Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access


  • This topic is locked This topic is locked
22 replies to this topic

#1 Scorpilian

Scorpilian

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 22 June 2012 - 01:11 AM

Hi my name is Mike and I recently scanned my computer with mbam and found: Trojan.small, Trojan.Sirefef, Rootkit.0Access. I quickly deleted them after the scan, restarted and found my desktop icons moved around and my color scheme changed. I have not had any serious issues yet and would like to prevent any ASAP. My antivirus also popped up while I was scanning with mbam informing me of an infection. I have used p2p (utorrent) and this is likely the cause of it. The last time I used utorrent was about Tuesday so this is likely when it started. I have read the pinned post on p2p and how it can infect my computer and I have taken this into consideration. I have also noticed that while scanning with mbam in Safe Mode it does not find anything, but when in regular mode it does.

I have used TDSSKILLER, ccleaner, mbam so far...nothing. Mbam seems to find some files created by something else, which on deletion and restart, reappear.
At one point my buddy told me to download Microsoft Security Essentials. I did and ran a scan. The infection didn't like that and proceeded to bring up, "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now", then kept restarting. I tried many ways to figure out what was happening but then just decided to uninstall Microsoft Essentials and it stopped.

I followed steps 6-9 in the guide, attached my logs hope that helps.

I have Windows 7 Ultimate 32bit. Any help would be much appreciated.

Thank you
------Logs------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Mike at 22:06:31 on 2012-06-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.956 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\iRacing\iRacingService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [PlayNC Launcher]
mRun: [NVRaidService] c:\program files\nvidia corporation\raid\nvraidservice.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [Launch LCore] c:\program files\logitech gaming software\LCore.exe /minimized
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2CE5527C-827E-4067-8084-FD209C729B45} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6B95FE00-A29D-4F6D-A4CB-708DD8C86FC7} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9700658C-4014-433E-868E-377F418573C7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF8F6323-C658-48DB-83E3-C86265EB7B01} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF8F6323-C658-48DB-83E3-C86265EB7B01}\3536F6270796F6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF8F6323-C658-48DB-83E3-C86265EB7B01}\636363 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF8F6323-C658-48DB-83E3-C86265EB7B01}\E45445745414254313 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\6xblssoa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\1.118.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\1.122.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-3-28 21728]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-11 242240]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-11-20 21992]
R2 iRacingService;iRacing helper service;c:\program files\iracing\iRacingService.exe [2012-2-26 473768]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-1 2253120]
R2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-3-28 272864]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-4-19 1092160]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]
S3 netr73;Belkin Wireless 54G USB Network Driver;c:\windows\system32\drivers\netr73.sys [2011-10-31 552960]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-1 1343400]
SUnknown NisSrv;NisSrv; [x]
.
=============== Created Last 30 ================
.
2012-06-22 01:23:12 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{beeb370a-16d8-481b-afd5-24bbffe78cac}\MpKsla34485e9.sys
2012-06-22 00:25:55 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{beeb370a-16d8-481b-afd5-24bbffe78cac}\offreg.dll
2012-06-22 00:22:37 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ce31bdce-926d-4256-99ee-840ae7ef3aa3}\gapaengine.dll
2012-06-22 00:22:32 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{beeb370a-16d8-481b-afd5-24bbffe78cac}\mpengine.dll
2012-06-22 00:20:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-21 21:23:45 -------- d-----w- c:\program files\ESET
2012-06-21 21:09:07 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 21:08:50 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 21:08:08 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 21:08:08 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:11:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-19 00:21:53 -------- d-----w- c:\program files\Emotorsports
2012-06-18 10:22:21 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-18 10:22:21 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-18 07:49:59 3235920 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2012-06-18 03:46:56 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-18 02:35:57 -------- d-----w- c:\users\mike\appdata\roaming\YourFileDownloader
2012-06-18 00:46:03 -------- d-----w- c:\users\mike\appdata\local\{C16ED0A3-50E6-4BB9-924C-F3A7E231C13F}
2012-06-18 00:45:51 -------- d-----w- c:\users\mike\appdata\local\{D26B8AEA-2B07-4A8E-A32F-2D44E468A44B}
2012-06-18 00:45:51 -------- d-----w- c:\users\mike\appdata\local\{0B227C10-3230-4F23-8962-1922BB61729E}
2012-06-17 22:41:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-15 01:09:13 -------- d-----w- c:\users\mike\appdata\local\Macromedia
2012-06-14 06:42:55 -------- d-----w- c:\users\mike\appdata\roaming\25Assist
2012-06-13 19:27:51 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 19:27:51 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 19:27:49 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 19:27:48 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:27:46 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 19:27:46 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 19:27:46 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 19:27:45 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 19:27:39 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 19:27:39 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 19:27:39 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 18:49:25 -------- d-----w- c:\windows\SWAT 4
2012-06-11 18:49:25 -------- d-----w- c:\program files\SWAT 4
2012-06-11 18:42:50 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-11 18:42:36 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-06-11 01:00:43 -------- d-----w- C:\SIERRA
2012-06-11 01:00:43 -------- d-----w- c:\program files\Sierra On-Line
2012-06-11 01:00:31 304128 ----a-w- c:\windows\IsUninst.exe
2012-06-09 02:01:52 -------- d-----w- c:\program files\Origin Games
2012-06-08 08:37:41 -------- d-----w- c:\program files\MECC
2012-06-08 08:37:13 289280 ----a-w- c:\windows\uninst.exe
.
==================== Find3M ====================
.
2012-06-21 00:30:00 139136 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-21 00:29:52 233920 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-21 00:29:52 233920 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-21 00:27:00 233920 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-17 22:38:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 22:38:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 04:53:30 138056 ----a-w- c:\users\mike\appdata\roaming\PnkBstrK.sys
2012-06-01 01:08:16 87696 ----a-w- c:\windows\system32\RtkCoInstII.dll
2012-05-29 23:34:44 637584 ----a-w- c:\windows\system32\RtkApoApi.dll
2012-05-26 01:06:00 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-05-22 22:40:48 5096448 ----a-w- c:\windows\system32\RCoRes.dat
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-17 18:29:22 7161696 ----a-w- c:\windows\system32\R4EEP32A.dll
2012-05-17 18:29:22 61792 ----a-w- c:\windows\system32\R4EEG32A.dll
2012-05-17 18:29:22 105824 ----a-w- c:\windows\system32\R4EEL32A.dll
2012-05-17 18:29:20 91488 ----a-w- c:\windows\system32\R4EEA32A.dll
2012-05-17 18:29:20 351072 ----a-w- c:\windows\system32\R4EED32A.dll
2012-05-09 22:57:36 3166824 ----a-w- c:\windows\system32\RtkAPO.dll
2012-05-09 22:57:36 2415720 ----a-w- c:\windows\system32\RtkPgExt.dll
2012-05-01 07:57:08 119296 ----a-w- c:\windows\system32\zlib.dll
2012-04-10 21:40:00 2193472 ----a-w- c:\windows\system32\FMAPO.dll
2012-04-05 00:14:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 01:41:58 709976 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll
2012-04-04 01:41:54 1185112 ----a-w- c:\windows\system32\MaxxAudioRealtek2.dll
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 09:00:13 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
============= FINISH: 22:07:14.24 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 10/31/2011 9:12:25 PM
System Uptime: 6/21/2012 9:32:11 PM (1 hours ago)
.
Motherboard: EVGA | | 122-CK-NF68
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/50mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 62.168 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 2.217 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP131: 6/17/2012 8:46:43 PM - SPTD setup V1.81
RP133: 6/18/2012 1:00:01 AM - Installed 3D Sound Back Beta0.1
RP135: 6/18/2012 1:01:10 AM - Installed 3D Sound Back Beta0.1
RP136: 6/21/2012 2:07:07 PM - Windows Update
RP137: 6/21/2012 2:44:34 PM - Restore Operation
RP138: 6/21/2012 2:56:00 PM - Removed WinZip 16.0
RP139: 6/21/2012 5:21:59 PM - Windows Update
RP140: 6/21/2012 5:24:04 PM - Removed AVG 2012
RP141: 6/21/2012 5:26:31 PM - Removed AVG 2012
.
==== Installed Programs ======================
.
3D Sound Back Beta0.1
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Allods Online 3.0.00.63
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battlefield 3™
Battlefield: Bad Company 2
Battlelog Web Plugins
Belkin 54Mbps Wireless Network Adapter
Bonjour
BovadaPoker
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
CCleaner
ClubWPT
Counter-Strike: Source
CPUID CPU-Z 1.58
D3DX10
DAEMON Tools Lite
Day of Defeat: Source
Dead Space
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DiRT 2
DiRT 3
DivX Setup
ESET Online Scanner v3
ESN Sonar
F.E.A.R. 2: Project Origin
iRacing.com Race Simulation
iTunes
Java Auto Updater
Java™ 6 Update 31
Logitech Gaming Software
Logitech Gaming Software 5.10
Logitech Gaming Software 8.20
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.2
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NCsoft Launcher
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA MediaShield
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
OpenAL
Oregon Trail II
Origin
PokerStars.net
PunkBuster Services
Rapture3D 2.4.8 Game
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SoulSeek 157 NS 13e
Steam
SWAT 4
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
6/21/2012 9:32:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/21/2012 9:32:34 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/21/2012 9:32:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/21/2012 9:32:31 PM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147024894
6/21/2012 9:28:38 PM, Error: Microsoft Antimalware [1119] -
6/21/2012 6:50:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/21/2012 6:49:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 6:49:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/21/2012 6:49:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/21/2012 6:49:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/21/2012 6:49:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/21/2012 6:49:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2012 6:49:47 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 6:49:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/21/2012 6:49:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 6:49:25 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 6:49:12 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
6/21/2012 6:47:13 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
6/21/2012 5:46:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/21/2012 5:46:33 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/21/2012 5:46:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/21/2012 5:46:09 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/21/2012 5:46:09 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/21/2012 5:42:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 5:42:45 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
6/21/2012 5:42:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
6/21/2012 2:02:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
6/21/2012 10:03:23 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/21/2012 10:03:23 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/20/2012 11:54:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6/20/2012 11:49:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
6/20/2012 11:49:02 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2012 9:20:24 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
.
==== End Of File ===========================



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-21 23:00:22
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\00000060 WDC_WD32 rev.12.0
Running: gmer.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kxldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E893C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x88D93B2E]
.text USBPORT.SYS!DllUnload 92C30DB9 5 Bytes JMP 8668C1C8
? C:\Windows\System32\Drivers\a4bzcty3.SYS suspicious PE modification
? C:\Users\Mike\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Windows\system32\services.exe[516] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1812] ntdll.dll!LdrLoadDll 7718223E 5 Bytes JMP 58FAFA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1812] kernel32.dll!MapViewOfFile 758593DB 5 Bytes JMP 5925079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1812] kernel32.dll!VirtualAlloc 7585C43A 5 Bytes JMP 592507C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1812] GDI32.dll!CreateDIBSection 77298850 5 Bytes JMP 59250728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E611E8
Device \Driver\usbohci \Device\USBPDO-0 86680430
Device \Driver\usbehci \Device\USBPDO-1 86682430
Device \Driver\PCI_PNP2592 \Device\00000052 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_PNP2592 \Device\00000052 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\nvstor32 \Device\00000060 84E5F1E8
Device \Driver\dtsoftbus01 \Device\00000063 863091E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\dtsoftbus01 \Device\00000064 863091E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{3323348F-A4FD-4763-A945-4A85EC8A2A48} 864751E8
Device \Driver\cdrom \Device\CdRom0 863A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E5D1E8
Device \Driver\atapi \Device\Ide\IdePort0 84E5D1E8
Device \Driver\atapi \Device\Ide\IdePort1 84E5D1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 84E5D1E8
Device \Driver\cdrom \Device\CdRom1 863A21E8
Device \Driver\cdrom \Device\CdRom2 863A21E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{322E5113-26C3-4478-B9AB-D4F05EE6DC9B} 864751E8
Device \Driver\cdrom \Device\CdRom3 863A21E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 864751E8
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 863091E8
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8F6323-C658-48DB-83E3-C86265EB7B01} 864751E8
Device \Driver\nvstor32 \Device\RaidPort0 84E5F1E8
Device \Driver\nvstor32 \Device\RaidPort1 84E5F1E8
Device \Driver\nvstor32 \Device\RaidPort2 84E5F1E8
Device \Driver\usbohci \Device\USBFDO-0 86680430
Device \Driver\usbehci \Device\USBFDO-1 86682430
Device \Driver\a4bzcty3 \Device\Scsi\a4bzcty31 867291E8
Device \Driver\a4bzcty3 \Device\Scsi\a4bzcty31Port5Path0Target0Lun0 867291E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xDE 0x2B 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0xAD 0x44 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x7B 0x0D 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xDE 0x2B 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0xAD 0x44 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x7B 0x0D 0x51 ...

