Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection with Torpig


  • This topic is locked This topic is locked
18 replies to this topic

#1 joeyuser

joeyuser

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 21 July 2012 - 09:18 AM

Hey,

I am using Win Vista SP2 32bits.

A couple of months ago, my bank called me to say that my computer was infected with Torpig. In that time, my internet was extremelly slow and when I would log into my email account and/or FB, the browser would freeze for several seconds every now and then. I backed up my HD into an external HD, formated the HD and installed the same version of windows again (and its SPs), and copy all files from external HD back into my laptop HD.

Now, 2 months after this fresh installation, the same problems came back: internet slow, browser and/or VLC with high CPU usage, every now and then they (browser/VLC) are freezing for several seconds.

I tried many different anti-virus and none of them detect anything.

There is a SW that I installed before all this happened and also after reformatting my HD. This SW is not really from a trustfull source and it required that I added several new hosts in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts file.

Can anyone help me to find out what is my problem?
If I should reformat my PC, should I try to clean anything before reformatting the HD? Can I use an external HD to back up my data?

Thanks in advance.

Here is my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:15, on 21.07.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\conime.exe
C:\Program Files\DIEGO-UTILITIES\HijackThis\hijackthis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loader
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Free YouTube Download - C:\Users\diego\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5403 bytes

Edited by hamluis, 21 July 2012 - 09:34 AM.
Moved from Vista to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 26 July 2012 - 09:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461745 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 joeyuser

joeyuser
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 27 July 2012 - 03:15 AM

Hey,

thanks for the reply. Here it goes:

***************************
** 1 - Problem Description
***************************

I am using Win Vista SP2 32bits, and I have the original installation CD available.

A couple of months ago, my bank called me to say that my computer was infected with Torpig. In that time, my internet was extremelly slow and when I would log into my email account and/or FB, the browser would freeze for several seconds every now and then. I backed up my laptop HD into an external HD, formated the laptop HD and installed the same version of windows again (and its SPs), and copy all files from external HD back into my laptop HD.

Now, 2 months after this fresh installation, the same problems came back: internet slow, browser and/or VLC with high CPU usage, every now and then they (browser/VLC) are freezing for several seconds.

I tried many different anti-virus and none of them detect anything.

There is a suspicious SW that I installed before all this happened and also after reformatting my HD. This SW is not really from a trustfull source and it required that I added several new hosts in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts file.


Important: I did not manage to disable Windows Defender when I performed these scans with DDS and GMER.

