Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Root Kit


  • This topic is locked This topic is locked
18 replies to this topic

#1 cad250r

cad250r

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 03 July 2012 - 05:30 AM

I get random commercials playing on computer but cant see them. Internet Explorer always running slow and says low memory. Root kit that pops up is ( "";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA8004C06334";"Object is hidden").


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by coreyd at 5:50:15 on 2012-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2269 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\PC Cleaners\PCCleaners.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\REGSVR32.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: PC Antivirus Web Protection BHO: {c11cbda9-6702-469e-9ce1-64e3971a6b44} - C:\Program Files (x86)\PC Antivirus\pf.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [oJhobtIaKYXpMoR.exe] C:\ProgramData\oJhobtIaKYXpMoR.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
mRun: [PC Antivirus] "C:\Program Files (x86)\PC Antivirus\PCAntivirus.exe" /minimize
StartupFolder: C:\Users\coreyd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.2 65.39.139.53 65.39.139.63
TCP: Interfaces\{472FA05D-CF61-4715-ABE8-C2F050F30897} : DhcpNameServer = 192.168.1.2 65.39.139.53 65.39.139.63
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: PC Antivirus Web Protection BHO: {C11CBDA9-6702-469E-9CE1-64E3971A6B44} - C:\Program Files (x86)\PC Antivirus\pf.dll
BHO-X64: PC Antivirus Web Protection BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [oJhobtIaKYXpMoR.exe] C:\ProgramData\oJhobtIaKYXpMoR.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
mRun-x64: [PC Antivirus] "C:\Program Files (x86)\PC Antivirus\PCAntivirus.exe" /minimize
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-7 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-6-13 5161080]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-7 13336]
R2 MSSQL$KBMSS;SQL Server (KBMSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 Sentinel64;Sentinel64;C:\windows\system32\Drivers\Sentinel64.sys --> C:\windows\system32\Drivers\Sentinel64.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-7 1692480]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-7 2533400]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-20 935480]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\windows\system32\DRIVERS\SNTUSB64.SYS --> C:\windows\system32\DRIVERS\SNTUSB64.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257224]
S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SWDUMon;SWDUMon;C:\windows\system32\DRIVERS\SWDUMon.sys --> C:\windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-26 09:18:40 15672 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2012-06-26 09:18:40 -------- d-----w- C:\Users\coreyd\AppData\Local\SlimWare Utilities Inc
2012-06-26 09:17:53 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2012-06-21 07:12:53 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-21 07:12:46 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-21 07:12:35 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-21 07:12:35 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-21 06:59:46 -------- d-----w- C:\Users\coreyd\AppData\Local\AVG Secure Search
2012-06-20 12:47:14 -------- d-----w- C:\Users\coreyd\AppData\Roaming\DP_Technology
2012-06-18 19:27:59 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-18 19:27:59 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-06-18 19:27:59 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-06-18 19:25:08 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-06-18 19:24:49 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-06-18 19:24:48 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-06-18 19:24:48 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-06-18 19:24:27 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-06-18 19:24:12 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-06-18 19:23:56 3216384 ----a-w- C:\windows\System32\msi.dll
2012-06-18 19:23:56 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-06-18 19:23:27 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-06-18 19:23:27 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-06-18 19:23:27 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-06-18 19:23:27 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-06-18 19:23:27 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-06-18 19:23:26 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-06-07 10:11:06 -------- d-----w- C:\Users\coreyd\AppData\Roaming\DP Technology
.
==================== Find3M ====================
.
2012-07-02 13:32:27 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-02 13:32:27 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 07:25:14 9815752 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-22 07:29:26 308560 ----a-w- C:\windows\SysWow64\vipre.dll
2012-05-22 07:29:26 160768 ----a-w- C:\windows\SysWow64\unrar.dll
2012-05-22 07:29:26 1332560 ----a-w- C:\windows\SysWow64\sbte.dll
2012-05-22 07:28:55 6827792 ----a-w- C:\windows\uninstac.exe
2012-05-22 07:27:54 5292304 ----a-w- C:\windows\uninst.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-17 21:07:33 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-05-17 21:07:33 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-04-19 08:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
.
============= FINISH: 5:58:18.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:00 PM

Posted 03 July 2012 - 09:57 PM

Hello

Please note that fixes are not instantaneous. Most infections require more than one round to properly eradicate.
Please stay with me until given the 'all clear' even if symptoms seemingly abate.
Kindly follow my instructions and please do no fixing on your own or run any scans unless requested to do so.

Please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 cad250r

cad250r
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 04 July 2012 - 11:23 AM

I tried doing the system recovery from advanced boot but computer freezes. It says loading and a white bar comes across the bottom but then nothing happens. I don't have the installation disc.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:00 PM

Posted 04 July 2012 - 11:25 AM

OK, then try this

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 cad250r

cad250r
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 04 July 2012 - 12:55 PM

I attached the log.

Attached Files

  • Attached File  log.txt   20.17KB   3 downloads


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:00 PM

Posted 04 July 2012 - 01:10 PM

Hi,

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 cad250r

cad250r
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 04 July 2012 - 02:30 PM

I attached both reports.

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:00 PM

Posted 04 July 2012 - 03:29 PM

Hi,

Please go to Start > Control Panel > Programs and features > scroll down to the following entries and remove them:

PC Antivirus
PC Cleaners


while in Programs and Features, please remove all the old Java programs that you find, then download and install the latest Java - version 7 update 5 from here:


http://java.com/en/download/index.jsp


reboot your computer then run a fresh DDS and Attach log


please advise how your computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 cad250r

cad250r
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 05 July 2012 - 05:20 AM

Computer seems to be working faster. I attached both reports but when AVG ran it still pops up with a root kit. "";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA8004C01334";"Object is hidden"

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:00 PM

Posted 05 July 2012 - 09:48 AM

AVG is just reporting that it is a hidden driver. Iastor is required by your system. If there is anything wrong with it TDSSKiller should detect it, so please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 cad250r

cad250r
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 05 July 2012 - 10:31 AM

I ran it but can't find the log. Wont be back on till monday. Thanks and i'll reply with that on monday.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:00 PM

Posted 05 July 2012 - 10:37 AM

the log will be located on your C:\ drive

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 cad250r

cad250r
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 09 July 2012 - 04:13 AM