---- EOF - GMER 1.0.15 ----





-Mike

Edited by Scorpilian, 22 June 2012 - 02:43 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 22 June 2012 - 01:56 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Scorpilian

Scorpilian
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 22 June 2012 - 02:57 AM

I removed the attachments in my first post and posted the 3 logs

Here is the security check

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.257
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Edited by Scorpilian, 22 June 2012 - 02:58 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 22 June 2012 - 03:13 AM

please run combofix and send me the report when complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Scorpilian

Scorpilian
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 22 June 2012 - 03:27 AM

Combofix Log


ComboFix 12-06-21.03 - Mike 06/22/2012 1:10.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1128 [GMT -7:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mike\AppData\Local\._Revolution_
c:\users\Mike\AppData\Local\assembly\tmp
c:\windows\Installer\{6cad9ca2-01df-3bdf-a544-a57351eb1c14}\@
c:\windows\Installer\{6cad9ca2-01df-3bdf-a544-a57351eb1c14}\U\00000001.@
c:\windows\Installer\{6cad9ca2-01df-3bdf-a544-a57351eb1c14}\U\80000000.@
c:\windows\Installer\{6cad9ca2-01df-3bdf-a544-a57351eb1c14}\U\800000cb.@
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!winsxs!x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b!services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 08:20 . 2012-06-22 08:22 -------- d-----w- c:\users\Mike\AppData\Local\temp
2012-06-22 08:20 . 2012-06-22 08:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-22 08:20 . 2012-06-22 08:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 01:23 . 2012-06-22 01:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEEB370A-16D8-481B-AFD5-24BBFFE78CAC}\MpKsla34485e9.sys
2012-06-22 00:25 . 2012-06-22 04:27 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEEB370A-16D8-481B-AFD5-24BBFFE78CAC}\offreg.dll
2012-06-22 00:22 . 2012-06-22 00:22 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE31BDCE-926D-4256-99EE-840AE7EF3AA3}\gapaengine.dll
2012-06-22 00:22 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEEB370A-16D8-481B-AFD5-24BBFFE78CAC}\mpengine.dll
2012-06-22 00:20 . 2012-06-22 04:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-21 21:23 . 2012-06-21 21:23 -------- d-----w- c:\program files\ESET
2012-06-21 21:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 21:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 21:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 21:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 21:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 21:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 21:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 21:08 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 21:08 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 06:11 . 2012-06-21 23:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-19 00:21 . 2012-06-19 00:21 -------- d-----w- c:\program files\Emotorsports
2012-06-18 10:22 . 2012-06-18 10:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-18 10:22 . 2012-06-18 10:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-18 07:49 . 2012-06-01 00:24 3235920 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2012-06-18 03:46 . 2012-06-18 03:46 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-18 02:35 . 2012-06-18 02:35 -------- d-----w- c:\users\Mike\AppData\Roaming\YourFileDownloader
2012-06-17 22:41 . 2012-06-17 22:41 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-15 01:09 . 2012-06-15 01:09 -------- d-----w- c:\users\Mike\AppData\Local\Macromedia
2012-06-14 06:42 . 2012-06-21 02:10 -------- d-----w- c:\users\Mike\AppData\Roaming\25Assist
2012-06-13 19:27 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 19:27 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 19:27 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 19:27 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:27 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 19:27 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 19:27 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 19:27 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 19:27 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 19:27 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 19:27 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 18:49 . 2012-06-11 19:27 -------- d-----w- c:\program files\SWAT 4
2012-06-11 18:49 . 2012-06-11 18:49 -------- d-----w- c:\windows\SWAT 4
2012-06-11 18:42 . 2012-06-11 18:42 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-11 18:42 . 2012-06-11 18:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-06-11 01:00 . 2012-06-11 01:01 -------- d-----w- c:\program files\Sierra On-Line
2012-06-11 01:00 . 2012-06-11 01:00 -------- d-----w- C:\SIERRA
2012-06-11 01:00 . 1998-01-23 19:22 304128 ----a-w- c:\windows\IsUninst.exe
2012-06-09 02:01 . 2012-06-09 02:03 -------- d-----w- c:\program files\Origin Games
2012-06-08 08:37 . 2012-06-08 08:37 -------- d-----w- c:\program files\MECC
2012-06-08 08:37 . 1997-06-12 13:03 289280 ----a-w- c:\windows\uninst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 00:30 . 2011-11-21 00:28 139136 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-21 00:29 . 2011-11-21 01:20 233920 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-21 00:29 . 2011-11-21 00:28 233920 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-21 00:27 . 2011-11-21 00:28 233920 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-17 22:38 . 2012-03-30 00:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 22:38 . 2011-11-17 17:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 04:53 . 2011-11-21 00:28 138056 ----a-w- c:\users\Mike\AppData\Roaming\PnkBstrK.sys
2012-05-26 01:06 . 2011-11-01 19:13 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-05-01 07:57 . 2012-03-30 00:36 119296 ----a-w- c:\windows\system32\zlib.dll
2012-04-10 00:25 . 2012-04-10 00:25 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-05 00:14 . 2011-11-01 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2011-12-28 01:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39 . 2012-05-11 20:14 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 20:14 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 20:14 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 09:00 . 2011-11-21 00:28 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-06-18 10:22 . 2011-11-01 18:10 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-11-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 153672]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 4375320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-28 10988176]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-3-28 4559840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 257224]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 netr73;Belkin Wireless 54G USB Network Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-11-01 552960]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-01 1343400]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 21728]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-11 242240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 iRacingService;iRacing helper service;c:\program files\iRacing\iRacingService.exe [2012-02-16 473768]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2011-04-19 1092160]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\6xblssoa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKCU-Run-PlayNC Launcher - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-22 01:26:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 08:26
.
Pre-Run: 66,232,696,832 bytes free
Post-Run: 66,016,133,120 bytes free
.
- - End Of File - - 1D5FB075477C78BAB84673F54C9506F2

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 22 June 2012 - 07:30 AM

Greetings Scorpilian

Please let me know how the computer is doing now

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Scorpilian

Scorpilian
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 22 June 2012 - 02:53 PM

here is TDSSKILLER...my computer has been fine so far. It never had any significant problems in the first place except when I downloaded Microsoft Essentials which agitated the infection and turned everything to bleep.