***************************
** 2 - DDS log
***************************

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by diego at 10:03:01 on 2012-07-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.41.1031.18.2045.1042 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [HFALoader] c:\program files\hamster soft\free zip archiver\HamsterArc.exe -loader
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - c:\users\diego\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TCP: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
TCP: Interfaces\{ACFDE067-AD56-4AF8-AA11-6ED11A18E2A9} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DD4D98DA-7C7A-4716-AB52-543BADAE7367} : DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-9 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-9 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-9 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-9 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-9 44808]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-9 21504]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update-Dienst (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-12 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-12 250056]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-12 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-27 07:35:47 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{11414b9e-dd62-4710-97ba-396dc2009c7f}\offreg.dll
2012-07-27 07:31:37 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{11414b9e-dd62-4710-97ba-396dc2009c7f}\mpengine.dll
2012-07-27 07:11:41 -------- d-----w- c:\users\diego\appdata\local\{F7C0957E-4577-49F7-A667-A8924C394DCC}
2012-07-27 07:11:27 -------- d-----w- c:\users\diego\appdata\local\{B1F3BFC3-B077-422E-86F6-56949B81B9E1}
2012-07-26 17:02:13 -------- d-----w- c:\users\diego\appdata\local\{F33BBD16-E917-4DF9-A294-318FB79FC5AB}
2012-07-26 17:01:33 -------- d-----w- c:\users\diego\appdata\local\{8628A1CA-737B-4EC8-BE83-FFA49E9BC826}
2012-07-25 15:28:11 -------- d-----w- c:\users\diego\appdata\local\{C47F42F6-814F-4709-BB05-1202AF159B23}
2012-07-25 15:27:43 -------- d-----w- c:\users\diego\appdata\local\{3759EE44-F781-44F8-A080-C5DADB509B9C}
2012-07-24 20:06:58 -------- d-----w- c:\users\diego\appdata\local\{6941D54C-E911-40B6-A932-4D2A2961E83B}
2012-07-24 20:06:44 -------- d-----w- c:\users\diego\appdata\local\{08D66869-FC70-4ED7-A570-EB9E756986E2}
2012-07-22 18:30:48 -------- d-----w- c:\users\diego\appdata\local\{4F5B05E9-867F-46DD-83CF-0B48E0799287}
2012-07-22 18:30:26 -------- d-----w- c:\users\diego\appdata\local\{765C9637-A3AF-48B3-AFD2-990F3A834180}
2012-07-22 11:29:00 -------- d-----w- c:\users\diego\appdata\local\{6D70C9D9-9A5D-4D42-99E2-37BCDAF88314}
2012-07-21 17:32:13 -------- d-----w- c:\program files\Oracle
2012-07-21 12:27:18 2136664 ----a-w- c:\users\diego\tdsskiller.exe
2012-07-21 08:07:14 -------- d-----w- c:\users\diego\appdata\local\{C2715D77-3AFB-41E6-A84C-086CCE1B9923}
2012-07-21 08:06:51 -------- d-----w- c:\users\diego\appdata\local\{076B731A-4D0E-4A43-BB5E-1F737D01DC49}
2012-07-20 17:49:19 -------- d-----w- c:\users\diego\appdata\local\{7554BBF1-DC24-4F37-AB0E-670B6C3677EC}
2012-07-20 17:48:52 -------- d-----w- c:\users\diego\appdata\local\{EFD299BB-AE6D-480F-A412-9C128DEED5D9}
2012-07-19 18:02:41 -------- d-----w- c:\users\diego\appdata\local\{E258496D-BFD0-427E-BAA9-2ADA18083230}
2012-07-19 18:02:16 -------- d-----w- c:\users\diego\appdata\local\{47D15068-6E17-446F-B9D7-D82B0BB3D440}
2012-07-18 12:21:22 -------- d-----w- c:\users\diego\appdata\local\{ABA8FE32-6B9D-420E-8EF0-FCA13582FD77}
2012-07-18 12:20:55 -------- d-----w- c:\users\diego\appdata\local\{2D6FB7D4-CDDB-47F7-8EC2-4C928F099268}
2012-07-17 17:09:22 -------- d-----w- c:\users\diego\appdata\local\{33BCAB45-73ED-4026-A774-7FF087128C15}
2012-07-17 17:08:50 -------- d-----w- c:\users\diego\appdata\local\{C6AF4BCB-C1C7-4EBC-A9F4-F8585E766275}
2012-07-16 18:48:46 -------- d-----w- c:\users\diego\appdata\local\{6BAF5FBD-E51B-46E2-BFF5-09322944007F}
2012-07-16 18:03:47 -------- d-----w- c:\users\diego\appdata\local\{F4452C74-1381-4965-AB22-7A118DADB45B}
2012-07-15 20:00:18 -------- d-----w- c:\users\diego\appdata\local\{B49779C3-1435-4C42-972C-D02E32FC3F5A}