11:19:34.0960 7272 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
11:19:35.0450 7272 ============================================================
11:19:35.0450 7272 Current date / time: 2012/07/05 11:19:35.0450
11:19:35.0450 7272 SystemInfo:
11:19:35.0450 7272
11:19:35.0450 7272 OS Version: 6.1.7601 ServicePack: 1.0
11:19:35.0450 7272 Product type: Workstation
11:19:35.0450 7272 ComputerName: COREY-PC
11:19:35.0450 7272 UserName: coreyd
11:19:35.0450 7272 Windows directory: C:\windows
11:19:35.0450 7272 System windows directory: C:\windows
11:19:35.0450 7272 Running under WOW64
11:19:35.0450 7272 Processor architecture: Intel x64
11:19:35.0450 7272 Number of processors: 4
11:19:35.0450 7272 Page size: 0x1000
11:19:35.0450 7272 Boot type: Normal boot
11:19:35.0450 7272 ============================================================
11:19:36.0195 7272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:19:36.0195 7272 ============================================================
11:19:36.0195 7272 \Device\Harddisk0\DR0:
11:19:36.0195 7272 MBR partitions:
11:19:36.0195 7272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
11:19:36.0195 7272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38602830
11:19:36.0195 7272 ============================================================
11:19:36.0226 7272 C: <-> \Device\Harddisk0\DR0\Partition1
11:19:36.0226 7272 ============================================================
11:19:36.0226 7272 Initialize success
11:19:36.0226 7272 ============================================================
11:20:27.0707 5056 ============================================================
11:20:27.0707 5056 Scan started
11:20:27.0707 5056 Mode: Manual; TDLFS;
11:20:27.0707 5056 ============================================================
11:20:28.0737 5056 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
11:20:28.0752 5056 1394ohci - ok
11:20:28.0799 5056 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
11:20:28.0830 5056 ACPI - ok
11:20:28.0846 5056 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
11:20:28.0846 5056 AcpiPmi - ok
11:20:28.0924 5056 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:20:28.0924 5056 AdobeARMservice - ok
11:20:29.0049 5056 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:29.0064 5056 AdobeFlashPlayerUpdateSvc - ok
11:20:29.0127 5056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
11:20:29.0142 5056 adp94xx - ok
11:20:29.0205 5056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
11:20:29.0236 5056 adpahci - ok
11:20:29.0267 5056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
11:20:29.0267 5056 adpu320 - ok
11:20:29.0314 5056 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
11:20:29.0314 5056 AeLookupSvc - ok
11:20:29.0392 5056 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
11:20:29.0392 5056 AESTFilters - ok
11:20:29.0454 5056 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
11:20:29.0470 5056 AFD - ok
11:20:29.0501 5056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
11:20:29.0517 5056 agp440 - ok
11:20:29.0532 5056 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
11:20:29.0532 5056 ALG - ok
11:20:29.0548 5056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
11:20:29.0548 5056 aliide - ok
11:20:29.0564 5056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
11:20:29.0564 5056 amdide - ok
11:20:29.0595 5056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
11:20:29.0595 5056 AmdK8 - ok
11:20:29.0610 5056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
11:20:29.0610 5056 AmdPPM - ok
11:20:29.0642 5056 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
11:20:29.0642 5056 amdsata - ok
11:20:29.0673 5056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
11:20:29.0688 5056 amdsbs - ok
11:20:29.0720 5056 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
11:20:29.0720 5056 amdxata - ok
11:20:29.0766 5056 ApfiltrService (6690e42ced5d067233abad42da141213) C:\windows\system32\DRIVERS\Apfiltr.sys
11:20:29.0798 5056 ApfiltrService - ok
11:20:29.0829 5056 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
11:20:29.0829 5056 AppID - ok
11:20:29.0844 5056 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
11:20:29.0860 5056 AppIDSvc - ok
11:20:29.0876 5056 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
11:20:29.0876 5056 Appinfo - ok
11:20:29.0969 5056 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:20:29.0985 5056 Apple Mobile Device - ok
11:20:30.0047 5056 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
11:20:30.0047 5056 arc - ok
11:20:30.0063 5056 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
11:20:30.0078 5056 arcsas - ok
11:20:30.0188 5056 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:20:30.0188 5056 aspnet_state - ok
11:20:30.0219 5056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
11:20:30.0234 5056 AsyncMac - ok
11:20:30.0266 5056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
11:20:30.0266 5056 atapi - ok
11:20:30.0437 5056 athr (5493ed5d300afc7a9a0a87fca08e5381) C:\windows\system32\DRIVERS\athrx.sys
11:20:30.0515 5056 athr - ok
11:20:30.0671 5056 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:20:30.0687 5056 AudioEndpointBuilder - ok
11:20:30.0702 5056 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:20:30.0718 5056 AudioSrv - ok
11:20:31.0046 5056 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
11:20:31.0170 5056 AVGIDSAgent - ok
11:20:31.0264 5056 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
11:20:31.0264 5056 AVGIDSDriver - ok
11:20:31.0295 5056 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
11:20:31.0295 5056 AVGIDSFilter - ok
11:20:31.0326 5056 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
11:20:31.0326 5056 AVGIDSHA - ok
11:20:31.0358 5056 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
11:20:31.0373 5056 Avgldx64 - ok
11:20:31.0389 5056 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
11:20:31.0404 5056 Avgmfx64 - ok
11:20:31.0436 5056 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
11:20:31.0436 5056 Avgrkx64 - ok
11:20:31.0482 5056 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
11:20:31.0498 5056 Avgtdia - ok
11:20:31.0592 5056 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:20:31.0592 5056 avgwd - ok
11:20:31.0670 5056 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
11:20:31.0685 5056 AxInstSV - ok
11:20:31.0732 5056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
11:20:31.0763 5056 b06bdrv - ok
11:20:31.0794 5056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
11:20:31.0810 5056 b57nd60a - ok
11:20:31.0872 5056 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
11:20:31.0872 5056 BDESVC - ok
11:20:31.0888 5056 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
11:20:31.0888 5056 Beep - ok
11:20:31.0950 5056 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
11:20:31.0997 5056 BFE - ok
11:20:32.0075 5056 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
11:20:32.0106 5056 BITS - ok
11:20:32.0184 5056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
11:20:32.0184 5056 blbdrive - ok
11:20:32.0294 5056 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:20:32.0309 5056 Bonjour Service - ok
11:20:32.0356 5056 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
11:20:32.0372 5056 bowser - ok
11:20:32.0387 5056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
11:20:32.0387 5056 BrFiltLo - ok
11:20:32.0403 5056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
11:20:32.0403 5056 BrFiltUp - ok
11:20:32.0434 5056 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
11:20:32.0434 5056 BridgeMP - ok