12:50:24.0812 4260 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
12:50:25.0312 4260 ============================================================
12:50:25.0312 4260 Current date / time: 2012/06/22 12:50:25.0312
12:50:25.0312 4260 SystemInfo:
12:50:25.0312 4260
12:50:25.0312 4260 OS Version: 6.1.7601 ServicePack: 1.0
12:50:25.0312 4260 Product type: Workstation
12:50:25.0312 4260 ComputerName: MIKE-PC
12:50:25.0312 4260 UserName: Mike
12:50:25.0312 4260 Windows directory: C:\Windows
12:50:25.0312 4260 System windows directory: C:\Windows
12:50:25.0312 4260 Processor architecture: Intel x86
12:50:25.0312 4260 Number of processors: 2
12:50:25.0312 4260 Page size: 0x1000
12:50:25.0312 4260 Boot type: Normal boot
12:50:25.0312 4260 ============================================================
12:50:27.0152 4260 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:50:27.0162 4260 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:50:27.0172 4260 ============================================================
12:50:27.0172 4260 \Device\Harddisk0\DR0:
12:50:27.0172 4260 MBR partitions:
12:50:27.0172 4260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
12:50:27.0172 4260 \Device\Harddisk1\DR1:
12:50:27.0172 4260 MBR partitions:
12:50:27.0172 4260 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
12:50:27.0172 4260 ============================================================
12:50:27.0202 4260 C: <-> \Device\Harddisk1\DR1\Partition0
12:50:27.0212 4260 D: <-> \Device\Harddisk0\DR0\Partition0
12:50:27.0212 4260 ============================================================
12:50:27.0212 4260 Initialize success
12:50:27.0212 4260 ============================================================
12:50:29.0982 2172 ============================================================
12:50:29.0982 2172 Scan started
12:50:29.0982 2172 Mode: Manual;
12:50:29.0982 2172 ============================================================
12:50:31.0333 2172 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:50:31.0333 2172 1394ohci - ok
12:50:31.0383 2172 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:50:31.0383 2172 ACPI - ok
12:50:31.0423 2172 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:50:31.0423 2172 AcpiPmi - ok
12:50:31.0453 2172 Scan interrupted by user!
12:50:31.0453 2172 Scan interrupted by user!
12:50:31.0453 2172 Scan interrupted by user!
12:50:31.0453 2172 ============================================================
12:50:31.0453 2172 Scan finished
12:50:31.0453 2172 ============================================================
12:50:31.0463 0808 Detected object count: 0
12:50:31.0463 0808 Actual detected object count: 0
12:50:34.0823 0668 ============================================================
12:50:34.0823 0668 Scan started
12:50:34.0823 0668 Mode: Manual; TDLFS;
12:50:34.0823 0668 ============================================================
12:50:35.0043 0668 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:50:35.0043 0668 1394ohci - ok
12:50:35.0053 0668 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:50:35.0053 0668 ACPI - ok
12:50:35.0053 0668 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:50:35.0053 0668 AcpiPmi - ok
12:50:35.0123 0668 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:50:35.0123 0668 AdobeARMservice - ok
12:50:35.0233 0668 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:50:35.0233 0668 AdobeFlashPlayerUpdateSvc - ok
12:50:35.0293 0668 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
12:50:35.0293 0668 adp94xx - ok
12:50:35.0313 0668 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
12:50:35.0323 0668 adpahci - ok
12:50:35.0343 0668 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
12:50:35.0343 0668 adpu320 - ok
12:50:35.0383 0668 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:50:35.0383 0668 AeLookupSvc - ok
12:50:35.0453 0668 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:50:35.0453 0668 AFD - ok
12:50:35.0463 0668 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:50:35.0473 0668 agp440 - ok
12:50:35.0483 0668 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
12:50:35.0483 0668 aic78xx - ok
12:50:35.0523 0668 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:50:35.0523 0668 ALG - ok
12:50:35.0543 0668 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:50:35.0543 0668 aliide - ok
12:50:35.0553 0668 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:50:35.0553 0668 amdagp - ok
12:50:35.0563 0668 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:50:35.0563 0668 amdide - ok
12:50:35.0583 0668 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
12:50:35.0583 0668 AmdK8 - ok
12:50:35.0613 0668 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
12:50:35.0613 0668 AmdPPM - ok
12:50:35.0663 0668 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:50:35.0663 0668 amdsata - ok
12:50:35.0703 0668 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
12:50:35.0713 0668 amdsbs - ok
12:50:35.0723 0668 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:50:35.0723 0668 amdxata - ok
12:50:35.0753 0668 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:50:35.0753 0668 AppID - ok
12:50:35.0773 0668 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:50:35.0773 0668 AppIDSvc - ok
12:50:35.0793 0668 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:50:35.0793 0668 Appinfo - ok
12:50:35.0883 0668 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:50:35.0883 0668 Apple Mobile Device - ok
12:50:35.0933 0668 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:50:35.0933 0668 AppMgmt - ok
12:50:35.0953 0668 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
12:50:35.0963 0668 arc - ok
12:50:35.0983 0668 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
12:50:35.0983 0668 arcsas - ok
12:50:36.0023 0668 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:50:36.0023 0668 AsyncMac - ok
12:50:36.0033 0668 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:50:36.0033 0668 atapi - ok
12:50:36.0103 0668 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:50:36.0103 0668 AudioEndpointBuilder - ok
12:50:36.0113 0668 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:50:36.0123 0668 Audiosrv - ok
12:50:36.0153 0668 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:50:36.0153 0668 AxInstSV - ok
12:50:36.0183 0668 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
12:50:36.0193 0668 b06bdrv - ok
12:50:36.0233 0668 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:50:36.0233 0668 b57nd60x - ok
12:50:36.0343 0668 BCMH43XX (e0e8890117e701ea6d787c1d0624d6b7) C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
12:50:36.0353 0668 BCMH43XX - ok
12:50:36.0363 0668 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:50:36.0363 0668 BDESVC - ok
12:50:36.0403 0668 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:50:36.0403 0668 Beep - ok
12:50:36.0463 0668 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:50:36.0483 0668 BFE - ok
12:50:36.0543 0668 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
12:50:36.0553 0668 BITS - ok
12:50:36.0563 0668 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:50:36.0563 0668 blbdrive - ok
12:50:36.0703 0668 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:50:36.0703 0668 Bonjour Service - ok
12:50:36.0723 0668 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:50:36.0723 0668 bowser - ok
12:50:36.0733 0668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
12:50:36.0733 0668 BrFiltLo - ok
12:50:36.0753 0668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
12:50:36.0753 0668 BrFiltUp - ok
12:50:36.0783 0668 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:50:36.0783 0668 BridgeMP - ok
12:50:36.0803 0668 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:50:36.0803 0668 Browser - ok
12:50:36.0853 0668 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:50:36.0853 0668 Brserid - ok
12:50:36.0873 0668 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:50:36.0873 0668 BrSerWdm - ok
12:50:36.0873 0668 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:50:36.0873 0668 BrUsbMdm - ok
12:50:36.0883 0668 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:50:36.0883 0668 BrUsbSer - ok
12:50:36.0893 0668 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
12:50:36.0903 0668 BTHMODEM - ok
12:50:36.0943 0668 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:50:36.0943 0668 bthserv - ok
12:50:37.0043 0668 catchme - ok
12:50:37.0073 0668 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:50:37.0073 0668 cdfs - ok
12:50:37.0123 0668 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:50:37.0123 0668 cdrom - ok
12:50:37.0153 0668 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:50:37.0163 0668 CertPropSvc - ok
12:50:37.0173 0668 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
12:50:37.0173 0668 circlass - ok
12:50:37.0203 0668 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:50:37.0203 0668 CLFS - ok
12:50:37.0293 0668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:37.0293 0668 clr_optimization_v2.0.50727_32 - ok
12:50:37.0373 0668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:50:37.0373 0668 clr_optimization_v4.0.30319_32 - ok
12:50:37.0383 0668 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
12:50:37.0383 0668 CmBatt - ok
12:50:37.0393 0668 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:50:37.0393 0668 cmdide - ok
12:50:37.0433 0668 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:50:37.0443 0668 CNG - ok
12:50:37.0453 0668 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
12:50:37.0453 0668 Compbatt - ok
12:50:37.0493 0668 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:50:37.0493 0668 CompositeBus - ok
12:50:37.0503 0668 COMSysApp - ok
12:50:37.0543 0668 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
12:50:37.0553 0668 cpuz135 - ok
12:50:37.0563 0668 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
12:50:37.0563 0668 crcdisk - ok
12:50:37.0623 0668 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
12:50:37.0623 0668 CryptSvc - ok
12:50:37.0673 0668 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:50:37.0673 0668 CSC - ok
12:50:37.0743 0668 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:50:37.0743 0668 CscService - ok
12:50:37.0803 0668 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:50:37.0803 0668 DcomLaunch - ok
12:50:37.0853 0668 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:50:37.0853 0668 defragsvc - ok
12:50:37.0893 0668 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:50:37.0893 0668 DfsC - ok
12:50:37.0943 0668 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:50:37.0953 0668 Dhcp - ok
12:50:37.0963 0668 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:50:37.0963 0668 discache - ok
12:50:37.0993 0668 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
12:50:37.0993 0668 Disk - ok
12:50:38.0023 0668 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
12:50:38.0023 0668 dmvsc - ok
12:50:38.0053 0668 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:50:38.0053 0668 Dnscache - ok
12:50:38.0103 0668 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:50:38.0103 0668 dot3svc - ok
12:50:38.0143 0668 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:50:38.0143 0668 DPS - ok
12:50:38.0193 0668 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:50:38.0193 0668 drmkaud - ok
12:50:38.0253 0668 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:50:38.0253 0668 dtsoftbus01 - ok
12:50:38.0323 0668 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:50:38.0333 0668 DXGKrnl - ok
12:50:38.0373 0668 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:50:38.0373 0668 EapHost - ok
12:50:38.0553 0668 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
12:50:38.0603 0668 ebdrv - ok
12:50:38.0733 0668 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:50:38.0733 0668 EFS - ok
12:50:38.0813 0668 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:50:38.0813 0668 ehRecvr - ok
12:50:38.0833 0668 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:50:38.0833 0668 ehSched - ok
12:50:38.0883 0668 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
12:50:38.0883 0668 elxstor - ok
12:50:38.0903 0668 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:50:38.0903 0668 ErrDev - ok
12:50:38.0953 0668 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:50:38.0953 0668 EventSystem - ok
12:50:38.0973 0668 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:50:38.0983 0668 exfat - ok
12:50:39.0013 0668 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:50:39.0013 0668 fastfat - ok
12:50:39.0073 0668 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:50:39.0083 0668 Fax - ok
12:50:39.0093 0668 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:50:39.0093 0668 fdc - ok
12:50:39.0113 0668 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:50:39.0113 0668 fdPHost - ok
12:50:39.0123 0668 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:50:39.0123 0668 FDResPub - ok
12:50:39.0133 0668 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:50:39.0133 0668 FileInfo - ok
12:50:39.0143 0668 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:50:39.0143 0668 Filetrace - ok
12:50:39.0153 0668 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
12:50:39.0153 0668 flpydisk - ok
12:50:39.0193 0668 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:50:39.0193 0668 FltMgr - ok
12:50:39.0263 0668 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:50:39.0263 0668 FontCache - ok
12:50:39.0333 0668 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:50:39.0343 0668 FontCache3.0.0.0 - ok
12:50:39.0423 0668 ForceWare Intelligent Application Manager (IAM) (c96c52d0d80666af585516ffa97b7c00) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:50:39.0423 0668 ForceWare Intelligent Application Manager (IAM) - ok
12:50:39.0523 0668 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:50:39.0523 0668 FsDepends - ok
12:50:39.0543 0668 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:50:39.0543 0668 Fs_Rec - ok
12:50:39.0583 0668 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:50:39.0583 0668 fvevol - ok
12:50:39.0623 0668 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
12:50:39.0623 0668 gagp30kx - ok
12:50:39.0663 0668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:50:39.0663 0668 GEARAspiWDM - ok
12:50:39.0723 0668 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:50:39.0733 0668 gpsvc - ok
12:50:39.0743 0668 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:50:39.0743 0668 hcw85cir - ok
12:50:39.0783 0668 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:50:39.0793 0668 HdAudAddService - ok
12:50:39.0803 0668 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:50:39.0803 0668 HDAudBus - ok
12:50:39.0813 0668 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
12:50:39.0823 0668 HidBatt - ok
12:50:39.0833 0668 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
12:50:39.0843 0668 HidBth - ok
12:50:39.0873 0668 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
12:50:39.0873 0668 HidIr - ok
12:50:39.0893 0668 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:50:39.0893 0668 hidserv - ok
12:50:39.0933 0668 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:50:39.0933 0668 HidUsb - ok
12:50:39.0963 0668 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:50:39.0973 0668 hkmsvc - ok
12:50:39.0993 0668 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:50:39.0993 0668 HomeGroupListener - ok
12:50:40.0033 0668 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:50:40.0043 0668 HomeGroupProvider - ok
12:50:40.0073 0668 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:50:40.0073 0668 HpSAMD - ok
12:50:40.0113 0668 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:50:40.0113 0668 HTTP - ok
12:50:40.0173 0668 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:50:40.0173 0668 hwpolicy - ok
12:50:40.0213 0668 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:50:40.0213 0668 i8042prt - ok
12:50:40.0273 0668 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:50:40.0273 0668 iaStorV - ok
12:50:40.0393 0668 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:50:40.0403 0668 idsvc - ok
12:50:40.0493 0668 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
12:50:40.0503 0668 iirsp - ok
12:50:40.0563 0668 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:50:40.0573 0668 IKEEXT - ok
12:50:40.0803 0668 IntcAzAudAddService (2d6e527b8be62fb0223da0c2d9c75b45) C:\Windows\system32\drivers\RTKVHDA.sys
12:50:40.0853 0668 IntcAzAudAddService - ok
12:50:40.0963 0668 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:50:40.0963 0668 intelide - ok
12:50:41.0003 0668 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:50:41.0003 0668 intelppm - ok
12:50:41.0023 0668 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:50:41.0023 0668 IPBusEnum - ok
12:50:41.0033 0668 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:50:41.0033 0668 IpFilterDriver - ok
12:50:41.0073 0668 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:50:41.0083 0668 iphlpsvc - ok
12:50:41.0103 0668 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:50:41.0103 0668 IPMIDRV - ok
12:50:41.0123 0668 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:50:41.0123 0668 IPNAT - ok
12:50:41.0213 0668 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
12:50:41.0233 0668 iPod Service - ok
12:50:41.0323 0668 iRacingService (1be2b7b28fa60c48dd1e98f59741b990) C:\Program Files\iRacing\iRacingService.exe
12:50:41.0323 0668 iRacingService - ok
12:50:41.0393 0668 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:50:41.0393 0668 IRENUM - ok
12:50:41.0403 0668 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:50:41.0403 0668 isapnp - ok
12:50:41.0433 0668 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:50:41.0433 0668 iScsiPrt - ok
12:50:41.0483 0668 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:50:41.0483 0668 kbdclass - ok
12:50:41.0513 0668 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
12:50:41.0513 0668 kbdhid - ok
12:50:41.0533 0668 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:50:41.0533 0668 KeyIso - ok
12:50:41.0543 0668 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:50:41.0543 0668 KSecDD - ok
12:50:41.0563 0668 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:50:41.0563 0668 KSecPkg - ok
12:50:41.0613 0668 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:50:41.0623 0668 KtmRm - ok
12:50:41.0663 0668 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:50:41.0663 0668 LanmanServer - ok
12:50:41.0713 0668 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:50:41.0713 0668 LanmanWorkstation - ok
12:50:41.0763 0668 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
12:50:41.0763 0668 LGBusEnum - ok
12:50:41.0793 0668 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
12:50:41.0793 0668 LGVirHid - ok