2012-07-15 20:00:06 -------- d-----w- c:\users\diego\appdata\local\{F3E55105-84E1-4884-A21D-71E7A26EE4FA}
2012-07-15 07:59:49 -------- d-----w- c:\users\diego\appdata\local\{C3011A02-2F73-4998-BAB4-4377ADF040B8}
2012-07-15 07:59:36 -------- d-----w- c:\users\diego\appdata\local\{0F797DB1-F04F-407A-AB70-C8AE4E468313}
2012-07-13 16:27:56 -------- d-----w- c:\users\diego\appdata\local\{57DE3E5C-67B9-415B-B4C5-F9F8620478AE}
2012-07-13 16:27:43 -------- d-----w- c:\users\diego\appdata\local\{D3B3EE16-8502-4B47-BFD3-C10AE8A469B3}
2012-07-12 17:19:23 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-12 17:19:21 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 17:19:21 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 17:19:18 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 17:19:17 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 17:19:17 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 17:05:49 -------- d-----w- c:\users\diego\appdata\local\{5CC447F9-0F8F-484D-A70A-631A8C458BF2}
2012-07-12 17:02:40 -------- d-----w- c:\users\diego\appdata\local\{EA86BF47-DF2D-49E0-A7E8-865A929389BD}
2012-07-11 17:04:06 -------- d-----w- c:\users\diego\appdata\local\{B0A12F5D-2748-4264-9E1D-5713896FB9DF}
2012-07-10 15:29:06 -------- d-----w- c:\users\diego\appdata\local\{79E59BFB-2BAC-4137-A7D5-EB506B29B565}
2012-07-10 15:28:02 -------- d-----w- c:\users\diego\appdata\local\{DC8B89F8-89C3-4D0D-81DB-7D7F2B19BD2F}
2012-07-09 18:17:55 -------- d-----w- c:\users\diego\appdata\local\{8F85FFB0-3BDB-4ED7-A0F4-E6346CE5798B}
2012-07-09 18:16:55 -------- d-----w- c:\users\diego\appdata\local\{B5D53CE3-4D0B-4A07-BF02-5179F6ADEA6C}
2012-07-07 05:36:40 -------- d-----w- c:\users\diego\appdata\local\{56A43173-21C3-4F26-922C-ECDFD2BB6AEE}
2012-07-06 17:05:58 -------- d-----w- c:\users\diego\appdata\local\{81F49604-8265-4EEB-B303-E2537F8265E0}
2012-07-06 17:03:19 -------- d-----w- c:\users\diego\appdata\local\{984972D2-2E4A-41D1-BF33-D378E88F08AB}
2012-07-05 18:31:50 -------- d-----w- c:\users\diego\appdata\local\{E88996C6-8E25-430A-AE17-6C7AF5B1AE49}
2012-07-04 16:14:06 -------- d-----w- c:\users\diego\appdata\local\{E96EACD4-9F26-4339-87AE-A1A91CB8A62C}
2012-07-03 17:14:45 -------- d-----w- c:\users\diego\appdata\local\{C1205728-7214-4F2C-9170-9C0DC10DDE76}
2012-07-02 16:19:05 -------- d-----w- c:\users\diego\appdata\local\{A6BCC05D-6AF9-4DF7-8224-07E5ED9F56DA}
2012-07-02 16:17:24 -------- d-----w- c:\users\diego\appdata\local\{92F1C236-8E15-406E-833D-8D15F0D12F67}
2012-07-01 19:10:13 -------- d-----w- c:\users\diego\appdata\local\{59CC6AB7-5977-4C00-B93B-42863376A2F4}
2012-07-01 19:09:58 -------- d-----w- c:\users\diego\appdata\local\{1FAB1B60-FA3E-4AF7-B7D8-71F36712DDD4}
2012-07-01 07:09:28 -------- d-----w- c:\users\diego\appdata\local\{9035E244-0EB2-4406-86CC-6C98EF787FD5}
2012-07-01 07:08:08 -------- d-----w- c:\users\diego\appdata\local\{6CDE3F5F-78E3-40FB-97A2-D9B273061C7C}
2012-06-30 05:39:12 -------- d-----w- c:\users\diego\appdata\local\{2F72499A-1078-416E-864F-613C08B89BC3}
2012-06-29 17:30:36 -------- d-----w- c:\users\diego\appdata\local\{C182EB5A-EBBC-4EC4-AA42-252F60E1DA44}
2012-06-29 17:30:00 -------- d-----w- c:\users\diego\appdata\local\{22D8DF45-1274-454B-AA7E-4D2F8A9EBC32}
2012-06-28 17:35:35 -------- d-----w- c:\users\diego\appdata\local\{749FEC31-7158-4B1D-B575-F20DCAF12B31}
2012-06-27 16:22:28 -------- d-----w- c:\users\diego\appdata\local\{C53B80A6-42DE-4FCF-9F67-DD0FD114F676}
2012-06-27 16:21:31 -------- d-----w- c:\users\diego\appdata\local\{6BAED71B-8963-433E-98E4-056E92C0B9A0}
.
==================== Find3M ====================
.
2012-07-13 19:27:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 19:27:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-05 20:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 20:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-11 22:00:47 319984 ----a-w- c:\windows\DIFxAPI.dll
2012-05-09 16:29:54 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-05-09 16:29:42 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-05-07 05:30:59 6656 ----a-w- c:\windows\system32\drivers\de-de\yk60x86.sys.mui
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 10:03:22.25 ===============