11:20:32.0481 5056 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
11:20:32.0481 5056 Browser - ok
11:20:32.0512 5056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
11:20:32.0528 5056 Brserid - ok
11:20:32.0543 5056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
11:20:32.0559 5056 BrSerWdm - ok
11:20:32.0559 5056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
11:20:32.0559 5056 BrUsbMdm - ok
11:20:32.0574 5056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
11:20:32.0574 5056 BrUsbSer - ok
11:20:32.0606 5056 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
11:20:32.0606 5056 BthEnum - ok
11:20:32.0637 5056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
11:20:32.0637 5056 BTHMODEM - ok
11:20:32.0668 5056 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
11:20:32.0668 5056 BthPan - ok
11:20:32.0746 5056 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
11:20:32.0762 5056 BTHPORT - ok
11:20:32.0793 5056 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
11:20:32.0808 5056 bthserv - ok
11:20:32.0840 5056 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
11:20:32.0840 5056 BTHUSB - ok
11:20:32.0871 5056 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
11:20:32.0871 5056 cdfs - ok
11:20:32.0918 5056 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
11:20:32.0918 5056 cdrom - ok
11:20:32.0964 5056 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:20:32.0964 5056 CertPropSvc - ok
11:20:32.0996 5056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
11:20:32.0996 5056 circlass - ok
11:20:33.0042 5056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
11:20:33.0058 5056 CLFS - ok
11:20:33.0120 5056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:33.0120 5056 clr_optimization_v2.0.50727_32 - ok
11:20:33.0167 5056 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:20:33.0167 5056 clr_optimization_v2.0.50727_64 - ok
11:20:33.0230 5056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:20:33.0230 5056 clr_optimization_v4.0.30319_32 - ok
11:20:33.0261 5056 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:20:33.0276 5056 clr_optimization_v4.0.30319_64 - ok
11:20:33.0308 5056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
11:20:33.0308 5056 CmBatt - ok
11:20:33.0323 5056 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
11:20:33.0323 5056 cmdide - ok
11:20:33.0386 5056 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
11:20:33.0401 5056 CNG - ok
11:20:33.0448 5056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
11:20:33.0448 5056 Compbatt - ok
11:20:33.0464 5056 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
11:20:33.0464 5056 CompositeBus - ok
11:20:33.0479 5056 COMSysApp - ok
11:20:33.0510 5056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
11:20:33.0510 5056 crcdisk - ok
11:20:33.0557 5056 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
11:20:33.0573 5056 CryptSvc - ok
11:20:33.0620 5056 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
11:20:33.0620 5056 CtClsFlt - ok
11:20:33.0666 5056 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\windows\system32\DRIVERS\dc3d.sys
11:20:33.0682 5056 dc3d - ok
11:20:33.0729 5056 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:20:33.0776 5056 DcomLaunch - ok
11:20:33.0807 5056 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
11:20:33.0822 5056 defragsvc - ok
11:20:33.0900 5056 DellDigitalDelivery (bc8362b60304a9ed9416c305f6df5247) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
11:20:33.0932 5056 DellDigitalDelivery - ok
11:20:33.0978 5056 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
11:20:33.0994 5056 DfsC - ok
11:20:34.0041 5056 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
11:20:34.0056 5056 Dhcp - ok
11:20:34.0088 5056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
11:20:34.0088 5056 discache - ok
11:20:34.0119 5056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
11:20:34.0134 5056 Disk - ok
11:20:34.0150 5056 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
11:20:34.0150 5056 Dnscache - ok
11:20:34.0181 5056 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
11:20:34.0181 5056 dot3svc - ok
11:20:34.0197 5056 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
11:20:34.0212 5056 DPS - ok
11:20:34.0228 5056 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
11:20:34.0228 5056 drmkaud - ok
11:20:34.0290 5056 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
11:20:34.0337 5056 DXGKrnl - ok
11:20:34.0353 5056 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
11:20:34.0368 5056 EapHost - ok
11:20:34.0524 5056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
11:20:34.0634 5056 ebdrv - ok
11:20:34.0727 5056 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
11:20:34.0727 5056 EFS - ok
11:20:34.0805 5056 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
11:20:34.0852 5056 ehRecvr - ok
11:20:34.0868 5056 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
11:20:34.0883 5056 ehSched - ok
11:20:34.0961 5056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
11:20:34.0977 5056 elxstor - ok
11:20:34.0992 5056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
11:20:34.0992 5056 ErrDev - ok
11:20:35.0039 5056 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
11:20:35.0070 5056 EventSystem - ok
11:20:35.0102 5056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
11:20:35.0117 5056 exfat - ok
11:20:35.0148 5056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
11:20:35.0148 5056 fastfat - ok
11:20:35.0211 5056 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
11:20:35.0242 5056 Fax - ok
11:20:35.0273 5056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
11:20:35.0273 5056 fdc - ok
11:20:35.0289 5056 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
11:20:35.0289 5056 fdPHost - ok
11:20:35.0304 5056 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
11:20:35.0320 5056 FDResPub - ok
11:20:35.0336 5056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
11:20:35.0336 5056 FileInfo - ok
11:20:35.0351 5056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
11:20:35.0351 5056 Filetrace - ok
11:20:35.0367 5056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
11:20:35.0367 5056 flpydisk - ok
11:20:35.0414 5056 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
11:20:35.0429 5056 FltMgr - ok
11:20:35.0507 5056 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
11:20:35.0538 5056 FontCache - ok
11:20:35.0601 5056 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:20:35.0601 5056 FontCache3.0.0.0 - ok
11:20:35.0663 5056 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
11:20:35.0663 5056 FsDepends - ok
11:20:35.0694 5056 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
11:20:35.0694 5056 Fs_Rec - ok
11:20:35.0726 5056 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
11:20:35.0741 5056 fvevol - ok
11:20:35.0772 5056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
11:20:35.0772 5056 gagp30kx - ok
11:20:35.0835 5056 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
11:20:35.0866 5056 gpsvc - ok
11:20:35.0882 5056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
11:20:35.0882 5056 hcw85cir - ok
11:20:35.0928 5056 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
11:20:35.0944 5056 HdAudAddService - ok
11:20:35.0975 5056 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
11:20:35.0975 5056 HDAudBus - ok
11:20:36.0006 5056 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
11:20:36.0006 5056 HECIx64 - ok
11:20:36.0022 5056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
11:20:36.0038 5056 HidBatt - ok
