 RDPENCDD - ok
21:25:45.0689 4076 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:25:45.0690 4076 RDPREFMP - ok
21:25:45.0727 4076 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
21:25:45.0728 4076 RdpVideoMiniport - ok
21:25:45.0763 4076 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:25:45.0767 4076 RDPWD - ok
21:25:45.0819 4076 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:25:45.0821 4076 rdyboost - ok
21:25:45.0863 4076 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:25:45.0865 4076 RemoteAccess - ok
21:25:45.0903 4076 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:25:45.0906 4076 RemoteRegistry - ok
21:25:46.0082 4076 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
21:25:46.0101 4076 RosettaStoneDaemon - ok
21:25:46.0230 4076 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:25:46.0233 4076 RpcEptMapper - ok
21:25:46.0260 4076 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:25:46.0261 4076 RpcLocator - ok
21:25:46.0318 4076 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:25:46.0322 4076 RpcSs - ok
21:25:46.0401 4076 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:25:46.0402 4076 rspndr - ok
21:25:46.0425 4076 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:25:46.0426 4076 s3cap - ok
21:25:46.0454 4076 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:25:46.0456 4076 SamSs - ok
21:25:46.0491 4076 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:25:46.0492 4076 sbp2port - ok
21:25:46.0524 4076 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:25:46.0527 4076 SCardSvr - ok
21:25:46.0557 4076 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:25:46.0558 4076 scfilter - ok
21:25:46.0630 4076 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:25:46.0637 4076 Schedule - ok
21:25:46.0665 4076 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:25:46.0666 4076 SCPolicySvc - ok
21:25:46.0682 4076 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:25:46.0685 4076 SDRSVC - ok
21:25:46.0723 4076 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:25:46.0724 4076 secdrv - ok
21:25:46.0735 4076 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:25:46.0737 4076 seclogon - ok
21:25:46.0771 4076 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:25:46.0774 4076 SENS - ok
21:25:46.0804 4076 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:25:46.0807 4076 SensrSvc - ok
21:25:46.0819 4076 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:25:46.0820 4076 Serenum - ok
21:25:46.0840 4076 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:25:46.0842 4076 Serial - ok
21:25:46.0875 4076 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:25:46.0876 4076 sermouse - ok
21:25:46.0918 4076 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:25:46.0921 4076 SessionEnv - ok
21:25:46.0936 4076 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:25:46.0937 4076 sffdisk - ok
21:25:46.0953 4076 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:25:46.0954 4076 sffp_mmc - ok
21:25:46.0964 4076 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:25:46.0965 4076 sffp_sd - ok
21:25:46.0981 4076 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:25:46.0982 4076 sfloppy - ok
21:25:47.0049 4076 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:25:47.0052 4076 SharedAccess - ok
21:25:47.0102 4076 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:25:47.0106 4076 ShellHWDetection - ok
21:25:47.0118 4076 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:25:47.0120 4076 sisagp - ok
21:25:47.0144 4076 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:25:47.0145 4076 SiSRaid2 - ok
21:25:47.0164 4076 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:25:47.0166 4076 SiSRaid4 - ok
21:25:47.0189 4076 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:25:47.0192 4076 Smb - ok
21:25:47.0244 4076 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:25:47.0246 4076 SNMPTRAP - ok
21:25:47.0256 4076 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:25:47.0257 4076 spldr - ok
21:25:47.0314 4076 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:25:47.0318 4076 Spooler - ok
21:25:47.0553 4076 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:25:47.0578 4076 sppsvc - ok
21:25:47.0730 4076 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:25:47.0733 4076 sppuinotify - ok
21:25:47.0803 4076 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:25:47.0805 4076 srv - ok
21:25:47.0838 4076 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:25:47.0840 4076 srv2 - ok
21:25:47.0856 4076 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:25:47.0858 4076 srvnet - ok
21:25:47.0904 4076 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:25:47.0907 4076 SSDPSRV - ok
21:25:47.0921 4076 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:25:47.0924 4076 SstpSvc - ok
21:25:47.0959 4076 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:25:47.0960 4076 stexstor - ok
21:25:48.0016 4076 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:25:48.0022 4076 StiSvc - ok
21:25:48.0048 4076 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:25:48.0049 4076 storflt - ok
21:25:48.0083 4076 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:25:48.0083 4076 storvsc - ok
21:25:48.0108 4076 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:25:48.0109 4076 swenum - ok
21:25:48.0155 4076 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:25:48.0159 4076 swprv - ok
21:25:48.0177 4076 Synth3dVsc - ok
21:25:48.0275 4076 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:25:48.0284 4076 SysMain - ok
21:25:48.0310 4076 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:25:48.0313 4076 TabletInputService - ok
21:25:48.0351 4076 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:25:48.0355 4076 TapiSrv - ok