12:50:41.0833 0668 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:50:41.0833 0668 lltdio - ok
12:50:41.0873 0668 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:50:41.0883 0668 lltdsvc - ok
12:50:41.0893 0668 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:50:41.0903 0668 lmhosts - ok
12:50:41.0933 0668 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
12:50:41.0943 0668 LSI_FC - ok
12:50:41.0973 0668 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
12:50:41.0973 0668 LSI_SAS - ok
12:50:41.0983 0668 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
12:50:41.0983 0668 LSI_SAS2 - ok
12:50:42.0003 0668 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
12:50:42.0003 0668 LSI_SCSI - ok
12:50:42.0013 0668 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:50:42.0023 0668 luafv - ok
12:50:42.0053 0668 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:50:42.0053 0668 Mcx2Svc - ok
12:50:42.0073 0668 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
12:50:42.0073 0668 megasas - ok
12:50:42.0093 0668 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
12:50:42.0093 0668 MegaSR - ok
12:50:42.0143 0668 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:50:42.0143 0668 MMCSS - ok
12:50:42.0163 0668 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:50:42.0163 0668 Modem - ok
12:50:42.0183 0668 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:50:42.0183 0668 monitor - ok
12:50:42.0203 0668 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:50:42.0203 0668 mouclass - ok
12:50:42.0233 0668 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:50:42.0233 0668 mouhid - ok
12:50:42.0253 0668 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:50:42.0253 0668 mountmgr - ok
12:50:42.0363 0668 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:50:42.0363 0668 MozillaMaintenance - ok
12:50:42.0413 0668 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:50:42.0423 0668 MpFilter - ok
12:50:42.0453 0668 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:50:42.0453 0668 mpio - ok
12:50:42.0473 0668 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:50:42.0473 0668 mpsdrv - ok
12:50:42.0543 0668 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:50:42.0553 0668 MpsSvc - ok
12:50:42.0573 0668 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:50:42.0573 0668 MRxDAV - ok
12:50:42.0613 0668 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:50:42.0623 0668 mrxsmb - ok
12:50:42.0633 0668 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:50:42.0633 0668 mrxsmb10 - ok
12:50:42.0653 0668 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:50:42.0653 0668 mrxsmb20 - ok
12:50:42.0663 0668 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:50:42.0663 0668 msahci - ok
12:50:42.0683 0668 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:50:42.0683 0668 msdsm - ok
12:50:42.0713 0668 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:50:42.0713 0668 MSDTC - ok
12:50:42.0753 0668 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:50:42.0753 0668 Msfs - ok
12:50:42.0763 0668 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:50:42.0763 0668 mshidkmdf - ok
12:50:42.0773 0668 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:50:42.0773 0668 msisadrv - ok
12:50:42.0823 0668 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:50:42.0823 0668 MSiSCSI - ok
12:50:42.0823 0668 msiserver - ok
12:50:42.0853 0668 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:50:42.0853 0668 MSKSSRV - ok
12:50:42.0973 0668 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:50:42.0973 0668 MsMpSvc - ok
12:50:42.0993 0668 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:50:43.0003 0668 MSPCLOCK - ok
12:50:43.0013 0668 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:50:43.0013 0668 MSPQM - ok
12:50:43.0033 0668 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:50:43.0043 0668 MsRPC - ok
12:50:43.0053 0668 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
12:50:43.0063 0668 mssmbios - ok
12:50:43.0063 0668 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:50:43.0063 0668 MSTEE - ok
12:50:43.0083 0668 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
12:50:43.0083 0668 MTConfig - ok
12:50:43.0093 0668 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:50:43.0093 0668 Mup - ok
12:50:43.0153 0668 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:50:43.0153 0668 napagent - ok
12:50:43.0213 0668 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:50:43.0213 0668 NativeWifiP - ok
12:50:43.0283 0668 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:50:43.0293 0668 NDIS - ok
12:50:43.0323 0668 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:50:43.0323 0668 NdisCap - ok
12:50:43.0363 0668 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:50:43.0363 0668 NdisTapi - ok
12:50:43.0403 0668 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:50:43.0403 0668 Ndisuio - ok
12:50:43.0413 0668 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:50:43.0413 0668 NdisWan - ok
12:50:43.0423 0668 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:50:43.0433 0668 NDProxy - ok
12:50:43.0463 0668 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:50:43.0473 0668 NetBIOS - ok
12:50:43.0493 0668 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:50:43.0493 0668 NetBT - ok
12:50:43.0503 0668 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:50:43.0513 0668 Netlogon - ok
12:50:43.0573 0668 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:50:43.0573 0668 Netman - ok
12:50:43.0603 0668 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:50:43.0603 0668 netprofm - ok
12:50:43.0653 0668 netr73 (d961bf5709d40e42e79eb22baa801b51) C:\Windows\system32\DRIVERS\netr73.sys
12:50:43.0663 0668 netr73 - ok
12:50:43.0733 0668 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:50:43.0733 0668 NetTcpPortSharing - ok
12:50:43.0773 0668 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
12:50:43.0773 0668 nfrd960 - ok
12:50:43.0823 0668 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:50:43.0823 0668 NisDrv - ok
12:50:43.0853 0668 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:50:43.0853 0668 NlaSvc - ok
12:50:43.0863 0668 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:50:43.0863 0668 Npfs - ok
12:50:43.0903 0668 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:50:43.0903 0668 nsi - ok
12:50:43.0913 0668 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:50:43.0913 0668 nsiproxy - ok
12:50:44.0033 0668 nSvcIp (b6c48d01147ec020de7f1856734127f8) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:50:44.0033 0668 nSvcIp - ok
12:50:44.0153 0668 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:50:44.0213 0668 Ntfs - ok
12:50:44.0334 0668 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:50:44.0334 0668 Null - ok
12:50:44.0394 0668 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
12:50:44.0394 0668 NVENETFD - ok
12:50:44.0984 0668 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:50:45.0144 0668 nvlddmkm - ok
12:50:45.0324 0668 NVNET (8196a84583185499f3e8c20ffdaf36d6) C:\Windows\system32\DRIVERS\nvmf6232.sys
12:50:45.0324 0668 NVNET - ok
12:50:45.0384 0668 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:50:45.0384 0668 nvraid - ok
12:50:45.0404 0668 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:50:45.0404 0668 nvstor - ok
12:50:45.0434 0668 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
12:50:45.0444 0668 nvstor32 - ok
12:50:45.0534 0668 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
12:50:45.0544 0668 nvsvc - ok
12:50:45.0724 0668 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:50:45.0764 0668 nvUpdatusService - ok
12:50:45.0864 0668 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:50:45.0864 0668 nv_agp - ok
12:50:45.0884 0668 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:50:45.0884 0668 ohci1394 - ok
12:50:45.0954 0668 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:50:45.0954 0668 ose - ok
12:50:46.0314 0668 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:50:46.0384 0668 osppsvc - ok
12:50:46.0464 0668 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:50:46.0484 0668 p2pimsvc - ok
12:50:46.0524 0668 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:50:46.0534 0668 p2psvc - ok
12:50:46.0584 0668 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
12:50:46.0584 0668 Parport - ok
12:50:46.0624 0668 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:50:46.0624 0668 partmgr - ok
12:50:46.0644 0668 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
12:50:46.0644 0668 Parvdm - ok
12:50:46.0664 0668 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:50:46.0664 0668 PcaSvc - ok
12:50:46.0684 0668 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:50:46.0694 0668 pci - ok
12:50:46.0704 0668 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:50:46.0704 0668 pciide - ok
12:50:46.0724 0668 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
12:50:46.0724 0668 pcmcia - ok
12:50:46.0734 0668 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:50:46.0734 0668 pcw - ok
12:50:46.0794 0668 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:50:46.0804 0668 PEAUTH - ok
12:50:46.0884 0668 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:50:46.0894 0668 PeerDistSvc - ok
12:50:47.0004 0668 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:50:47.0024 0668 pla - ok
12:50:47.0114 0668 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:50:47.0124 0668 PlugPlay - ok
12:50:47.0164 0668 PnkBstrA (205e1b699fd3f2f9b036eea2ec30c620) C:\Windows\system32\PnkBstrA.exe
12:50:47.0174 0668 PnkBstrA - ok
12:50:47.0184 0668 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:50:47.0184 0668 PNRPAutoReg - ok
12:50:47.0234 0668 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:50:47.0234 0668 PNRPsvc - ok
12:50:47.0294 0668 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:50:47.0294 0668 PolicyAgent - ok
12:50:47.0334 0668 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:50:47.0344 0668 Power - ok
12:50:47.0384 0668 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:50:47.0384 0668 PptpMiniport - ok
12:50:47.0404 0668 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
12:50:47.0404 0668 Processor - ok
12:50:47.0444 0668 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
12:50:47.0444 0668 ProfSvc - ok
12:50:47.0464 0668 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:50:47.0464 0668 ProtectedStorage - ok
12:50:47.0504 0668 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:50:47.0504 0668 Psched - ok
12:50:47.0604 0668 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
12:50:47.0614 0668 ql2300 - ok
12:50:47.0674 0668 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
12:50:47.0674 0668 ql40xx - ok
12:50:47.0704 0668 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:50:47.0704 0668 QWAVE - ok
12:50:47.0714 0668 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:50:47.0724 0668 QWAVEdrv - ok
12:50:47.0734 0668 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:50:47.0734 0668 RasAcd - ok
12:50:47.0774 0668 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:50:47.0774 0668 RasAgileVpn - ok
12:50:47.0784 0668 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:50:47.0794 0668 RasAuto - ok
12:50:47.0804 0668 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:50:47.0804 0668 Rasl2tp - ok
12:50:47.0854 0668 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:50:47.0854 0668 RasMan - ok
12:50:47.0874 0668 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:50:47.0874 0668 RasPppoe - ok
12:50:47.0904 0668 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:50:47.0904 0668 RasSstp - ok
12:50:47.0934 0668 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:50:47.0934 0668 rdbss - ok
12:50:47.0944 0668 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:50:47.0944 0668 rdpbus - ok
12:50:47.0944 0668 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:50:47.0944 0668 RDPCDD - ok
12:50:47.0994 0668 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:50:47.0994 0668 RDPDR - ok
12:50:48.0014 0668 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:50:48.0014 0668 RDPENCDD - ok
12:50:48.0024 0668 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:50:48.0024 0668 RDPREFMP - ok
12:50:48.0064 0668 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
12:50:48.0064 0668 RdpVideoMiniport - ok
12:50:48.0104 0668 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
12:50:48.0104 0668 RDPWD - ok
12:50:48.0144 0668 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:50:48.0144 0668 rdyboost - ok
12:50:48.0204 0668 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:50:48.0204 0668 RemoteAccess - ok
12:50:48.0244 0668 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:50:48.0254 0668 RemoteRegistry - ok
12:50:48.0285 0668 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:50:48.0295 0668 RpcEptMapper - ok
12:50:48.0325 0668 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:50:48.0325 0668 RpcLocator - ok
12:50:48.0355 0668 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:50:48.0365 0668 RpcSs - ok
12:50:48.0375 0668 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:50:48.0375 0668 rspndr - ok
12:50:48.0415 0668 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:50:48.0415 0668 s3cap - ok
12:50:48.0445 0668 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:50:48.0445 0668 SamSs - ok
12:50:48.0485 0668 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:50:48.0485 0668 sbp2port - ok
12:50:48.0505 0668 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:50:48.0515 0668 SCardSvr - ok
12:50:48.0515 0668 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:50:48.0515 0668 scfilter - ok
12:50:48.0585 0668 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:50:48.0595 0668 Schedule - ok
12:50:48.0635 0668 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
12:50:48.0645 0668 SCMNdisP - ok
12:50:48.0685 0668 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:50:48.0685 0668 SCPolicySvc - ok
12:50:48.0705 0668 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:50:48.0705 0668 SDRSVC - ok
12:50:48.0735 0668 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:50:48.0735 0668 secdrv - ok
12:50:48.0755 0668 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:50:48.0755 0668 seclogon - ok
12:50:48.0795 0668 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:50:48.0795 0668 SENS - ok
12:50:48.0825 0668 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:50:48.0835 0668 SensrSvc - ok
12:50:48.0845 0668 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:50:48.0845 0668 Serenum - ok
12:50:48.0855 0668 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:50:48.0865 0668 Serial - ok
12:50:48.0875 0668 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
12:50:48.0875 0668 sermouse - ok
12:50:48.0905 0668 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:50:48.0905 0668 SessionEnv - ok
12:50:48.0915 0668 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:50:48.0925 0668 sffdisk - ok
12:50:48.0925 0668 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:50:48.0925 0668 sffp_mmc - ok
12:50:48.0935 0668 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:50:48.0935 0668 sffp_sd - ok
12:50:48.0945 0668 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
12:50:48.0955 0668 sfloppy - ok
12:50:49.0015 0668 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:50:49.0025 0668 SharedAccess - ok
12:50:49.0055 0668 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:50:49.0055 0668 ShellHWDetection - ok
12:50:49.0075 0668 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:50:49.0075 0668 sisagp - ok
12:50:49.0105 0668 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
12:50:49.0115 0668 SiSRaid2 - ok
12:50:49.0125 0668 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
12:50:49.0125 0668 SiSRaid4 - ok
12:50:49.0135 0668 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:50:49.0135 0668 Smb - ok
12:50:49.0175 0668 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:50:49.0185 0668 SNMPTRAP - ok
12:50:49.0195 0668 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:50:49.0195 0668 spldr - ok
12:50:49.0245 0668 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:50:49.0245 0668 Spooler - ok
12:50:49.0445 0668 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:50:49.0495 0668 sppsvc - ok
12:50:49.0615 0668 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:50:49.0625 0668 sppuinotify - ok
12:50:49.0715 0668 sptd (0022cfff1a41e5ce3a764050a7ddf22a) C:\Windows\System32\Drivers\sptd.sys
12:50:49.0715 0668 sptd - ok
12:50:49.0755 0668 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:50:49.0765 0668 srv - ok
12:50:49.0785 0668 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:50:49.0795 0668 srv2 - ok
12:50:49.0805 0668 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:50:49.0805 0668 srvnet - ok
12:50:49.0845 0668 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:50:49.0855 0668 SSDPSRV - ok
12:50:49.0885 0668 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:50:49.0895 0668 SstpSvc - ok
12:50:49.0955 0668 Steam Client Service - ok
12:50:49.0985 0668 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
12:50:49.0985 0668 stexstor - ok
12:50:50.0045 0668 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:50:50.0055 0668 StiSvc - ok
12:50:50.0085 0668 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:50:50.0085 0668 storflt - ok
12:50:50.0115 0668 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:50:50.0115 0668 storvsc - ok
12:50:50.0135 0668 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
12:50:50.0135 0668 swenum - ok
12:50:50.0155 0668 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:50:50.0165 0668 swprv - ok
12:50:50.0205 0668 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
12:50:50.0205 0668 Synth3dVsc - ok
12:50:50.0316 0668 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:50:50.0326 0668 SysMain - ok
12:50:50.0346 0668 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:50:50.0356 0668 TabletInputService - ok
12:50:50.0376 0668 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:50:50.0386 0668 TapiSrv - ok
12:50:50.0396 0668 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:50:50.0396 0668 TBS - ok
12:50:50.0536 0668 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:50:50.0546 0668 Tcpip - ok
12:50:50.0726 0668 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:50:50.0736 0668 TCPIP6 - ok
12:50:50.0806 0668 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:50:50.0806 0668 tcpipreg - ok
12:50:50.0816 0668 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:50:50.0816 0668 TDPIPE - ok
12:50:50.0846 0668 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:50:50.0846 0668 TDTCP - ok
12:50:50.0886 0668 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:50:50.0886 0668 tdx - ok