***************************
** 3 - GMER Log
***************************

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-27 10:02:50
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\viamraid1Port3Path0Target0Lun0 WDC_WD80 rev.04.0
Running: btn20t48.exe; Driver: C:\Users\diego\AppData\Local\Temp\ugloapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D222536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8D8717BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8D222F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D22DD7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D22DDC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D22DF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D22DCE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8D871BAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D22DD30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8D223146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D22DF02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8D2238CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D222584]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8D87189E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D2221EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D2225D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D2272A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D224292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D22DDA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D22DDE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D22DF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D22DD0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D22DE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D22DD58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D22DF26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8D871A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D22415E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8D223D08]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D222620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D22266E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8D22374A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D222276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D222426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D2223CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8D223A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8D223B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D222496]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8D871AE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8D2235CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D2226BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8D871954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8D2232CE]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D889744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 826EC7D0 4 Bytes [36, 25, 22, 8D]
.text ntkrnlpa.exe!KeSetEvent + 131 826EC7F4 4 Bytes [BA, 17, 87, 8D]
.text ntkrnlpa.exe!KeSetEvent + 191 826EC854 4 Bytes [52, 2F, 22, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 826EC894 8 Bytes [7A, DD, 22, 8D, C6, DD, 22, ...] {JP 0xffffffffffffffdf; AND CL, [EBP-0x72dd223a]}
.text ntkrnlpa.exe!KeSetEvent + 1DD 826EC8A0 4 Bytes [48, DF, 22, 8D]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8281762F 5 Bytes JMP 8D88661C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82870543 5 Bytes JMP 8D8880FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82879E68 4 Bytes CALL 8D224959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8287DADC 4 Bytes CALL 8D22496F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 828D1DF6 7 Bytes JMP 8D889748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BE0F340, 0x3EE1D7, 0xE8000020]
? C:\Users\diego\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[196] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[476] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[480] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[596] KERNEL32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text ...
.text C:\Program Files\Notepad++\notepad++.exe[836] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 001501F8
.text C:\Program Files\Notepad++\notepad++.exe[836] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 001503FC
.text C:\Program Files\Notepad++\notepad++.exe[836] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Program Files\Notepad++\notepad++.exe[836] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Notepad++\notepad++.exe[836] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00170600
.text C:\Program Files\Notepad++\notepad++.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Notepad++\notepad++.exe[836] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Notepad++\notepad++.exe[836] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Notepad++\notepad++.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Notepad++\notepad++.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Notepad++\notepad++.exe[836] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Notepad++\notepad++.exe[836] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00180600
.text C:\Program Files\Notepad++\notepad++.exe[836] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00180804
.text C:\Program Files\Notepad++\notepad++.exe[836] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Notepad++\notepad++.exe[836] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Notepad++\notepad++.exe[836] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text ...
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\rundll32.exe[1456] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1592] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1820] kernel32.dll!SetUnhandledExceptionFilter 7606A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1820] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1864] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\Explorer.EXE[1904] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2032] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[2084] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text ...
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000401F8
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000403FC
.text C:\Windows\servicing\TrustedInstaller.exe[2176] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000603FC
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00060600
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00061014
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00060804
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00060A08
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00060C0C
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00060E10
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ADVAPI32.dll!CreateServiceA 762D72A1 3 Bytes JMP 000601F8
.text C:\Windows\servicing\TrustedInstaller.exe[2176] ADVAPI32.dll!CreateServiceA + 4 762D72A5 1 Byte [89]
.text C:\Windows\servicing\TrustedInstaller.exe[2176] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00070600
.text C:\Windows\servicing\TrustedInstaller.exe[2176] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00070804
.text C:\Windows\servicing\TrustedInstaller.exe[2176] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00070A08
.text C:\Windows\servicing\TrustedInstaller.exe[2176] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000701F8
.text C:\Windows\servicing\TrustedInstaller.exe[2176] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[2360] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2412] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001803FC
.text C:\Windows\RtHDVCpl.exe[2420] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2764] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2764] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2840] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2840] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2840] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[2840] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[2840] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[2840] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2840] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\conime.exe[2964] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Users\diego\Desktop\btn20t48.exe[3056] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000401F8