21:25:48.0373 4076 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:25:48.0375 4076 TBS - ok
21:25:48.0505 4076 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:25:48.0519 4076 Tcpip - ok
21:25:48.0543 4076 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:25:48.0552 4076 TCPIP6 - ok
21:25:48.0583 4076 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:25:48.0584 4076 tcpipreg - ok
21:25:48.0617 4076 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:25:48.0618 4076 TDPIPE - ok
21:25:48.0647 4076 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:25:48.0648 4076 TDTCP - ok
21:25:48.0679 4076 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:25:48.0680 4076 tdx - ok
21:25:48.0708 4076 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:25:48.0709 4076 TermDD - ok
21:25:48.0766 4076 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:25:48.0771 4076 TermService - ok
21:25:48.0795 4076 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:25:48.0798 4076 Themes - ok
21:25:48.0820 4076 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:25:48.0822 4076 THREADORDER - ok
21:25:48.0841 4076 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:25:48.0844 4076 TrkWks - ok
21:25:48.0904 4076 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:25:48.0906 4076 TrustedInstaller - ok
21:25:48.0939 4076 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:48.0940 4076 tssecsrv - ok
21:25:48.0998 4076 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:25:49.0000 4076 TsUsbFlt - ok
21:25:49.0003 4076 tsusbhub - ok
21:25:49.0047 4076 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:25:49.0049 4076 tunnel - ok
21:25:49.0213 4076 tvnserver (7694dca064d0b7e0d1a6972bb9c71b39) C:\Users\LUIS HERNANDEZ\AppData\Local\CrossLoop\tvnserver.exe
21:25:49.0224 4076 tvnserver - ok
21:25:49.0257 4076 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:25:49.0259 4076 uagp35 - ok
21:25:49.0310 4076 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:25:49.0312 4076 udfs - ok
21:25:49.0354 4076 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:25:49.0356 4076 UI0Detect - ok
21:25:49.0393 4076 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:25:49.0394 4076 uliagpkx - ok
21:25:49.0422 4076 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:25:49.0423 4076 umbus - ok
21:25:49.0451 4076 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:25:49.0452 4076 UmPass - ok
21:25:49.0494 4076 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
21:25:49.0497 4076 UmRdpService - ok
21:25:49.0533 4076 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:25:49.0537 4076 upnphost - ok
21:25:49.0575 4076 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:25:49.0576 4076 USBAAPL - ok
21:25:49.0589 4076 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:49.0590 4076 usbccgp - ok
21:25:49.0637 4076 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:25:49.0638 4076 usbcir - ok
21:25:49.0652 4076 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:25:49.0653 4076 usbehci - ok
21:25:49.0682 4076 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:25:49.0684 4076 usbhub - ok
21:25:49.0700 4076 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:25:49.0701 4076 usbohci - ok
21:25:49.0722 4076 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:25:49.0723 4076 usbprint - ok
21:25:49.0757 4076 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:25:49.0758 4076 usbscan - ok
21:25:49.0772 4076 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:49.0773 4076 USBSTOR - ok
21:25:49.0790 4076 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:25:49.0791 4076 usbuhci - ok
21:25:49.0816 4076 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
21:25:49.0817 4076 USB_RNDIS - ok
21:25:49.0845 4076 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:25:49.0847 4076 UxSms - ok
21:25:49.0879 4076 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:25:49.0881 4076 VaultSvc - ok
21:25:49.0911 4076 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:25:49.0912 4076 vdrvroot - ok
21:25:49.0969 4076 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:25:49.0974 4076 vds - ok
21:25:50.0002 4076 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:50.0003 4076 vga - ok
21:25:50.0018 4076 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:25:50.0019 4076 VgaSave - ok
21:25:50.0034 4076 VGPU - ok
21:25:50.0073 4076 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:25:50.0075 4076 vhdmp - ok
21:25:50.0107 4076 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:25:50.0108 4076 viaagp - ok
21:25:50.0122 4076 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:25:50.0123 4076 ViaC7 - ok
21:25:50.0139 4076 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:25:50.0141 4076 viaide - ok
21:25:50.0164 4076 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:25:50.0165 4076 vmbus - ok
21:25:50.0170 4076 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:25:50.0171 4076 VMBusHID - ok
21:25:50.0193 4076 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:25:50.0194 4076 volmgr - ok
21:25:50.0226 4076 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:25:50.0228 4076 volmgrx - ok
21:25:50.0254 4076 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:25:50.0256 4076 volsnap - ok
21:25:50.0299 4076 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:25:50.0300 4076 vsmraid - ok
21:25:50.0391 4076 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:25:50.0400 4076 VSS - ok
21:25:50.0450 4076 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
21:25:50.0453 4076 VSTHWBS2 - ok
21:25:50.0525 4076 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:25:50.0532 4076 VST_DPV - ok