12:50:50.0906 0668 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
12:50:50.0906 0668 TermDD - ok
12:50:50.0926 0668 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
12:50:50.0926 0668 terminpt - ok
12:50:50.0976 0668 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:50:50.0986 0668 TermService - ok
12:50:50.0996 0668 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:50:50.0996 0668 Themes - ok
12:50:51.0016 0668 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:50:51.0016 0668 THREADORDER - ok
12:50:51.0036 0668 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:50:51.0046 0668 TrkWks - ok
12:50:51.0106 0668 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:50:51.0116 0668 TrustedInstaller - ok
12:50:51.0136 0668 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:50:51.0136 0668 tssecsrv - ok
12:50:51.0176 0668 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:50:51.0176 0668 TsUsbFlt - ok
12:50:51.0186 0668 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
12:50:51.0186 0668 TsUsbGD - ok
12:50:51.0206 0668 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
12:50:51.0206 0668 tsusbhub - ok
12:50:51.0256 0668 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:50:51.0256 0668 tunnel - ok
12:50:51.0266 0668 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
12:50:51.0266 0668 uagp35 - ok
12:50:51.0296 0668 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:50:51.0296 0668 udfs - ok
12:50:51.0316 0668 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:50:51.0316 0668 UI0Detect - ok
12:50:51.0326 0668 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:50:51.0326 0668 uliagpkx - ok
12:50:51.0366 0668 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
12:50:51.0366 0668 umbus - ok
12:50:51.0396 0668 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
12:50:51.0396 0668 UmPass - ok
12:50:51.0436 0668 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:50:51.0446 0668 UmRdpService - ok
12:50:51.0466 0668 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:50:51.0476 0668 upnphost - ok
12:50:51.0516 0668 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:50:51.0516 0668 USBAAPL - ok
12:50:51.0546 0668 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:50:51.0546 0668 usbccgp - ok
12:50:51.0556 0668 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:50:51.0556 0668 usbcir - ok
12:50:51.0576 0668 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:50:51.0576 0668 usbehci - ok
12:50:51.0626 0668 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:50:51.0626 0668 usbhub - ok
12:50:51.0636 0668 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
12:50:51.0636 0668 usbohci - ok
12:50:51.0646 0668 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
12:50:51.0646 0668 usbprint - ok
12:50:51.0666 0668 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:50:51.0666 0668 USBSTOR - ok
12:50:51.0686 0668 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
12:50:51.0686 0668 usbuhci - ok
12:50:51.0706 0668 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:50:51.0706 0668 UxSms - ok
12:50:51.0726 0668 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:50:51.0726 0668 VaultSvc - ok
12:50:51.0746 0668 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:50:51.0746 0668 vdrvroot - ok
12:50:51.0776 0668 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:50:51.0786 0668 vds - ok
12:50:51.0826 0668 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:50:51.0826 0668 vga - ok
12:50:51.0826 0668 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:50:51.0826 0668 VgaSave - ok
12:50:51.0836 0668 VGPU - ok
12:50:51.0866 0668 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:50:51.0866 0668 vhdmp - ok
12:50:51.0886 0668 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:50:51.0886 0668 viaagp - ok
12:50:51.0906 0668 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
12:50:51.0906 0668 ViaC7 - ok
12:50:51.0916 0668 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:50:51.0916 0668 viaide - ok
12:50:51.0966 0668 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:50:51.0966 0668 vmbus - ok
12:50:51.0976 0668 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:50:51.0976 0668 VMBusHID - ok
12:50:52.0016 0668 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:50:52.0016 0668 volmgr - ok
12:50:52.0046 0668 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:50:52.0046 0668 volmgrx - ok
12:50:52.0076 0668 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:50:52.0076 0668 volsnap - ok
12:50:52.0126 0668 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
12:50:52.0126 0668 vsmraid - ok
12:50:52.0236 0668 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:50:52.0246 0668 VSS - ok
12:50:52.0256 0668 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:50:52.0256 0668 vwifibus - ok
12:50:52.0276 0668 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:50:52.0286 0668 vwififlt - ok
12:50:52.0316 0668 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:50:52.0316 0668 W32Time - ok
12:50:52.0336 0668 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
12:50:52.0336 0668 WacomPen - ok
12:50:52.0376 0668 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:50:52.0376 0668 WANARP - ok
12:50:52.0376 0668 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:50:52.0376 0668 Wanarpv6 - ok
12:50:52.0496 0668 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:50:52.0506 0668 WatAdminSvc - ok
12:50:52.0696 0668 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:50:52.0706 0668 wbengine - ok
12:50:52.0736 0668 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:50:52.0736 0668 WbioSrvc - ok
12:50:52.0766 0668 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:50:52.0776 0668 wcncsvc - ok
12:50:52.0786 0668 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:50:52.0796 0668 WcsPlugInService - ok
12:50:52.0816 0668 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
12:50:52.0816 0668 Wd - ok
12:50:52.0856 0668 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:50:52.0856 0668 Wdf01000 - ok
12:50:52.0866 0668 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:50:52.0876 0668 WdiServiceHost - ok
12:50:52.0876 0668 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:50:52.0886 0668 WdiSystemHost - ok
12:50:52.0906 0668 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:50:52.0906 0668 WebClient - ok
12:50:52.0936 0668 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:50:52.0936 0668 Wecsvc - ok
12:50:52.0956 0668 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:50:52.0956 0668 wercplsupport - ok
12:50:52.0966 0668 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:50:52.0976 0668 WerSvc - ok
12:50:53.0006 0668 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:50:53.0006 0668 WfpLwf - ok
12:50:53.0016 0668 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:50:53.0016 0668 WIMMount - ok
12:50:53.0136 0668 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:50:53.0146 0668 WinDefend - ok
12:50:53.0156 0668 WinHttpAutoProxySvc - ok
12:50:53.0226 0668 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:50:53.0226 0668 Winmgmt - ok
12:50:53.0316 0668 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:50:53.0326 0668 WinRM - ok
12:50:53.0396 0668 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:50:53.0396 0668 WinUsb - ok
12:50:53.0466 0668 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:50:53.0476 0668 Wlansvc - ok
12:50:53.0676 0668 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:50:53.0696 0668 wlidsvc - ok
12:50:53.0856 0668 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\Windows\system32\drivers\WmBEnum.sys
12:50:53.0856 0668 WmBEnum - ok
12:50:53.0916 0668 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\Windows\system32\drivers\WmFilter.sys
12:50:53.0916 0668 WmFilter - ok
12:50:53.0956 0668 WmHidLo (1f596392149cac51f7c095af7d533934) C:\Windows\system32\drivers\WmHidLo.sys
12:50:53.0956 0668 WmHidLo - ok
12:50:53.0986 0668 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:50:53.0986 0668 WmiAcpi - ok
12:50:54.0056 0668 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:50:54.0056 0668 wmiApSrv - ok
12:50:54.0226 0668 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:50:54.0246 0668 WMPNetworkSvc - ok
12:50:54.0306 0668 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\Windows\system32\drivers\WmVirHid.sys
12:50:54.0306 0668 WmVirHid - ok
12:50:54.0326 0668 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\Windows\system32\drivers\WmXlCore.sys
12:50:54.0326 0668 WmXlCore - ok
12:50:54.0356 0668 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:50:54.0366 0668 WPCSvc - ok
12:50:54.0376 0668 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:50:54.0376 0668 WPDBusEnum - ok
12:50:54.0396 0668 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:50:54.0396 0668 ws2ifsl - ok
12:50:54.0446 0668 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:50:54.0446 0668 wscsvc - ok
12:50:54.0446 0668 WSearch - ok
12:50:54.0526 0668 WSWNDA3100 (a2c4dc335656fb7a5a3ac076282534cb) C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
12:50:54.0536 0668 WSWNDA3100 - ok
12:50:54.0666 0668 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:50:54.0696 0668 wuauserv - ok
12:50:54.0756 0668 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:50:54.0766 0668 WudfPf - ok
12:50:54.0806 0668 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:50:54.0806 0668 WUDFRd - ok
12:50:54.0846 0668 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:50:54.0846 0668 wudfsvc - ok
12:50:54.0876 0668 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:50:54.0886 0668 WwanSvc - ok
12:50:54.0946 0668 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
12:50:54.0946 0668 xnacc - ok
12:50:54.0996 0668 xusb21 (276842a27953be204a2507096f09b1f3) C:\Windows\system32\DRIVERS\xusb21.sys
12:50:54.0996 0668 xusb21 - ok
12:50:55.0016 0668 MBR (0x1B8) (d10f1090c2a1da838dee05aa4ca56fbd) \Device\Harddisk0\DR0
12:50:55.0146 0668 \Device\Harddisk0\DR0 - ok
12:50:55.0156 0668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:50:55.0436 0668 \Device\Harddisk1\DR1 - ok
12:50:55.0436 0668 Boot (0x1200) (afbcca9e2b614dc3e00aaf8d0717afcf) \Device\Harddisk0\DR0\Partition0
12:50:55.0436 0668 \Device\Harddisk0\DR0\Partition0 - ok
12:50:55.0446 0668 Boot (0x1200) (fd19ce543d93c70e31e66fca92ee9467) \Device\Harddisk1\DR1\Partition0
12:50:55.0446 0668 \Device\Harddisk1\DR1\Partition0 - ok
12:50:55.0446 0668 ============================================================
12:50:55.0446 0668 Scan finished
12:50:55.0446 0668 ============================================================
12:50:55.0456 4004 Detected object count: 0
12:50:55.0456 4004 Actual detected object count: 0
12:50:59.0546 4672 ============================================================
12:50:59.0546 4672 Scan started
12:50:59.0546 4672 Mode: Manual; TDLFS;
12:50:59.0546 4672 ============================================================
12:51:01.0896 4672 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:51:01.0906 4672 1394ohci - ok
12:51:02.0076 4672 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:51:02.0076 4672 ACPI - ok
12:51:02.0166 4672 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:51:02.0166 4672 AcpiPmi - ok
12:51:02.0336 4672 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:51:02.0336 4672 AdobeARMservice - ok
12:51:02.0566 4672 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:51:02.0566 4672 AdobeFlashPlayerUpdateSvc - ok
12:51:02.0736 4672 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
12:51:02.0736 4672 adp94xx - ok
12:51:02.0866 4672 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
12:51:02.0866 4672 adpahci - ok
12:51:02.0916 4672 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
12:51:02.0916 4672 adpu320 - ok
12:51:03.0006 4672 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:51:03.0006 4672 AeLookupSvc - ok
12:51:03.0056 4672 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:51:03.0056 4672 AFD - ok
12:51:03.0096 4672 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:51:03.0096 4672 agp440 - ok
12:51:03.0136 4672 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
12:51:03.0136 4672 aic78xx - ok
12:51:03.0166 4672 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:51:03.0166 4672 ALG - ok
12:51:03.0196 4672 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:51:03.0206 4672 aliide - ok
12:51:03.0226 4672 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:51:03.0226 4672 amdagp - ok
12:51:03.0246 4672 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:51:03.0246 4672 amdide - ok
12:51:03.0276 4672 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
12:51:03.0276 4672 AmdK8 - ok
12:51:03.0316 4672 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
12:51:03.0316 4672 AmdPPM - ok
12:51:03.0366 4672 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:51:03.0366 4672 amdsata - ok
12:51:03.0396 4672 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
12:51:03.0396 4672 amdsbs - ok
12:51:03.0426 4672 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:51:03.0426 4672 amdxata - ok
12:51:03.0456 4672 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:51:03.0456 4672 AppID - ok
12:51:03.0496 4672 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:51:03.0496 4672 AppIDSvc - ok
12:51:03.0526 4672 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:51:03.0526 4672 Appinfo - ok
12:51:03.0646 4672 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:51:03.0646 4672 Apple Mobile Device - ok
12:51:03.0686 4672 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:51:03.0686 4672 AppMgmt - ok
12:51:03.0706 4672 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
12:51:03.0706 4672 arc - ok
12:51:03.0756 4672 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
12:51:03.0756 4672 arcsas - ok
12:51:03.0756 4672 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:51:03.0766 4672 AsyncMac - ok
12:51:03.0786 4672 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:51:03.0786 4672 atapi - ok
12:51:03.0836 4672 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:51:03.0836 4672 AudioEndpointBuilder - ok
12:51:03.0856 4672 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:51:03.0856 4672 Audiosrv - ok
12:51:03.0899 4672 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:51:03.0900 4672 AxInstSV - ok
12:51:03.0998 4672 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
12:51:04.0008 4672 b06bdrv - ok
12:51:04.0038 4672 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:51:04.0038 4672 b57nd60x - ok
12:51:04.0338 4672 BCMH43XX (e0e8890117e701ea6d787c1d0624d6b7) C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
12:51:04.0348 4672 BCMH43XX - ok
12:51:04.0385 4672 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:51:04.0386 4672 BDESVC - ok
12:51:04.0400 4672 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:51:04.0400 4672 Beep - ok
12:51:04.0460 4672 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:51:04.0500 4672 BFE - ok
12:51:04.0580 4672 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
12:51:04.0580 4672 BITS - ok
12:51:04.0620 4672 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:51:04.0620 4672 blbdrive - ok
12:51:04.0740 4672 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:51:04.0740 4672 Bonjour Service - ok
12:51:04.0790 4672 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:51:04.0790 4672 bowser - ok
12:51:04.0810 4672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
12:51:04.0810 4672 BrFiltLo - ok
12:51:04.0820 4672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
12:51:04.0820 4672 BrFiltUp - ok
12:51:04.0840 4672 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:51:04.0840 4672 BridgeMP - ok
12:51:04.0865 4672 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:51:04.0866 4672 Browser - ok
12:51:04.0922 4672 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:51:04.0922 4672 Brserid - ok
12:51:04.0992 4672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:51:04.0992 4672 BrSerWdm - ok
12:51:05.0002 4672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:51:05.0002 4672 BrUsbMdm - ok
12:51:05.0012 4672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:51:05.0012 4672 BrUsbSer - ok
12:51:05.0042 4672 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
12:51:05.0042 4672 BTHMODEM - ok
12:51:05.0062 4672 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:51:05.0062 4672 bthserv - ok
12:51:05.0142 4672 catchme - ok
12:51:05.0182 4672 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:51:05.0182 4672 cdfs - ok
12:51:05.0192 4672 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:51:05.0192 4672 cdrom - ok
12:51:05.0212 4672 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:51:05.0212 4672 CertPropSvc - ok
12:51:05.0252 4672 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
12:51:05.0252 4672 circlass - ok
12:51:05.0282 4672 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:51:05.0282 4672 CLFS - ok
12:51:05.0412 4672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:51:05.0412 4672 clr_optimization_v2.0.50727_32 - ok
12:51:05.0472 4672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:51:05.0472 4672 clr_optimization_v4.0.30319_32 - ok
12:51:05.0482 4672 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
12:51:05.0482 4672 CmBatt - ok
12:51:05.0492 4672 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:51:05.0492 4672 cmdide - ok
12:51:05.0532 4672 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:51:05.0542 4672 CNG - ok
12:51:05.0552 4672 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
12:51:05.0552 4672 Compbatt - ok
12:51:05.0552 4672 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:51:05.0562 4672 CompositeBus - ok
12:51:05.0562 4672 COMSysApp - ok
12:51:05.0602 4672 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
12:51:05.0602 4672 cpuz135 - ok
12:51:05.0622 4672 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
12:51:05.0622 4672 crcdisk - ok
12:51:05.0672 4672 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
12:51:05.0672 4672 CryptSvc - ok
12:51:05.0742 4672 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:51:05.0752 4672 CSC - ok
12:51:05.0782 4672 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:51:05.0792 4672 CscService - ok
12:51:05.0852 4672 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:51:05.0852 4672 DcomLaunch - ok
12:51:05.0922 4672 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:51:05.0922 4672 defragsvc - ok
12:51:05.0952 4672 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:51:05.0962 4672 DfsC - ok
12:51:05.0982 4672 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:51:05.0982 4672 Dhcp - ok
12:51:06.0002 4672 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:51:06.0002 4672 discache - ok