11:20:36.0053 5056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
11:20:36.0053 5056 HidBth - ok
11:20:36.0069 5056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
11:20:36.0069 5056 HidIr - ok
11:20:36.0084 5056 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
11:20:36.0100 5056 hidserv - ok
11:20:36.0131 5056 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
11:20:36.0131 5056 HidUsb - ok
11:20:36.0162 5056 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
11:20:36.0162 5056 hkmsvc - ok
11:20:36.0194 5056 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
11:20:36.0209 5056 HomeGroupListener - ok
11:20:36.0240 5056 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
11:20:36.0256 5056 HomeGroupProvider - ok
11:20:36.0303 5056 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
11:20:36.0303 5056 HpSAMD - ok
11:20:36.0350 5056 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\windows\system32\Drivers\ANDROIDUSB.sys
11:20:36.0350 5056 HTCAND64 - ok
11:20:36.0412 5056 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
11:20:36.0459 5056 HTTP - ok
11:20:36.0490 5056 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
11:20:36.0490 5056 hwpolicy - ok
11:20:36.0521 5056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
11:20:36.0521 5056 i8042prt - ok
11:20:36.0568 5056 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
11:20:36.0584 5056 iaStor - ok
11:20:36.0646 5056 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:20:36.0646 5056 IAStorDataMgrSvc - ok
11:20:36.0693 5056 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
11:20:36.0724 5056 iaStorV - ok
11:20:36.0818 5056 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:20:36.0864 5056 idsvc - ok
11:20:37.0395 5056 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
11:20:37.0676 5056 igfx - ok
11:20:37.0816 5056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
11:20:37.0832 5056 iirsp - ok
11:20:37.0910 5056 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
11:20:37.0941 5056 IKEEXT - ok
11:20:37.0972 5056 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
11:20:37.0972 5056 Impcd - ok
11:20:38.0003 5056 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
11:20:38.0019 5056 IntcDAud - ok
11:20:38.0034 5056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
11:20:38.0034 5056 intelide - ok
11:20:38.0066 5056 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
11:20:38.0066 5056 intelppm - ok
11:20:38.0112 5056 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
11:20:38.0128 5056 IPBusEnum - ok
11:20:38.0144 5056 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:20:38.0144 5056 IpFilterDriver - ok
11:20:38.0222 5056 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
11:20:38.0253 5056 iphlpsvc - ok
11:20:38.0268 5056 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
11:20:38.0284 5056 IPMIDRV - ok
11:20:38.0300 5056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
11:20:38.0300 5056 IPNAT - ok
11:20:38.0331 5056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
11:20:38.0331 5056 IRENUM - ok
11:20:38.0346 5056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
11:20:38.0362 5056 isapnp - ok
11:20:38.0393 5056 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
11:20:38.0409 5056 iScsiPrt - ok
11:20:38.0440 5056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
11:20:38.0440 5056 kbdclass - ok
11:20:38.0456 5056 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
11:20:38.0471 5056 kbdhid - ok
11:20:38.0518 5056 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:20:38.0518 5056 KeyIso - ok
11:20:38.0549 5056 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
11:20:38.0549 5056 KSecDD - ok
11:20:38.0580 5056 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
11:20:38.0580 5056 KSecPkg - ok
11:20:38.0627 5056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
11:20:38.0627 5056 ksthunk - ok
11:20:38.0690 5056 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
11:20:38.0705 5056 KtmRm - ok
11:20:38.0752 5056 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
11:20:38.0768 5056 LanmanServer - ok
11:20:38.0799 5056 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
11:20:38.0799 5056 LanmanWorkstation - ok
11:20:38.0846 5056 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
11:20:38.0846 5056 lltdio - ok
11:20:38.0924 5056 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
11:20:38.0939 5056 lltdsvc - ok
11:20:38.0955 5056 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
11:20:38.0955 5056 lmhosts - ok
11:20:39.0033 5056 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:20:39.0048 5056 LMS - ok
11:20:39.0095 5056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
11:20:39.0111 5056 LSI_FC - ok
11:20:39.0126 5056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
11:20:39.0126 5056 LSI_SAS - ok
11:20:39.0142 5056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
11:20:39.0142 5056 LSI_SAS2 - ok
11:20:39.0158 5056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
11:20:39.0158 5056 LSI_SCSI - ok
11:20:39.0189 5056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
11:20:39.0204 5056 luafv - ok
11:20:39.0236 5056 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
11:20:39.0236 5056 Mcx2Svc - ok
11:20:39.0251 5056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
11:20:39.0251 5056 megasas - ok
11:20:39.0298 5056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
11:20:39.0314 5056 MegaSR - ok
11:20:39.0345 5056 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:20:39.0345 5056 MMCSS - ok
11:20:39.0360 5056 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
11:20:39.0360 5056 Modem - ok
11:20:39.0392 5056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
11:20:39.0392 5056 monitor - ok
11:20:39.0423 5056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
11:20:39.0423 5056 mouclass - ok
11:20:39.0454 5056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
11:20:39.0454 5056 mouhid - ok
11:20:39.0501 5056 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
11:20:39.0501 5056 mountmgr - ok
11:20:39.0532 5056 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
11:20:39.0532 5056 mpio - ok
11:20:39.0548 5056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
11:20:39.0548 5056 mpsdrv - ok
11:20:39.0641 5056 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
11:20:39.0672 5056 MpsSvc - ok
11:20:39.0704 5056 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
11:20:39.0704 5056 MRxDAV - ok
11:20:39.0735 5056 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
11:20:39.0735 5056 mrxsmb - ok
11:20:39.0766 5056 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:20:39.0782 5056 mrxsmb10 - ok
11:20:39.0797 5056 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:20:39.0797 5056 mrxsmb20 - ok
11:20:39.0828 5056 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
11:20:39.0828 5056 msahci - ok
11:20:39.0844 5056 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
11:20:39.0860 5056 msdsm - ok
11:20:39.0891 5056 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
11:20:39.0891 5056 MSDTC - ok
11:20:39.0938 5056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
11:20:39.0938 5056 Msfs - ok
11:20:39.0953 5056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
11:20:39.0953 5056 mshidkmdf - ok
11:20:39.0984 5056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
11:20:39.0984 5056 msisadrv - ok
11:20:40.0016 5056 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
11:20:40.0031 5056 MSiSCSI - ok
11:20:40.0031 5056 msiserver - ok
11:20:40.0062 5056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
11:20:40.0078 5056 MSKSSRV - ok