21:25:50.0672 4076 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
21:25:50.0678 4076 vToolbarUpdater11.1.0 - ok
21:25:50.0847 4076 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:25:50.0848 4076 vwifibus - ok
21:25:50.0878 4076 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:25:50.0879 4076 vwififlt - ok
21:25:50.0918 4076 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:25:50.0922 4076 W32Time - ok
21:25:50.0941 4076 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:25:50.0942 4076 WacomPen - ok
21:25:50.0982 4076 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:50.0983 4076 WANARP - ok
21:25:50.0986 4076 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:50.0988 4076 Wanarpv6 - ok
21:25:51.0112 4076 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:25:51.0128 4076 WatAdminSvc - ok
21:25:51.0231 4076 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:25:51.0241 4076 wbengine - ok
21:25:51.0283 4076 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:25:51.0286 4076 WbioSrvc - ok
21:25:51.0325 4076 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:25:51.0329 4076 wcncsvc - ok
21:25:51.0347 4076 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:25:51.0350 4076 WcsPlugInService - ok
21:25:51.0390 4076 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:25:51.0391 4076 Wd - ok
21:25:51.0436 4076 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:25:51.0440 4076 Wdf01000 - ok
21:25:51.0458 4076 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:25:51.0460 4076 WdiServiceHost - ok
21:25:51.0464 4076 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:25:51.0467 4076 WdiSystemHost - ok
21:25:51.0506 4076 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:25:51.0509 4076 WebClient - ok
21:25:51.0527 4076 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:25:51.0530 4076 Wecsvc - ok
21:25:51.0547 4076 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:25:51.0550 4076 wercplsupport - ok
21:25:51.0584 4076 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:25:51.0587 4076 WerSvc - ok
21:25:51.0628 4076 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:51.0629 4076 WfpLwf - ok
21:25:51.0637 4076 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:25:51.0638 4076 WIMMount - ok
21:25:51.0705 4076 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:25:51.0709 4076 winachsf - ok
21:25:51.0823 4076 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:25:51.0828 4076 WinDefend - ok
21:25:51.0834 4076 WinHttpAutoProxySvc - ok
21:25:52.0018 4076 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:25:52.0020 4076 Winmgmt - ok
21:25:52.0122 4076 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:25:52.0132 4076 WinRM - ok
21:25:52.0203 4076 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:52.0204 4076 WinUsb - ok
21:25:52.0286 4076 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:25:52.0293 4076 Wlansvc - ok
21:25:52.0325 4076 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:25:52.0325 4076 WmiAcpi - ok
21:25:52.0378 4076 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:25:52.0380 4076 wmiApSrv - ok
21:25:52.0517 4076 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:25:52.0525 4076 WMPNetworkSvc - ok
21:25:52.0550 4076 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:25:52.0553 4076 WPCSvc - ok
21:25:52.0588 4076 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:25:52.0591 4076 WPDBusEnum - ok
21:25:52.0648 4076 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:25:52.0649 4076 ws2ifsl - ok
21:25:52.0670 4076 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
21:25:52.0673 4076 wscsvc - ok
21:25:52.0678 4076 WSearch - ok
21:25:52.0825 4076 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
21:25:52.0839 4076 wuauserv - ok
21:25:52.0990 4076 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:25:52.0991 4076 WudfPf - ok
21:25:53.0036 4076 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:53.0038 4076 WUDFRd - ok
21:25:53.0076 4076 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:25:53.0079 4076 wudfsvc - ok
21:25:53.0120 4076 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:25:53.0123 4076 WwanSvc - ok
21:25:53.0171 4076 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:25:53.0578 4076 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:25:53.0578 4076 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:25:53.0619 4076 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
21:25:54.0885 4076 \Device\Harddisk4\DR4 - ok
21:25:54.0897 4076 Boot (0x1200) (34ce6db5c1b6b9ded4c9038d6b68a33c) \Device\Harddisk0\DR0\Partition0
21:25:54.0899 4076 \Device\Harddisk0\DR0\Partition0 - ok
21:25:54.0928 4076 Boot (0x1200) (08721546857fdf938fcb7e36b4171af8) \Device\Harddisk0\DR0\Partition1
21:25:54.0929 4076 \Device\Harddisk0\DR0\Partition1 - ok
21:25:54.0942 4076 Boot (0x1200) (7f5c6a791be51759f3e6ef44a0b9db93) \Device\Harddisk4\DR4\Partition0
21:25:54.0949 4076 \Device\Harddisk4\DR4\Partition0 - ok
21:25:54.0949 4076 ============================================================
21:25:54.0949 4076 Scan finished
21:25:54.0949 4076 ============================================================
21:25:54.0961 4812 Detected object count: 1
21:25:54.0961 4812 Actual detected object count: 1
23:02:01.0369 4812 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:02:01.0379 4812 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
23:02:01.0381 4812 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
23:02:01.0383 4812 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
23:02:01.0388 4812 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
23:02:01.0389 4812 \Device\Harddisk0\DR0\TDLFS - deleted
23:02:01.0389 4812 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete






Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 21
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader X (10.1.0)
Mozilla Firefox (13.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````






Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
L :: L [administrator]

6/5/2012 11:05:09 PM
mbam-log-2012-06-05 (23-05-09).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273043
Time elapsed: 34 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 06 June 2012 - 02:24 PM

How is your computer running now? Please do this next:

Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 lightblue13

lightblue13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 06 June 2012 - 05:15 PM

AVG is no longer detecting Trojan Horse Patched.

ESET log:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1dd965bf0c78c548ac7c609e8af35ec3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-06 09:29:47
# local_time=2012-06-06 05:29:47 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 192082041 192082041 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 90560328 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=87784
# found=1
# cleaned=0
# scan_time=2650
C:\TDSSKiller_Quarantine\05.06.2012_21.25.26\tdlfs0000\tsk0004.dta a variant of Win32/Olmarik.ADZ trojan (unable to clean) 00000000000000000000000000000000 I

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 06 June 2012 - 07:17 PM

Your logs are looking good! That ESET detection is already in quarantine. All I have left for you is a software update and some very important cleanup:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Go to Adobe's website and download the latest version of Flash Player

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
  • TDSSKiller
  • Security Check
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 lightblue13

lightblue13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 07 June 2012 - 07:42 AM

Everything is resolved. Thank you very much for your help.

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 07 June 2012 - 11:49 AM

You're welcome, lightblue13. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 AM

Posted 08 June 2012 - 10:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users