12:51:06.0022 4672 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
12:51:06.0022 4672 Disk - ok
12:51:06.0062 4672 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
12:51:06.0062 4672 dmvsc - ok
12:51:06.0182 4672 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:51:06.0182 4672 Dnscache - ok
12:51:06.0212 4672 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:51:06.0212 4672 dot3svc - ok
12:51:06.0262 4672 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:51:06.0272 4672 DPS - ok
12:51:06.0292 4672 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:51:06.0292 4672 drmkaud - ok
12:51:06.0342 4672 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:51:06.0342 4672 dtsoftbus01 - ok
12:51:06.0422 4672 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:51:06.0422 4672 DXGKrnl - ok
12:51:06.0462 4672 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:51:06.0462 4672 EapHost - ok
12:51:06.0672 4672 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
12:51:06.0692 4672 ebdrv - ok
12:51:06.0822 4672 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:51:06.0822 4672 EFS - ok
12:51:06.0892 4672 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:51:06.0902 4672 ehRecvr - ok
12:51:06.0932 4672 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:51:06.0932 4672 ehSched - ok
12:51:06.0992 4672 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
12:51:06.0992 4672 elxstor - ok
12:51:07.0022 4672 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:51:07.0022 4672 ErrDev - ok
12:51:07.0082 4672 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:51:07.0082 4672 EventSystem - ok
12:51:07.0132 4672 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:51:07.0132 4672 exfat - ok
12:51:07.0172 4672 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:51:07.0172 4672 fastfat - ok
12:51:07.0242 4672 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:51:07.0242 4672 Fax - ok
12:51:07.0272 4672 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:51:07.0272 4672 fdc - ok
12:51:07.0292 4672 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:51:07.0292 4672 fdPHost - ok
12:51:07.0302 4672 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:51:07.0302 4672 FDResPub - ok
12:51:07.0312 4672 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:51:07.0312 4672 FileInfo - ok
12:51:07.0322 4672 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:51:07.0322 4672 Filetrace - ok
12:51:07.0332 4672 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
12:51:07.0332 4672 flpydisk - ok
12:51:07.0382 4672 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:51:07.0382 4672 FltMgr - ok
12:51:07.0512 4672 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:51:07.0522 4672 FontCache - ok
12:51:07.0622 4672 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:51:07.0622 4672 FontCache3.0.0.0 - ok
12:51:07.0692 4672 ForceWare Intelligent Application Manager (IAM) (c96c52d0d80666af585516ffa97b7c00) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:51:07.0702 4672 ForceWare Intelligent Application Manager (IAM) - ok
12:51:07.0792 4672 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:51:07.0792 4672 FsDepends - ok
12:51:07.0812 4672 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:51:07.0812 4672 Fs_Rec - ok
12:51:07.0842 4672 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:51:07.0842 4672 fvevol - ok
12:51:07.0852 4672 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
12:51:07.0862 4672 gagp30kx - ok
12:51:07.0892 4672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:51:07.0892 4672 GEARAspiWDM - ok
12:51:07.0952 4672 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:51:07.0962 4672 gpsvc - ok
12:51:07.0972 4672 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:51:07.0972 4672 hcw85cir - ok
12:51:08.0022 4672 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:51:08.0022 4672 HdAudAddService - ok
12:51:08.0032 4672 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:51:08.0032 4672 HDAudBus - ok
12:51:08.0052 4672 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
12:51:08.0052 4672 HidBatt - ok
12:51:08.0062 4672 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
12:51:08.0072 4672 HidBth - ok
12:51:08.0072 4672 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
12:51:08.0082 4672 HidIr - ok
12:51:08.0122 4672 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:51:08.0122 4672 hidserv - ok
12:51:08.0142 4672 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:51:08.0142 4672 HidUsb - ok
12:51:08.0192 4672 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:51:08.0192 4672 hkmsvc - ok
12:51:08.0222 4672 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:51:08.0222 4672 HomeGroupListener - ok
12:51:08.0322 4672 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:51:08.0332 4672 HomeGroupProvider - ok
12:51:08.0382 4672 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:51:08.0382 4672 HpSAMD - ok
12:51:08.0422 4672 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:51:08.0432 4672 HTTP - ok
12:51:08.0462 4672 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:51:08.0462 4672 hwpolicy - ok
12:51:08.0472 4672 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:51:08.0472 4672 i8042prt - ok
12:51:08.0512 4672 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:51:08.0512 4672 iaStorV - ok
12:51:08.0622 4672 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:51:08.0622 4672 idsvc - ok
12:51:08.0712 4672 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
12:51:08.0712 4672 iirsp - ok
12:51:08.0752 4672 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:51:08.0762 4672 IKEEXT - ok
12:51:08.0972 4672 IntcAzAudAddService (2d6e527b8be62fb0223da0c2d9c75b45) C:\Windows\system32\drivers\RTKVHDA.sys
12:51:08.0992 4672 IntcAzAudAddService - ok
12:51:09.0102 4672 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:51:09.0102 4672 intelide - ok
12:51:09.0122 4672 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:51:09.0122 4672 intelppm - ok
12:51:09.0142 4672 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:51:09.0142 4672 IPBusEnum - ok
12:51:09.0162 4672 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:51:09.0162 4672 IpFilterDriver - ok
12:51:09.0192 4672 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:51:09.0202 4672 iphlpsvc - ok
12:51:09.0222 4672 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:51:09.0222 4672 IPMIDRV - ok
12:51:09.0232 4672 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:51:09.0232 4672 IPNAT - ok
12:51:09.0342 4672 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
12:51:09.0342 4672 iPod Service - ok
12:51:09.0402 4672 iRacingService (1be2b7b28fa60c48dd1e98f59741b990) C:\Program Files\iRacing\iRacingService.exe
12:51:09.0402 4672 iRacingService - ok
12:51:09.0442 4672 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:51:09.0452 4672 IRENUM - ok
12:51:09.0462 4672 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:51:09.0462 4672 isapnp - ok
12:51:09.0492 4672 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:51:09.0492 4672 iScsiPrt - ok
12:51:09.0502 4672 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:51:09.0502 4672 kbdclass - ok
12:51:09.0512 4672 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
12:51:09.0512 4672 kbdhid - ok
12:51:09.0532 4672 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:51:09.0532 4672 KeyIso - ok
12:51:09.0552 4672 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:51:09.0552 4672 KSecDD - ok
12:51:09.0572 4672 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:51:09.0572 4672 KSecPkg - ok
12:51:09.0622 4672 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:51:09.0622 4672 KtmRm - ok
12:51:09.0672 4672 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:51:09.0672 4672 LanmanServer - ok
12:51:09.0712 4672 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:51:09.0712 4672 LanmanWorkstation - ok
12:51:09.0732 4672 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
12:51:09.0742 4672 LGBusEnum - ok
12:51:09.0772 4672 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
12:51:09.0772 4672 LGVirHid - ok
12:51:09.0782 4672 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:51:09.0782 4672 lltdio - ok
12:51:09.0822 4672 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:51:09.0822 4672 lltdsvc - ok
12:51:09.0842 4672 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:51:09.0842 4672 lmhosts - ok
12:51:09.0872 4672 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
12:51:09.0872 4672 LSI_FC - ok
12:51:09.0882 4672 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
12:51:09.0882 4672 LSI_SAS - ok
12:51:09.0892 4672 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
12:51:09.0892 4672 LSI_SAS2 - ok
12:51:09.0902 4672 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
12:51:09.0902 4672 LSI_SCSI - ok
12:51:09.0922 4672 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:51:09.0922 4672 luafv - ok
12:51:09.0952 4672 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:51:09.0962 4672 Mcx2Svc - ok
12:51:09.0972 4672 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
12:51:09.0972 4672 megasas - ok
12:51:10.0002 4672 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
12:51:10.0002 4672 MegaSR - ok
12:51:10.0012 4672 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:51:10.0022 4672 MMCSS - ok
12:51:10.0032 4672 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:51:10.0032 4672 Modem - ok
12:51:10.0042 4672 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:51:10.0042 4672 monitor - ok
12:51:10.0052 4672 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:51:10.0052 4672 mouclass - ok
12:51:10.0062 4672 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:51:10.0062 4672 mouhid - ok
12:51:10.0072 4672 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:51:10.0072 4672 mountmgr - ok
12:51:10.0192 4672 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:51:10.0192 4672 MozillaMaintenance - ok
12:51:10.0262 4672 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:51:10.0262 4672 MpFilter - ok
12:51:10.0282 4672 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:51:10.0282 4672 mpio - ok
12:51:10.0302 4672 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:51:10.0302 4672 mpsdrv - ok
12:51:10.0372 4672 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:51:10.0422 4672 MpsSvc - ok
12:51:10.0462 4672 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:51:10.0462 4672 MRxDAV - ok
12:51:10.0492 4672 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:51:10.0492 4672 mrxsmb - ok
12:51:10.0502 4672 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:51:10.0512 4672 mrxsmb10 - ok
12:51:10.0532 4672 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:51:10.0532 4672 mrxsmb20 - ok
12:51:10.0542 4672 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:51:10.0542 4672 msahci - ok
12:51:10.0562 4672 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:51:10.0562 4672 msdsm - ok
12:51:10.0592 4672 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:51:10.0592 4672 MSDTC - ok
12:51:10.0622 4672 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:51:10.0622 4672 Msfs - ok
12:51:10.0632 4672 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:51:10.0632 4672 mshidkmdf - ok
12:51:10.0642 4672 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:51:10.0642 4672 msisadrv - ok
12:51:10.0682 4672 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:51:10.0682 4672 MSiSCSI - ok
12:51:10.0692 4672 msiserver - ok
12:51:10.0742 4672 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:51:10.0742 4672 MSKSSRV - ok
12:51:10.0812 4672 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:51:10.0812 4672 MsMpSvc - ok
12:51:10.0832 4672 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:51:10.0832 4672 MSPCLOCK - ok
12:51:10.0842 4672 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:51:10.0842 4672 MSPQM - ok
12:51:10.0862 4672 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:51:10.0862 4672 MsRPC - ok
12:51:10.0882 4672 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
12:51:10.0882 4672 mssmbios - ok
12:51:10.0882 4672 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:51:10.0882 4672 MSTEE - ok
12:51:10.0912 4672 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
12:51:10.0912 4672 MTConfig - ok
12:51:10.0922 4672 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:51:10.0922 4672 Mup - ok
12:51:10.0982 4672 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:51:10.0982 4672 napagent - ok
12:51:11.0012 4672 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:51:11.0012 4672 NativeWifiP - ok
12:51:11.0062 4672 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:51:11.0072 4672 NDIS - ok
12:51:11.0082 4672 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:51:11.0082 4672 NdisCap - ok
12:51:11.0092 4672 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:51:11.0092 4672 NdisTapi - ok
12:51:11.0102 4672 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:51:11.0102 4672 Ndisuio - ok
12:51:11.0122 4672 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:51:11.0132 4672 NdisWan - ok
12:51:11.0142 4672 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:51:11.0142 4672 NDProxy - ok
12:51:11.0152 4672 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:51:11.0152 4672 NetBIOS - ok
12:51:11.0182 4672 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:51:11.0182 4672 NetBT - ok
12:51:11.0192 4672 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:51:11.0202 4672 Netlogon - ok
12:51:11.0242 4672 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:51:11.0242 4672 Netman - ok
12:51:11.0272 4672 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:51:11.0272 4672 netprofm - ok
12:51:11.0332 4672 netr73 (d961bf5709d40e42e79eb22baa801b51) C:\Windows\system32\DRIVERS\netr73.sys
12:51:11.0332 4672 netr73 - ok
12:51:11.0402 4672 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:51:11.0402 4672 NetTcpPortSharing - ok
12:51:11.0422 4672 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
12:51:11.0422 4672 nfrd960 - ok
12:51:11.0462 4672 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:51:11.0462 4672 NisDrv - ok
12:51:11.0492 4672 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:51:11.0492 4672 NlaSvc - ok
12:51:11.0502 4672 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:51:11.0502 4672 Npfs - ok
12:51:11.0532 4672 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:51:11.0532 4672 nsi - ok
12:51:11.0542 4672 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:51:11.0542 4672 nsiproxy - ok
12:51:11.0622 4672 nSvcIp (b6c48d01147ec020de7f1856734127f8) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:51:11.0632 4672 nSvcIp - ok
12:51:11.0712 4672 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:51:11.0722 4672 Ntfs - ok
12:51:11.0852 4672 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:51:11.0852 4672 Null - ok
12:51:11.0902 4672 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
12:51:11.0902 4672 NVENETFD - ok
12:51:12.0542 4672 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:51:12.0602 4672 nvlddmkm - ok
12:51:12.0772 4672 NVNET (8196a84583185499f3e8c20ffdaf36d6) C:\Windows\system32\DRIVERS\nvmf6232.sys
12:51:12.0772 4672 NVNET - ok
12:51:12.0812 4672 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:51:12.0812 4672 nvraid - ok
12:51:12.0832 4672 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:51:12.0832 4672 nvstor - ok
12:51:12.0872 4672 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
12:51:12.0872 4672 nvstor32 - ok
12:51:12.0952 4672 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
12:51:12.0962 4672 nvsvc - ok
12:51:13.0132 4672 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:51:13.0152 4672 nvUpdatusService - ok
12:51:13.0242 4672 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:51:13.0242 4672 nv_agp - ok
12:51:13.0262 4672 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:51:13.0262 4672 ohci1394 - ok
12:51:13.0303 4672 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:51:13.0313 4672 ose - ok
12:51:13.0743 4672 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:51:13.0773 4672 osppsvc - ok
12:51:13.0843 4672 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:51:13.0853 4672 p2pimsvc - ok
12:51:13.0903 4672 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:51:13.0903 4672 p2psvc - ok
12:51:13.0953 4672 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
12:51:13.0963 4672 Parport - ok
12:51:13.0993 4672 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:51:13.0993 4672 partmgr - ok
12:51:14.0013 4672 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
12:51:14.0013 4672 Parvdm - ok
12:51:14.0033 4672 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:51:14.0033 4672 PcaSvc - ok
12:51:14.0063 4672 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:51:14.0063 4672 pci - ok
12:51:14.0073 4672 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:51:14.0073 4672 pciide - ok
12:51:14.0173 4672 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
12:51:14.0173 4672 pcmcia - ok
12:51:14.0203 4672 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:51:14.0203 4672 pcw - ok
12:51:14.0253 4672 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:51:14.0253 4672 PEAUTH - ok
12:51:14.0393 4672 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:51:14.0403 4672 PeerDistSvc - ok
12:51:14.0513 4672 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:51:14.0523 4672 pla - ok
12:51:14.0603 4672 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:51:14.0603 4672 PlugPlay - ok
12:51:14.0643 4672 PnkBstrA (205e1b699fd3f2f9b036eea2ec30c620) C:\Windows\system32\PnkBstrA.exe
12:51:14.0643 4672 PnkBstrA - ok
12:51:14.0653 4672 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:51:14.0653 4672 PNRPAutoReg - ok
12:51:14.0703 4672 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:51:14.0713 4672 PNRPsvc - ok
12:51:14.0763 4672 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:51:14.0763 4672 PolicyAgent - ok
12:51:14.0813 4672 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:51:14.0813 4672 Power - ok
12:51:14.0843 4672 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:51:14.0843 4672 PptpMiniport - ok
12:51:14.0853 4672 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
12:51:14.0863 4672 Processor - ok
12:51:14.0903 4672 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
12:51:14.0903 4672 ProfSvc - ok
12:51:14.0913 4672 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:51:14.0923 4672 ProtectedStorage - ok
12:51:14.0933 4672 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:51:14.0933 4672 Psched - ok
12:51:15.0033 4672 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
12:51:15.0033 4672 ql2300 - ok
12:51:15.0093 4672 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
12:51:15.0093 4672 ql40xx - ok