11:20:40.0094 5056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
11:20:40.0094 5056 MSPCLOCK - ok
11:20:40.0094 5056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
11:20:40.0109 5056 MSPQM - ok
11:20:40.0125 5056 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
11:20:40.0156 5056 MsRPC - ok
11:20:40.0172 5056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
11:20:40.0172 5056 mssmbios - ok
11:20:40.0250 5056 MSSQL$KBMSS - ok
11:20:40.0312 5056 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:20:40.0312 5056 MSSQLServerADHelper - ok
11:20:40.0343 5056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
11:20:40.0343 5056 MSTEE - ok
11:20:40.0359 5056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
11:20:40.0359 5056 MTConfig - ok
11:20:40.0374 5056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
11:20:40.0390 5056 Mup - ok
11:20:40.0421 5056 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
11:20:40.0452 5056 napagent - ok
11:20:40.0484 5056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
11:20:40.0499 5056 NativeWifiP - ok
11:20:40.0577 5056 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
11:20:40.0624 5056 NDIS - ok
11:20:40.0640 5056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
11:20:40.0640 5056 NdisCap - ok
11:20:40.0671 5056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
11:20:40.0671 5056 NdisTapi - ok
11:20:40.0702 5056 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
11:20:40.0718 5056 Ndisuio - ok
11:20:40.0733 5056 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
11:20:40.0749 5056 NdisWan - ok
11:20:40.0764 5056 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
11:20:40.0764 5056 NDProxy - ok
11:20:40.0780 5056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
11:20:40.0796 5056 NetBIOS - ok
11:20:40.0827 5056 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
11:20:40.0842 5056 NetBT - ok
11:20:40.0874 5056 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:20:40.0874 5056 Netlogon - ok
11:20:40.0920 5056 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
11:20:40.0936 5056 Netman - ok
11:20:41.0014 5056 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:41.0014 5056 NetMsmqActivator - ok
11:20:41.0014 5056 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:41.0030 5056 NetPipeActivator - ok
11:20:41.0061 5056 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
11:20:41.0092 5056 netprofm - ok
11:20:41.0092 5056 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:41.0108 5056 NetTcpActivator - ok
11:20:41.0108 5056 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:41.0108 5056 NetTcpPortSharing - ok
11:20:41.0170 5056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
11:20:41.0186 5056 nfrd960 - ok
11:20:41.0232 5056 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
11:20:41.0264 5056 NlaSvc - ok
11:20:41.0435 5056 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
11:20:41.0466 5056 NOBU - ok
11:20:41.0560 5056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
11:20:41.0560 5056 Npfs - ok
11:20:41.0591 5056 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
11:20:41.0591 5056 nsi - ok
11:20:41.0607 5056 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
11:20:41.0607 5056 nsiproxy - ok
11:20:41.0700 5056 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
11:20:41.0763 5056 Ntfs - ok
11:20:41.0841 5056 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
11:20:41.0841 5056 Null - ok
11:20:41.0872 5056 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
11:20:41.0888 5056 nvraid - ok
11:20:41.0919 5056 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
11:20:41.0919 5056 nvstor - ok
11:20:41.0997 5056 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
11:20:42.0012 5056 nv_agp - ok
11:20:42.0028 5056 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
11:20:42.0028 5056 ohci1394 - ok
11:20:42.0075 5056 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:20:42.0106 5056 p2pimsvc - ok
11:20:42.0153 5056 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
11:20:42.0168 5056 p2psvc - ok
11:20:42.0215 5056 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
11:20:42.0231 5056 Parport - ok
11:20:42.0262 5056 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
11:20:42.0262 5056 partmgr - ok
11:20:42.0293 5056 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
11:20:42.0309 5056 PcaSvc - ok
11:20:42.0324 5056 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
11:20:42.0324 5056 pci - ok
11:20:42.0340 5056 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
11:20:42.0340 5056 pciide - ok
11:20:42.0387 5056 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
11:20:42.0402 5056 pcmcia - ok
11:20:42.0418 5056 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
11:20:42.0418 5056 pcw - ok
11:20:42.0465 5056 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
11:20:42.0496 5056 PEAUTH - ok
11:20:42.0590 5056 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
11:20:42.0590 5056 PerfHost - ok
11:20:42.0730 5056 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
11:20:42.0761 5056 pla - ok
11:20:42.0839 5056 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
11:20:42.0855 5056 PlugPlay - ok
11:20:42.0886 5056 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
11:20:42.0886 5056 PNRPAutoReg - ok
11:20:42.0933 5056 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:20:42.0948 5056 PNRPsvc - ok
11:20:43.0011 5056 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
11:20:43.0011 5056 Point64 - ok
11:20:43.0073 5056 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
11:20:43.0089 5056 PolicyAgent - ok
11:20:43.0136 5056 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
11:20:43.0151 5056 Power - ok
11:20:43.0182 5056 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
11:20:43.0198 5056 PptpMiniport - ok
11:20:43.0214 5056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
11:20:43.0214 5056 Processor - ok
11:20:43.0260 5056 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
11:20:43.0276 5056 ProfSvc - ok
11:20:43.0307 5056 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:20:43.0307 5056 ProtectedStorage - ok
11:20:43.0338 5056 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
11:20:43.0338 5056 Psched - ok
11:20:43.0385 5056 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
11:20:43.0385 5056 PxHlpa64 - ok
11:20:43.0479 5056 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
11:20:43.0526 5056 ql2300 - ok
11:20:43.0619 5056 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
11:20:43.0619 5056 ql40xx - ok
11:20:43.0666 5056 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
11:20:43.0682 5056 QWAVE - ok
11:20:43.0713 5056 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
11:20:43.0713 5056 QWAVEdrv - ok
11:20:43.0728 5056 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
11:20:43.0728 5056 RasAcd - ok
11:20:43.0760 5056 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
11:20:43.0760 5056 RasAgileVpn - ok
11:20:43.0775 5056 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
11:20:43.0791 5056 RasAuto - ok
11:20:43.0822 5056 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
11:20:43.0822 5056 Rasl2tp - ok
11:20:43.0853 5056 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
11:20:43.0884 5056 RasMan - ok
11:20:43.0900 5056 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
11:20:43.0900 5056 RasPppoe - ok
11:20:43.0931 5056 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
11:20:43.0931 5056 RasSstp - ok
11:20:43.0962 5056 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