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000403FC
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00060600
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00060804
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00060A08
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000601F8
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000603FC
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000703FC
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00070600
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00071014
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00070804
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00070A08
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00070C0C
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00070E10
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3104] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3200] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3200] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3200] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3200] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[3200] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[3200] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[3200] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[3200] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[3200] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[3200] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[3200] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[3272] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3272] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3272] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3272] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[3272] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[3272] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\notepad.exe[3336] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000501F8
.text C:\Windows\System32\notepad.exe[3336] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\notepad.exe[3336] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\System32\notepad.exe[3336] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\notepad.exe[3336] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\notepad.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\notepad.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\notepad.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\notepad.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\notepad.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\notepad.exe[3336] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\notepad.exe[3336] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00080600
.text C:\Windows\System32\notepad.exe[3336] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00080804
.text C:\Windows\System32\notepad.exe[3336] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\notepad.exe[3336] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\notepad.exe[3336] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3400] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[3424] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3424] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3424] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3424] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3424] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3424] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3424] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3424] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3424] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3424] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3424] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3460] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[4008] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[4008] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[4008] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[4008] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[4008] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[4008] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[4008] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wuauclt.exe[4008] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[4008] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000903FC
.text C:\Windows\system32\wuauclt.exe[4008] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00090600
.text C:\Windows\system32\wuauclt.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00091014
.text C:\Windows\system32\wuauclt.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00090804
.text C:\Windows\system32\wuauclt.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00090A08
.text C:\Windows\system32\wuauclt.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00090C0C
.text C:\Windows\system32\wuauclt.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00090E10
.text C:\Windows\system32\wuauclt.exe[4008] ADVAPI32.dll!CreateServiceA 762D72A1 5 Bytes JMP 000901F8
.text c:\program files\windows defender\MpCmdRun.exe[4080] ntdll.dll!LdrLoadDll 77789378 5 Bytes JMP 000401F8
.text c:\program files\windows defender\MpCmdRun.exe[4080] ntdll.dll!LdrUnloadDll 7779B680 5 Bytes JMP 000403FC
.text c:\program files\windows defender\MpCmdRun.exe[4080] kernel32.dll!GetBinaryTypeW + 70 76092467 1 Byte [62]
.text c:\program files\windows defender\MpCmdRun.exe[4080] ADVAPI32.dll!CreateServiceW 76299EB4 5 Bytes JMP 000603FC
.text c:\program files\windows defender\MpCmdRun.exe[4080] ADVAPI32.dll!DeleteService 7629A07E 5 Bytes JMP 00060600
.text c:\program files\windows defender\MpCmdRun.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity 762D6CD9 5 Bytes JMP 00061014
.text c:\program files\windows defender\MpCmdRun.exe[4080] ADVAPI32.dll!ChangeServiceConfigA 762D6DD9 5 Bytes JMP 00060804
.text c:\program files\windows defender\MpCmdRun.exe[4080] ADVAPI32.dll!ChangeServiceConfigW 762D6F81 5 Bytes JMP 00060A08
.text c:\program files\windows defender\MpCmdRun.exe[4080] ADVAPI32.dll!ChangeServiceConfig2A 762D7099 5 Bytes JMP 00060C0C
.text c:\program files\windows defender\MpCmdRun.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W 762D71E1 5 Bytes JMP 00060E10
.text c:\program files\windows defender\MpCmdRun.exe[4080] ADVAPI32.dll!CreateServiceA 762D72A1 3 Bytes JMP 000601F8
.text c:\program files\windows defender\MpCmdRun.exe[4080] ADVAPI32.dll!CreateServiceA + 4 762D72A5 1 Byte [89]
.text c:\program files\windows defender\MpCmdRun.exe[4080] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00070600
.text c:\program files\windows defender\MpCmdRun.exe[4080] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00070804
.text c:\program files\windows defender\MpCmdRun.exe[4080] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00070A08
.text c:\program files\windows defender\MpCmdRun.exe[4080] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000701F8
.text c:\program files\windows defender\MpCmdRun.exe[4080] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000703FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\BTHUSB \Device\00000061 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000061 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\BTHUSB \Device\00000063 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000063 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d27e90
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d27e90 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d27e90 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001060d27e90 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001060d27e90 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001060d27e90 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001060d27e90 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001060d27e90 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\001060d27e90 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\001060d27e90 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