12:51:15.0123 4672 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:51:15.0123 4672 QWAVE - ok
12:51:15.0143 4672 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:51:15.0143 4672 QWAVEdrv - ok
12:51:15.0153 4672 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:51:15.0153 4672 RasAcd - ok
12:51:15.0183 4672 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:51:15.0183 4672 RasAgileVpn - ok
12:51:15.0203 4672 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:51:15.0203 4672 RasAuto - ok
12:51:15.0223 4672 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:51:15.0223 4672 Rasl2tp - ok
12:51:15.0253 4672 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:51:15.0253 4672 RasMan - ok
12:51:15.0273 4672 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:51:15.0273 4672 RasPppoe - ok
12:51:15.0283 4672 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:51:15.0283 4672 RasSstp - ok
12:51:15.0313 4672 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:51:15.0313 4672 rdbss - ok
12:51:15.0323 4672 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:51:15.0323 4672 rdpbus - ok
12:51:15.0333 4672 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:51:15.0333 4672 RDPCDD - ok
12:51:15.0383 4672 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:51:15.0383 4672 RDPDR - ok
12:51:15.0383 4672 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:51:15.0393 4672 RDPENCDD - ok
12:51:15.0403 4672 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:51:15.0403 4672 RDPREFMP - ok
12:51:15.0443 4672 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
12:51:15.0443 4672 RdpVideoMiniport - ok
12:51:15.0483 4672 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
12:51:15.0483 4672 RDPWD - ok
12:51:15.0513 4672 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:51:15.0523 4672 rdyboost - ok
12:51:15.0553 4672 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:51:15.0553 4672 RemoteAccess - ok
12:51:15.0593 4672 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:51:15.0593 4672 RemoteRegistry - ok
12:51:15.0613 4672 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:51:15.0613 4672 RpcEptMapper - ok
12:51:15.0653 4672 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:51:15.0653 4672 RpcLocator - ok
12:51:15.0683 4672 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:51:15.0683 4672 RpcSs - ok
12:51:15.0703 4672 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:51:15.0703 4672 rspndr - ok
12:51:15.0733 4672 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:51:15.0733 4672 s3cap - ok
12:51:15.0763 4672 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:51:15.0763 4672 SamSs - ok
12:51:15.0783 4672 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:51:15.0783 4672 sbp2port - ok
12:51:15.0803 4672 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:51:15.0803 4672 SCardSvr - ok
12:51:15.0813 4672 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:51:15.0813 4672 scfilter - ok
12:51:15.0873 4672 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:51:15.0883 4672 Schedule - ok
12:51:15.0913 4672 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
12:51:15.0913 4672 SCMNdisP - ok
12:51:15.0953 4672 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:51:15.0953 4672 SCPolicySvc - ok
12:51:15.0973 4672 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:51:15.0973 4672 SDRSVC - ok
12:51:15.0993 4672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:51:15.0993 4672 secdrv - ok
12:51:16.0013 4672 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:51:16.0013 4672 seclogon - ok
12:51:16.0023 4672 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:51:16.0023 4672 SENS - ok
12:51:16.0053 4672 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:51:16.0063 4672 SensrSvc - ok
12:51:16.0073 4672 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:51:16.0073 4672 Serenum - ok
12:51:16.0123 4672 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:51:16.0123 4672 Serial - ok
12:51:16.0143 4672 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
12:51:16.0143 4672 sermouse - ok
12:51:16.0193 4672 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:51:16.0193 4672 SessionEnv - ok
12:51:16.0223 4672 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:51:16.0223 4672 sffdisk - ok
12:51:16.0233 4672 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:51:16.0233 4672 sffp_mmc - ok
12:51:16.0243 4672 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:51:16.0243 4672 sffp_sd - ok
12:51:16.0253 4672 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
12:51:16.0253 4672 sfloppy - ok
12:51:16.0304 4672 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:51:16.0314 4672 SharedAccess - ok
12:51:16.0364 4672 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:51:16.0374 4672 ShellHWDetection - ok
12:51:16.0404 4672 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:51:16.0404 4672 sisagp - ok
12:51:16.0414 4672 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
12:51:16.0414 4672 SiSRaid2 - ok
12:51:16.0434 4672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
12:51:16.0434 4672 SiSRaid4 - ok
12:51:16.0444 4672 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:51:16.0444 4672 Smb - ok
12:51:16.0514 4672 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:51:16.0514 4672 SNMPTRAP - ok
12:51:16.0524 4672 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:51:16.0524 4672 spldr - ok
12:51:16.0554 4672 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:51:16.0554 4672 Spooler - ok
12:51:16.0744 4672 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:51:16.0764 4672 sppsvc - ok
12:51:16.0894 4672 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:51:16.0894 4672 sppuinotify - ok
12:51:16.0974 4672 sptd (0022cfff1a41e5ce3a764050a7ddf22a) C:\Windows\System32\Drivers\sptd.sys
12:51:16.0974 4672 sptd - ok
12:51:17.0014 4672 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:51:17.0014 4672 srv - ok
12:51:17.0044 4672 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:51:17.0044 4672 srv2 - ok
12:51:17.0064 4672 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:51:17.0064 4672 srvnet - ok
12:51:17.0104 4672 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:51:17.0104 4672 SSDPSRV - ok
12:51:17.0144 4672 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:51:17.0144 4672 SstpSvc - ok
12:51:17.0174 4672 Steam Client Service - ok
12:51:17.0194 4672 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
12:51:17.0194 4672 stexstor - ok
12:51:17.0254 4672 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:51:17.0254 4672 StiSvc - ok
12:51:17.0284 4672 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:51:17.0284 4672 storflt - ok
12:51:17.0294 4672 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:51:17.0294 4672 storvsc - ok
12:51:17.0324 4672 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
12:51:17.0334 4672 swenum - ok
12:51:17.0354 4672 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:51:17.0364 4672 swprv - ok
12:51:17.0394 4672 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
12:51:17.0394 4672 Synth3dVsc - ok
12:51:17.0474 4672 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:51:17.0484 4672 SysMain - ok
12:51:17.0504 4672 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:51:17.0504 4672 TabletInputService - ok
12:51:17.0534 4672 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:51:17.0534 4672 TapiSrv - ok
12:51:17.0564 4672 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:51:17.0574 4672 TBS - ok
12:51:17.0704 4672 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:51:17.0714 4672 Tcpip - ok
12:51:17.0884 4672 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:51:17.0894 4672 TCPIP6 - ok
12:51:17.0964 4672 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:51:17.0964 4672 tcpipreg - ok
12:51:17.0984 4672 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:51:17.0984 4672 TDPIPE - ok
12:51:18.0004 4672 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:51:18.0014 4672 TDTCP - ok
12:51:18.0024 4672 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:51:18.0024 4672 tdx - ok
12:51:18.0044 4672 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
12:51:18.0044 4672 TermDD - ok
12:51:18.0064 4672 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
12:51:18.0064 4672 terminpt - ok
12:51:18.0144 4672 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:51:18.0144 4672 TermService - ok
12:51:18.0174 4672 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:51:18.0174 4672 Themes - ok
12:51:18.0194 4672 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:51:18.0194 4672 THREADORDER - ok
12:51:18.0224 4672 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:51:18.0224 4672 TrkWks - ok
12:51:18.0284 4672 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:51:18.0284 4672 TrustedInstaller - ok
12:51:18.0324 4672 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:51:18.0324 4672 tssecsrv - ok
12:51:18.0334 4672 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:51:18.0334 4672 TsUsbFlt - ok
12:51:18.0354 4672 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
12:51:18.0354 4672 TsUsbGD - ok
12:51:18.0374 4672 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
12:51:18.0374 4672 tsusbhub - ok
12:51:18.0394 4672 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:51:18.0394 4672 tunnel - ok
12:51:18.0404 4672 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
12:51:18.0414 4672 uagp35 - ok
12:51:18.0434 4672 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:51:18.0434 4672 udfs - ok
12:51:18.0484 4672 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:51:18.0494 4672 UI0Detect - ok
12:51:18.0494 4672 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:51:18.0494 4672 uliagpkx - ok
12:51:18.0514 4672 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
12:51:18.0514 4672 umbus - ok
12:51:18.0524 4672 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
12:51:18.0524 4672 UmPass - ok
12:51:18.0574 4672 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:51:18.0574 4672 UmRdpService - ok
12:51:18.0624 4672 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:51:18.0624 4672 upnphost - ok
12:51:18.0664 4672 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:51:18.0664 4672 USBAAPL - ok
12:51:18.0694 4672 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:51:18.0694 4672 usbccgp - ok
12:51:18.0704 4672 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:51:18.0704 4672 usbcir - ok
12:51:18.0724 4672 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:51:18.0724 4672 usbehci - ok
12:51:18.0744 4672 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:51:18.0744 4672 usbhub - ok
12:51:18.0754 4672 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
12:51:18.0754 4672 usbohci - ok
12:51:18.0774 4672 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
12:51:18.0774 4672 usbprint - ok
12:51:18.0794 4672 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:51:18.0794 4672 USBSTOR - ok
12:51:18.0804 4672 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
12:51:18.0804 4672 usbuhci - ok
12:51:18.0824 4672 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:51:18.0824 4672 UxSms - ok
12:51:18.0854 4672 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:51:18.0864 4672 VaultSvc - ok
12:51:18.0874 4672 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:51:18.0874 4672 vdrvroot - ok
12:51:18.0904 4672 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:51:18.0914 4672 vds - ok
12:51:18.0924 4672 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:51:18.0924 4672 vga - ok
12:51:18.0934 4672 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:51:18.0934 4672 VgaSave - ok
12:51:18.0944 4672 VGPU - ok
12:51:18.0964 4672 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:51:18.0964 4672 vhdmp - ok
12:51:18.0974 4672 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:51:18.0974 4672 viaagp - ok
12:51:18.0994 4672 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
12:51:18.0994 4672 ViaC7 - ok
12:51:19.0004 4672 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:51:19.0004 4672 viaide - ok
12:51:19.0054 4672 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:51:19.0054 4672 vmbus - ok
12:51:19.0074 4672 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:51:19.0074 4672 VMBusHID - ok
12:51:19.0114 4672 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:51:19.0114 4672 volmgr - ok
12:51:19.0144 4672 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:51:19.0144 4672 volmgrx - ok
12:51:19.0174 4672 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:51:19.0174 4672 volsnap - ok
12:51:19.0194 4672 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
12:51:19.0194 4672 vsmraid - ok
12:51:19.0264 4672 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:51:19.0274 4672 VSS - ok
12:51:19.0284 4672 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:51:19.0294 4672 vwifibus - ok
12:51:19.0294 4672 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:51:19.0294 4672 vwififlt - ok
12:51:19.0325 4672 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:51:19.0335 4672 W32Time - ok
12:51:19.0355 4672 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
12:51:19.0355 4672 WacomPen - ok
12:51:19.0365 4672 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:51:19.0365 4672 WANARP - ok
12:51:19.0375 4672 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:51:19.0375 4672 Wanarpv6 - ok
12:51:19.0475 4672 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:51:19.0485 4672 WatAdminSvc - ok
12:51:19.0665 4672 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:51:19.0675 4672 wbengine - ok
12:51:19.0695 4672 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:51:19.0695 4672 WbioSrvc - ok
12:51:19.0735 4672 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:51:19.0735 4672 wcncsvc - ok
12:51:19.0755 4672 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:51:19.0755 4672 WcsPlugInService - ok
12:51:19.0785 4672 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
12:51:19.0785 4672 Wd - ok
12:51:19.0815 4672 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:51:19.0815 4672 Wdf01000 - ok
12:51:19.0835 4672 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:51:19.0835 4672 WdiServiceHost - ok
12:51:19.0845 4672 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:51:19.0845 4672 WdiSystemHost - ok
12:51:19.0865 4672 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:51:19.0875 4672 WebClient - ok
12:51:19.0915 4672 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:51:19.0915 4672 Wecsvc - ok
12:51:19.0935 4672 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:51:19.0935 4672 wercplsupport - ok
12:51:19.0955 4672 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:51:19.0955 4672 WerSvc - ok
12:51:19.0965 4672 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:51:19.0965 4672 WfpLwf - ok
12:51:19.0965 4672 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:51:19.0965 4672 WIMMount - ok
12:51:20.0075 4672 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:51:20.0085 4672 WinDefend - ok
12:51:20.0095 4672 WinHttpAutoProxySvc - ok
12:51:20.0165 4672 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:51:20.0175 4672 Winmgmt - ok
12:51:20.0315 4672 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:51:20.0326 4672 WinRM - ok
12:51:20.0376 4672 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:51:20.0376 4672 WinUsb - ok
12:51:20.0446 4672 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:51:20.0456 4672 Wlansvc - ok
12:51:20.0656 4672 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:51:20.0666 4672 wlidsvc - ok
12:51:20.0806 4672 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\Windows\system32\drivers\WmBEnum.sys
12:51:20.0806 4672 WmBEnum - ok
12:51:20.0846 4672 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\Windows\system32\drivers\WmFilter.sys
12:51:20.0846 4672 WmFilter - ok
12:51:20.0876 4672 WmHidLo (1f596392149cac51f7c095af7d533934) C:\Windows\system32\drivers\WmHidLo.sys
12:51:20.0886 4672 WmHidLo - ok
12:51:20.0916 4672 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:51:20.0916 4672 WmiAcpi - ok
12:51:20.0986 4672 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:51:20.0986 4672 wmiApSrv - ok
12:51:21.0096 4672 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:51:21.0096 4672 WMPNetworkSvc - ok
12:51:21.0166 4672 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\Windows\system32\drivers\WmVirHid.sys
12:51:21.0166 4672 WmVirHid - ok
12:51:21.0176 4672 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\Windows\system32\drivers\WmXlCore.sys
12:51:21.0186 4672 WmXlCore - ok
12:51:21.0216 4672 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:51:21.0216 4672 WPCSvc - ok
12:51:21.0236 4672 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:51:21.0236 4672 WPDBusEnum - ok
12:51:21.0246 4672 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:51:21.0246 4672 ws2ifsl - ok
12:51:21.0266 4672 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:51:21.0266 4672 wscsvc - ok
12:51:21.0276 4672 WSearch - ok
12:51:21.0366 4672 WSWNDA3100 (a2c4dc335656fb7a5a3ac076282534cb) C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
12:51:21.0366 4672 WSWNDA3100 - ok
12:51:21.0506 4672 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:51:21.0526 4672 wuauserv - ok
12:51:21.0586 4672 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:51:21.0586 4672 WudfPf - ok
12:51:21.0606 4672 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:51:21.0606 4672 WUDFRd - ok
12:51:21.0616 4672 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:51:21.0626 4672 wudfsvc - ok
12:51:21.0646 4672 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:51:21.0656 4672 WwanSvc - ok
12:51:21.0706 4672 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
12:51:21.0716 4672 xnacc - ok
12:51:21.0746 4672 xusb21 (276842a27953be204a2507096f09b1f3) C:\Windows\system32\DRIVERS\xusb21.sys
12:51:21.0746 4672 xusb21 - ok
12:51:21.0776 4672 MBR (0x1B8) (d10f1090c2a1da838dee05aa4ca56fbd) \Device\Harddisk0\DR0
12:51:21.0796 4672 \Device\Harddisk0\DR0 - ok
12:51:21.0796 4672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:51:22.0076 4672 \Device\Harddisk1\DR1 - ok
12:51:22.0076 4672 Boot (0x1200) (afbcca9e2b614dc3e00aaf8d0717afcf) \Device\Harddisk0\DR0\Partition0
12:51:22.0076 4672 \Device\Harddisk0\DR0\Partition0 - ok
12:51:22.0076 4672 Boot (0x1200) (fd19ce543d93c70e31e66fca92ee9467) \Device\Harddisk1\DR1\Partition0
12:51:22.0076 4672 \Device\Harddisk1\DR1\Partition0 - ok
12:51:22.0076 4672 ============================================================
12:51:22.0076 4672 Scan finished
12:51:22.0076 4672 ============================================================
12:51:22.0086 5108 Detected object count: 0
12:51:22.0096 5108 Actual detected object count: 0