11:20:43.0978 5056 rdbss - ok
11:20:43.0994 5056 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
11:20:43.0994 5056 rdpbus - ok
11:20:44.0009 5056 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
11:20:44.0009 5056 RDPCDD - ok
11:20:44.0040 5056 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
11:20:44.0040 5056 RDPENCDD - ok
11:20:44.0056 5056 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
11:20:44.0056 5056 RDPREFMP - ok
11:20:44.0103 5056 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
11:20:44.0103 5056 RDPWD - ok
11:20:44.0165 5056 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
11:20:44.0165 5056 rdyboost - ok
11:20:44.0212 5056 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
11:20:44.0212 5056 RemoteAccess - ok
11:20:44.0259 5056 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
11:20:44.0259 5056 RemoteRegistry - ok
11:20:44.0306 5056 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
11:20:44.0306 5056 RFCOMM - ok
11:20:44.0493 5056 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
11:20:44.0540 5056 RoxMediaDB12OEM - ok
11:20:44.0586 5056 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
11:20:44.0602 5056 RoxWatch12 - ok
11:20:44.0711 5056 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
11:20:44.0711 5056 RpcEptMapper - ok
11:20:44.0742 5056 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
11:20:44.0742 5056 RpcLocator - ok
11:20:44.0789 5056 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:20:44.0789 5056 RpcSs - ok
11:20:44.0852 5056 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
11:20:44.0852 5056 rspndr - ok
11:20:44.0898 5056 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
11:20:44.0914 5056 RSUSBSTOR - ok
11:20:44.0945 5056 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\windows\system32\DRIVERS\Rt64win7.sys
11:20:44.0976 5056 RTL8167 - ok
11:20:45.0008 5056 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:20:45.0008 5056 SamSs - ok
11:20:45.0023 5056 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
11:20:45.0039 5056 sbp2port - ok
11:20:45.0070 5056 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
11:20:45.0086 5056 SCardSvr - ok
11:20:45.0101 5056 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
11:20:45.0101 5056 scfilter - ok
11:20:45.0164 5056 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
11:20:45.0226 5056 Schedule - ok
11:20:45.0242 5056 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:20:45.0242 5056 SCPolicySvc - ok
11:20:45.0257 5056 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
11:20:45.0273 5056 SDRSVC - ok
11:20:45.0320 5056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
11:20:45.0320 5056 secdrv - ok
11:20:45.0335 5056 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
11:20:45.0335 5056 seclogon - ok
11:20:45.0351 5056 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
11:20:45.0351 5056 SENS - ok
11:20:45.0398 5056 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
11:20:45.0398 5056 SensrSvc - ok
11:20:45.0460 5056 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\windows\System32\Drivers\Sentinel64.sys
11:20:45.0460 5056 Sentinel64 - ok
11:20:45.0491 5056 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
11:20:45.0491 5056 Serenum - ok
11:20:45.0522 5056 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
11:20:45.0522 5056 Serial - ok
11:20:45.0554 5056 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
11:20:45.0569 5056 sermouse - ok
11:20:45.0600 5056 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
11:20:45.0616 5056 SessionEnv - ok
11:20:45.0616 5056 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
11:20:45.0616 5056 sffdisk - ok
11:20:45.0632 5056 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
11:20:45.0632 5056 sffp_mmc - ok
11:20:45.0647 5056 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
11:20:45.0647 5056 sffp_sd - ok
11:20:45.0663 5056 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
11:20:45.0663 5056 sfloppy - ok
11:20:45.0803 5056 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
11:20:45.0819 5056 SftService - ok
11:20:45.0959 5056 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
11:20:45.0975 5056 SharedAccess - ok
11:20:46.0022 5056 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
11:20:46.0053 5056 ShellHWDetection - ok
11:20:46.0115 5056 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
11:20:46.0115 5056 SiSRaid2 - ok
11:20:46.0131 5056 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
11:20:46.0131 5056 SiSRaid4 - ok
11:20:46.0162 5056 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
11:20:46.0162 5056 Smb - ok
11:20:46.0193 5056 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
11:20:46.0193 5056 SNMPTRAP - ok
11:20:46.0240 5056 SNTUSB64 (2d5576c01c8a34aa614870e745fe8f19) C:\windows\system32\DRIVERS\SNTUSB64.SYS
11:20:46.0240 5056 SNTUSB64 - ok
11:20:46.0271 5056 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
11:20:46.0271 5056 spldr - ok
11:20:46.0302 5056 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
11:20:46.0318 5056 Spooler - ok
11:20:46.0505 5056 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
11:20:46.0614 5056 sppsvc - ok
11:20:46.0692 5056 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
11:20:46.0692 5056 sppuinotify - ok
11:20:46.0802 5056 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:20:46.0802 5056 SQLBrowser - ok
11:20:46.0895 5056 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:20:46.0895 5056 SQLWriter - ok
11:20:46.0958 5056 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
11:20:46.0989 5056 srv - ok
11:20:47.0020 5056 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
11:20:47.0051 5056 srv2 - ok
11:20:47.0067 5056 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
11:20:47.0082 5056 srvnet - ok
11:20:47.0114 5056 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
11:20:47.0129 5056 SSDPSRV - ok
11:20:47.0145 5056 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
11:20:47.0160 5056 SstpSvc - ok
11:20:47.0238 5056 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
11:20:47.0254 5056 STacSV - ok
11:20:47.0270 5056 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
11:20:47.0270 5056 stexstor - ok
11:20:47.0332 5056 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\windows\system32\DRIVERS\stwrt64.sys
11:20:47.0348 5056 STHDA - ok
11:20:47.0410 5056 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
11:20:47.0457 5056 stisvc - ok
11:20:47.0535 5056 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
11:20:47.0535 5056 stllssvr - ok
11:20:47.0597 5056 SWDUMon (e350135736d696bf279705e139376e1e) C:\windows\system32\DRIVERS\SWDUMon.sys
11:20:47.0597 5056 SWDUMon - ok
11:20:47.0628 5056 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
11:20:47.0628 5056 swenum - ok
11:20:47.0675 5056 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
11:20:47.0706 5056 swprv - ok
11:20:47.0800 5056 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
11:20:47.0878 5056 SysMain - ok
11:20:47.0972 5056 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
11:20:47.0987 5056 TabletInputService - ok
11:20:48.0018 5056 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
11:20:48.0034 5056 TapiSrv - ok
11:20:48.0065 5056 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
11:20:48.0065 5056 TBS - ok
11:20:48.0190 5056 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
11:20:48.0252 5056 Tcpip - ok
11:20:48.0440 5056 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
11:20:48.0471 5056 TCPIP6 - ok
11:20:48.0533 5056 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