Thank you for your help.

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 PM

Posted 27 July 2012 - 04:38 PM

Greetings joeyuser and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

We greatly appreciate your patience. I know you have been waiting several days. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 joeyuser

joeyuser
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 28 July 2012 - 07:02 AM

Hey,

I am glad you find the time.

I will wait for your reply.

Thank you in advance,

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 PM

Posted 28 July 2012 - 08:33 AM

Greetings joeyuser,

I want to thank you again for patiently waiting for help.

Your log indicates you ran TDSSKiller on 7-21-2012. I will need to log at the log file. Additionally, I would like to look at your master boot record to see if it is infected. There is one final issue I would like to raise as we begin.

Please consider and perform the following for me, if you would.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Posting Previous TDSSKiller log

--------------------

  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

    TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that document in your reply

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 joeyuser

joeyuser
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 28 July 2012 - 01:04 PM

Hey Oh My!,

So, I couldnt de-activate Windows Defender, but I didnt notice it bothering the scans.

so, here goes the logs you asked me:

TDSSKiller

14:29:03.0216 3860 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
14:29:03.0247 3860 ============================================================
14:29:03.0247 3860 Current date / time: 2012/07/21 14:29:03.0247
14:29:03.0247 3860 SystemInfo:
14:29:03.0247 3860
14:29:03.0247 3860 OS Version: 6.0.6002 ServicePack: 2.0
14:29:03.0247 3860 Product type: Workstation
14:29:03.0247 3860 ComputerName: DIEGO-PC
14:29:03.0247 3860 UserName: diego
14:29:03.0247 3860 Windows directory: C:\Windows
14:29:03.0247 3860 System windows directory: C:\Windows
14:29:03.0247 3860 Processor architecture: Intel x86
14:29:03.0247 3860 Number of processors: 2
14:29:03.0247 3860 Page size: 0x1000
14:29:03.0247 3860 Boot type: Normal boot
14:29:03.0247 3860 ============================================================
14:29:03.0856 3860 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
14:29:04.0230 3860 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
14:29:04.0324 3860 ============================================================
14:29:04.0324 3860 \Device\Harddisk0\DR0:
14:29:04.0324 3860 MBR partitions:
14:29:04.0324 3860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x80BD8D4
14:29:04.0355 3860 \Device\Harddisk1\DR1:
14:29:04.0355 3860 MBR partitions:
14:29:04.0355 3860 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
14:29:04.0355 3860 ============================================================
14:29:04.0386 3860 C: <-> \Device\Harddisk0\DR0\Partition0
14:29:04.0542 3860 D: <-> \Device\Harddisk1\DR1\Partition0
14:29:04.0542 3860 ============================================================
14:29:04.0542 3860 Initialize success
14:29:04.0542 3860 ============================================================
14:29:20.0517 2584 ============================================================
14:29:20.0517 2584 Scan started
14:29:20.0517 2584 Mode: Manual;
14:29:20.0517 2584 ============================================================
14:29:21.0593 2584 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:29:21.0609 2584 ACPI - ok
14:29:21.0687 2584 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:29:21.0687 2584 AdobeFlashPlayerUpdateSvc - ok
14:29:21.0765 2584 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:29:21.0780 2584 adp94xx - ok
14:29:21.0827 2584 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:29:21.0843 2584 adpahci - ok
14:29:21.0858 2584 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:29:21.0858 2584 adpu160m - ok
14:29:21.0874 2584 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:29:21.0889 2584 adpu320 - ok
14:29:21.0921 2584 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:29:21.0921 2584 AeLookupSvc - ok
14:29:21.0967 2584 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:29:21.0967 2584 AFD - ok
14:29:21.0999 2584 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:29:21.0999 2584 agp440 - ok