Edited by Scorpilian, 22 June 2012 - 02:53 PM.


#8 Scorpilian

Scorpilian
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 22 June 2012 - 03:10 PM

here is aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 12:54:34
-----------------------------
12:54:34.968 OS Version: Windows 6.1.7601 Service Pack 1
12:54:34.968 Number of processors: 2 586 0xF0D
12:54:34.969 ComputerName: MIKE-PC UserName: Mike
12:54:44.017 Initialize success
12:55:27.054 AVAST engine defs: 12062200
12:55:36.578 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
12:55:36.581 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
12:55:36.584 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000063
12:55:36.588 Disk 1 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
12:55:36.605 Disk 1 MBR read successfully
12:55:36.609 Disk 1 MBR scan
12:55:36.615 Disk 1 Windows 7 default MBR code
12:55:36.620 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
12:55:36.628 Disk 1 scanning sectors +625121280
12:55:36.715 Disk 1 scanning C:\Windows\system32\drivers
12:55:45.670 Service scanning
12:56:03.744 Modules scanning
12:56:09.431 Disk 1 trace - called modules:
12:56:09.450 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84e601e8]<<
12:56:09.459 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85f9a978]
12:56:09.466 3 CLASSPNP.SYS[893aa59e] -> nt!IofCallDriver -> [0x85b96a70]
12:56:09.473 5 ACPI.sys[88bb43d4] -> nt!IofCallDriver -> \Device\00000063[0x85b7ec68]
12:56:09.482 \Driver\nvstor32[0x85bbb9c0] -> IRP_MJ_CREATE -> 0x84e601e8
12:56:10.828 AVAST engine scan C:\Windows
12:56:13.371 AVAST engine scan C:\Windows\system32
12:58:42.992 AVAST engine scan C:\Windows\system32\drivers
12:58:53.350 AVAST engine scan C:\Users\Mike
13:04:43.824 AVAST engine scan C:\ProgramData
13:05:13.235 Scan finished successfully
13:09:16.014 Disk 1 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
13:09:16.022 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 22 June 2012 - 07:26 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Scorpilian

Scorpilian
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 22 June 2012 - 08:04 PM

ComboFix 12-06-21.03 - Mike 06/22/2012 17:53:02.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1238 [GMT -7:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 01:01 . 2012-06-23 01:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-23 01:01 . 2012-06-23 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 08:20 . 2012-06-23 01:01 -------- d-----w- c:\users\Mike\AppData\Local\temp
2012-06-22 01:23 . 2012-06-22 01:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEEB370A-16D8-481B-AFD5-24BBFFE78CAC}\MpKsla34485e9.sys
2012-06-22 00:25 . 2012-06-22 04:27 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEEB370A-16D8-481B-AFD5-24BBFFE78CAC}\offreg.dll
2012-06-22 00:22 . 2012-06-22 00:22 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE31BDCE-926D-4256-99EE-840AE7EF3AA3}\gapaengine.dll
2012-06-22 00:22 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEEB370A-16D8-481B-AFD5-24BBFFE78CAC}\mpengine.dll
2012-06-22 00:20 . 2012-06-22 04:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-21 21:23 . 2012-06-21 21:23 -------- d-----w- c:\program files\ESET
2012-06-21 21:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 21:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 21:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 21:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 21:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 21:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 21:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 21:08 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 21:08 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 06:11 . 2012-06-21 23:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-19 00:21 . 2012-06-19 00:21 -------- d-----w- c:\program files\Emotorsports
2012-06-18 10:22 . 2012-06-18 10:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-18 10:22 . 2012-06-18 10:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-18 07:49 . 2012-06-01 00:24 3235920 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2012-06-18 03:46 . 2012-06-18 03:46 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-18 02:35 . 2012-06-18 02:35 -------- d-----w- c:\users\Mike\AppData\Roaming\YourFileDownloader
2012-06-17 22:41 . 2012-06-17 22:41 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-15 01:09 . 2012-06-15 01:09 -------- d-----w- c:\users\Mike\AppData\Local\Macromedia
2012-06-14 06:42 . 2012-06-21 02:10 -------- d-----w- c:\users\Mike\AppData\Roaming\25Assist
2012-06-13 19:27 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 19:27 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 19:27 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 19:27 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:27 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 19:27 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 19:27 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 19:27 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 19:27 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 19:27 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 19:27 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 18:49 . 2012-06-11 19:27 -------- d-----w- c:\program files\SWAT 4
2012-06-11 18:49 . 2012-06-11 18:49 -------- d-----w- c:\windows\SWAT 4
2012-06-11 18:42 . 2012-06-11 18:42 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-11 18:42 . 2012-06-11 18:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-06-11 01:00 . 2012-06-11 01:01 -------- d-----w- c:\program files\Sierra On-Line
2012-06-11 01:00 . 2012-06-11 01:00 -------- d-----w- C:\SIERRA
2012-06-11 01:00 . 1998-01-23 19:22 304128 ----a-w- c:\windows\IsUninst.exe
2012-06-09 02:01 . 2012-06-09 02:03 -------- d-----w- c:\program files\Origin Games
2012-06-08 08:37 . 2012-06-08 08:37 -------- d-----w- c:\program files\MECC
2012-06-08 08:37 . 1997-06-12 13:03 289280 ----a-w- c:\windows\uninst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 00:30 . 2011-11-21 00:28 139136 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-21 00:29 . 2011-11-21 01:20 233920 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-21 00:29 . 2011-11-21 00:28 233920 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-21 00:27 . 2011-11-21 00:28 233920 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-17 22:38 . 2012-03-30 00:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 22:38 . 2011-11-17 17:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 04:53 . 2011-11-21 00:28 138056 ----a-w- c:\users\Mike\AppData\Roaming\PnkBstrK.sys
2012-05-26 01:06 . 2011-11-01 19:13 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-05-01 07:57 . 2012-03-30 00:36 119296 ----a-w- c:\windows\system32\zlib.dll
2012-04-10 00:25 . 2012-04-10 00:25 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-05 00:14 . 2011-11-01 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2011-12-28 01:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39 . 2012-05-11 20:14 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 20:14 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 20:14 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 09:00 . 2011-11-21 00:28 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-06-18 10:22 . 2011-11-01 18:10 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-11-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 153672]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 4375320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-28 10988176]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-3-28 4559840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 257224]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 netr73;Belkin Wireless 54G USB Network Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-11-01 552960]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-01 1343400]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 21728]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-11 242240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 iRacingService;iRacing helper service;c:\program files\iRacing\iRacingService.exe [2012-02-16 473768]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2011-04-19 1092160]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\6xblssoa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-22 18:03:12
ComboFix-quarantined-files.txt 2012-06-23 01:03
ComboFix2.txt 2012-06-22 08:26
.
Pre-Run: 64,739,975,168 bytes free
Post-Run: 64,843,522,048 bytes free
.
- - End Of File - - 96AF570BAF506B96DD4712F7A4669F4D

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 24 June 2012 - 01:42 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31
SoulSeek 157 NS 13e
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 27 June 2012 - 12:30 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Scorpilian

Scorpilian
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 June 2012 - 07:22 PM

hi I apologize for being absent, I just moved so I had to set everything up (internet etc.). I'm ready to continue

#14 Scorpilian

Scorpilian
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 June 2012 - 07:23 PM

will upload the logs in a bit

#15 Scorpilian

Scorpilian
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 29 June 2012 - 02:06 AM

One problem with my computer (not really sure if its a problem). When I log onto my computer, right when it gets to the desktop, I get this error message, "An error has occured in the program during initialization.If this problem continues, please contact your system administrator Error code: 0x80070002" . Now Hijackthis, when I click "Do a system scan and save a logfile", I get this:


"For Some Reason your system denied write access to the Hosts file. If any hijacked domains are in the file HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start,Run and type: notepad C:\Windows\System32\drivers\etc\hosts and press enter. Find the line(s) Hijack reports and delete them. Save the file as 'hosts.' (with quotes), and reboot. For Vista:simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as Administrator'.


So any help with that would be cool


Here is Mbam quickscan for now
____________________________

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.29.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]

6/28/2012 11:49:36 PM
mbam-log-2012-06-28 (23-49-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231002
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users