11:20:48.0533 5056 tcpipreg - ok
11:20:48.0549 5056 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
11:20:48.0549 5056 TDPIPE - ok
11:20:48.0596 5056 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
11:20:48.0596 5056 TDTCP - ok
11:20:48.0611 5056 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
11:20:48.0611 5056 tdx - ok
11:20:48.0627 5056 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
11:20:48.0642 5056 TermDD - ok
11:20:48.0705 5056 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
11:20:48.0736 5056 TermService - ok
11:20:48.0752 5056 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
11:20:48.0752 5056 Themes - ok
11:20:48.0783 5056 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:20:48.0783 5056 THREADORDER - ok
11:20:48.0814 5056 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
11:20:48.0814 5056 TrkWks - ok
11:20:48.0861 5056 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
11:20:48.0876 5056 TrustedInstaller - ok
11:20:48.0892 5056 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
11:20:48.0892 5056 tssecsrv - ok
11:20:48.0923 5056 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
11:20:48.0923 5056 TsUsbFlt - ok
11:20:48.0954 5056 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
11:20:48.0954 5056 TsUsbGD - ok
11:20:48.0986 5056 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
11:20:48.0986 5056 tunnel - ok
11:20:49.0017 5056 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
11:20:49.0017 5056 uagp35 - ok
11:20:49.0048 5056 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
11:20:49.0048 5056 udfs - ok
11:20:49.0095 5056 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
11:20:49.0095 5056 UI0Detect - ok
11:20:49.0126 5056 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
11:20:49.0126 5056 uliagpkx - ok
11:20:49.0142 5056 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
11:20:49.0142 5056 umbus - ok
11:20:49.0173 5056 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
11:20:49.0188 5056 UmPass - ok
11:20:49.0376 5056 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:20:49.0454 5056 UNS - ok
11:20:49.0547 5056 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
11:20:49.0563 5056 upnphost - ok
11:20:49.0594 5056 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
11:20:49.0594 5056 usbccgp - ok
11:20:49.0641 5056 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
11:20:49.0641 5056 usbcir - ok
11:20:49.0656 5056 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
11:20:49.0656 5056 usbehci - ok
11:20:49.0703 5056 usbhub (8b892002d7b79312821169a14317ab86) C:\windows\system32\DRIVERS\usbhub.sys
11:20:49.0734 5056 usbhub - ok
11:20:49.0750 5056 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
11:20:49.0750 5056 usbohci - ok
11:20:49.0781 5056 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
11:20:49.0781 5056 usbprint - ok
11:20:49.0797 5056 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:20:49.0797 5056 USBSTOR - ok
11:20:49.0812 5056 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
11:20:49.0828 5056 usbuhci - ok
11:20:49.0859 5056 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
11:20:49.0859 5056 usbvideo - ok
11:20:49.0890 5056 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
11:20:49.0890 5056 UxSms - ok
11:20:49.0922 5056 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:20:49.0922 5056 VaultSvc - ok
11:20:49.0953 5056 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
11:20:49.0953 5056 vdrvroot - ok
11:20:49.0984 5056 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
11:20:50.0015 5056 vds - ok
11:20:50.0046 5056 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
11:20:50.0046 5056 vga - ok
11:20:50.0062 5056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
11:20:50.0062 5056 VgaSave - ok
11:20:50.0109 5056 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
11:20:50.0109 5056 vhdmp - ok
11:20:50.0140 5056 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
11:20:50.0140 5056 viaide - ok
11:20:50.0171 5056 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
11:20:50.0171 5056 volmgr - ok
11:20:50.0202 5056 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
11:20:50.0234 5056 volmgrx - ok
11:20:50.0265 5056 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
11:20:50.0280 5056 volsnap - ok
11:20:50.0312 5056 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
11:20:50.0312 5056 vsmraid - ok
11:20:50.0390 5056 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
11:20:50.0452 5056 VSS - ok
11:20:50.0624 5056 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
11:20:50.0624 5056 vToolbarUpdater11.1.0 - ok
11:20:50.0748 5056 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
11:20:50.0748 5056 vwifibus - ok
11:20:50.0764 5056 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
11:20:50.0780 5056 vwififlt - ok
11:20:50.0795 5056 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
11:20:50.0795 5056 vwifimp - ok
11:20:50.0858 5056 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
11:20:50.0873 5056 W32Time - ok
11:20:50.0904 5056 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
11:20:50.0904 5056 WacomPen - ok
11:20:50.0936 5056 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:20:50.0936 5056 WANARP - ok
11:20:50.0936 5056 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:20:50.0951 5056 Wanarpv6 - ok
11:20:51.0045 5056 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
11:20:51.0123 5056 WatAdminSvc - ok
11:20:51.0216 5056 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
11:20:51.0248 5056 wbengine - ok
11:20:51.0341 5056 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
11:20:51.0357 5056 WbioSrvc - ok
11:20:51.0404 5056 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
11:20:51.0419 5056 wcncsvc - ok
11:20:51.0435 5056 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
11:20:51.0435 5056 WcsPlugInService - ok
11:20:51.0497 5056 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
11:20:51.0497 5056 Wd - ok
11:20:51.0544 5056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
11:20:51.0575 5056 Wdf01000 - ok
11:20:51.0591 5056 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:20:51.0591 5056 WdiServiceHost - ok
11:20:51.0606 5056 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:20:51.0606 5056 WdiSystemHost - ok
11:20:51.0638 5056 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
11:20:51.0653 5056 WebClient - ok
11:20:51.0684 5056 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
11:20:51.0700 5056 Wecsvc - ok
11:20:51.0716 5056 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
11:20:51.0716 5056 wercplsupport - ok
11:20:51.0731 5056 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
11:20:51.0747 5056 WerSvc - ok
11:20:51.0778 5056 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
11:20:51.0778 5056 WfpLwf - ok
11:20:51.0825 5056 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
11:20:51.0825 5056 WimFltr - ok
11:20:51.0856 5056 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
11:20:51.0856 5056 WIMMount - ok
11:20:51.0887 5056 WinDefend - ok
11:20:51.0903 5056 WinHttpAutoProxySvc - ok
11:20:51.0965 5056 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
11:20:51.0981 5056 Winmgmt - ok
11:20:52.0106 5056 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
11:20:52.0184 5056 WinRM - ok
11:20:52.0308 5056 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
11:20:52.0324 5056 WinUsb - ok
11:20:52.0386 5056 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
11:20:52.0449 5056 Wlansvc - ok
11:20:52.0527 5056 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:20:52.0527 5056 wlcrasvc - ok
11:20:52.0683 5056 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:20:52.0698 5056 wlidsvc - ok
11:20:52.0792 5056 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
11:20:52.0792 5056 WmiAcpi - ok
11:20:52.0854 5056 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
11:20:52.0870 5056 wmiApSrv - ok
11:20:52.0917 5056 WMPNetworkSvc - ok
11:20:52.0948 5056 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
11:20:52.0948 5056 WPCSvc - ok
11:20:52.0979 5056 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
11:20:52.0979 5056 WPDBusEnum - ok
11:20:52.0995 5056 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
11:20:53.0010 5056 ws2ifsl - ok
11:20:53.0026 5056 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
11:20:53.0042 5056 wscsvc - ok
11:20:53.0073 5056 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
11:20:53.0073 5056 WSDPrintDevice - ok
11:20:53.0088 5056 WSearch - ok
11:20:53.0244 5056 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
11:20:53.0307 5056 wuauserv - ok
11:20:53.0400 5056 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
11:20:53.0400 5056 WudfPf - ok
11:20:53.0447 5056 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
11:20:53.0447 5056 WUDFRd - ok
11:20:53.0478 5056 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
11:20:53.0494 5056 wudfsvc - ok
11:20:53.0525 5056 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
11:20:53.0525 5056 WwanSvc - ok
11:20:53.0619 5056 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:20:53.0619 5056 YahooAUService - ok
11:20:53.0666 5056 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:20:53.0712 5056 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
11:20:53.0712 5056 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
11:20:53.0853 5056 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:20:53.0853 5056 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:20:53.0884 5056 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
11:20:53.0884 5056 \Device\Harddisk0\DR0\Partition0 - ok
11:20:53.0900 5056 Boot (0x1200) (a3b96cf562fb0550db683fa6c0bbca80) \Device\Harddisk0\DR0\Partition1
11:20:53.0900 5056 \Device\Harddisk0\DR0\Partition1 - ok
11:20:53.0900 5056 ============================================================
11:20:53.0900 5056 Scan finished
11:20:53.0900 5056 ============================================================
11:20:53.0915 7188 Detected object count: 2
11:20:53.0915 7188 Actual detected object count: 2
11:21:26.0613 7188 \Device\Harddisk0\DR0\# - copied to quarantine
11:21:26.0613 7188 \Device\Harddisk0\DR0 - copied to quarantine
11:21:26.0691 7188 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
11:21:26.0691 7188 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
11:21:26.0691 7188 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
11:21:26.0691 7188 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
11:21:26.0691 7188 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
11:21:26.0691 7188 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
11:21:26.0722 7188 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
11:21:26.0738 7188 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
11:21:26.0738 7188 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
11:21:26.0738 7188 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:21:26.0753 7188 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:21:26.0753 7188 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:21:26.0753 7188 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:21:26.0753 7188 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
11:21:26.0753 7188 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
11:21:26.0753 7188 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
11:21:26.0816 7188 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
11:21:26.0816 7188 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
11:21:27.0034 7188 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
11:21:27.0097 7188 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
11:21:27.0112 7188 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
11:21:27.0143 7188 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
11:21:27.0143 7188 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
11:21:27.0362 7188 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
11:21:27.0362 7188 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
11:21:27.0580 7188 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
11:21:27.0580 7188 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
11:21:27.0627 7188 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
11:21:27.0674 7188 \Device\Harddisk0\DR0 - ok
11:21:28.0142 7188 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
11:21:28.0313 7188 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
11:21:28.0313 7188 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
11:21:28.0313 7188 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
11:21:28.0313 7188 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
11:21:28.0329 7188 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
11:21:28.0329 7188 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
11:21:28.0376 7188 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
11:21:28.0376 7188 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
11:21:28.0438 7188 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
11:21:28.0454 7188 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:21:28.0454 7188 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:21:28.0454 7188 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:21:28.0469 7188 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:21:28.0469 7188 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
11:21:28.0469 7188 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
11:21:28.0469 7188 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
11:21:28.0485 7188 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
11:21:28.0511 7188 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
11:21:28.0721 7188 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
11:21:28.0731 7188 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
11:21:28.0751 7188 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
11:21:28.0771 7188 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
11:21:28.0781 7188 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
11:21:28.0991 7188 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
11:21:28.0991 7188 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
11:21:29.0221 7188 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
11:21:29.0221 7188 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
11:21:29.0231 7188 \Device\Harddisk0\DR0\TDLFS - deleted
11:21:29.0231 7188 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
11:21:32.0776 8144 Deinitialize success

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:00 PM

Posted 09 July 2012 - 10:26 AM

Good, TDSSKiller did it's job :)


Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT


Please post a fresh DDS log and advise how the computer is running now and if there are any outstanding issues.

Let me know if AVG is alerting on anything else, hopefully it is running clean now after TDSSKiller

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 cad250r

cad250r
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 09 July 2012 - 11:33 AM

That was the quickest it has run the DDS. Other times it seemed like it took forever. AVG didn't find anything.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users