14:29:22.0030 2584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:29:22.0030 2584 aic78xx - ok
14:29:22.0108 2584 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:29:22.0108 2584 ALG - ok
14:29:22.0155 2584 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
14:29:22.0155 2584 aliide - ok
14:29:22.0186 2584 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:29:22.0186 2584 amdagp - ok
14:29:22.0201 2584 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
14:29:22.0201 2584 amdide - ok
14:29:22.0248 2584 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:29:22.0248 2584 AmdK7 - ok
14:29:22.0264 2584 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:29:22.0264 2584 AmdK8 - ok
14:29:22.0311 2584 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:29:22.0311 2584 Appinfo - ok
14:29:22.0357 2584 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:29:22.0357 2584 arc - ok
14:29:22.0389 2584 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:29:22.0389 2584 arcsas - ok
14:29:22.0420 2584 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
14:29:22.0435 2584 aswFsBlk - ok
14:29:22.0482 2584 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
14:29:22.0482 2584 aswMonFlt - ok
14:29:22.0498 2584 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\AswRdr.sys
14:29:22.0498 2584 AswRdr - ok
14:29:22.0560 2584 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
14:29:22.0576 2584 aswSnx - ok
14:29:22.0623 2584 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
14:29:22.0638 2584 aswSP - ok
14:29:22.0654 2584 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
14:29:22.0654 2584 aswTdi - ok
14:29:22.0701 2584 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:29:22.0701 2584 AsyncMac - ok
14:29:22.0732 2584 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:29:22.0732 2584 atapi - ok
14:29:22.0763 2584 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:29:22.0794 2584 AudioEndpointBuilder - ok
14:29:22.0794 2584 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:29:22.0794 2584 Audiosrv - ok
14:29:22.0997 2584 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:29:22.0997 2584 avast! Antivirus - ok
14:29:23.0044 2584 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:29:23.0059 2584 Beep - ok
14:29:23.0106 2584 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:29:23.0122 2584 BFE - ok
14:29:23.0215 2584 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:29:23.0247 2584 BITS - ok
14:29:23.0247 2584 blbdrive - ok
14:29:23.0371 2584 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:29:23.0371 2584 bowser - ok
14:29:23.0403 2584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:29:23.0403 2584 BrFiltLo - ok
14:29:23.0418 2584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:29:23.0418 2584 BrFiltUp - ok
14:29:23.0449 2584 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:29:23.0449 2584 Browser - ok
14:29:23.0496 2584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:29:23.0496 2584 Brserid - ok
14:29:23.0621 2584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:29:23.0621 2584 BrSerWdm - ok
14:29:23.0683 2584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:29:23.0683 2584 BrUsbMdm - ok
14:29:23.0730 2584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:29:23.0730 2584 BrUsbSer - ok
14:29:23.0777 2584 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
14:29:23.0777 2584 BthEnum - ok
14:29:23.0808 2584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:29:23.0808 2584 BTHMODEM - ok
14:29:23.0855 2584 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
14:29:23.0855 2584 BthPan - ok
14:29:23.0902 2584 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
14:29:23.0917 2584 BTHPORT - ok
14:29:23.0995 2584 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
14:29:24.0011 2584 BthServ - ok
14:29:24.0042 2584 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
14:29:24.0042 2584 BTHUSB - ok
14:29:24.0089 2584 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:29:24.0089 2584 cdfs - ok
14:29:24.0120 2584 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:29:24.0120 2584 cdrom - ok
14:29:24.0151 2584 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:29:24.0151 2584 CertPropSvc - ok
14:29:24.0183 2584 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:29:24.0183 2584 circlass - ok
14:29:24.0214 2584 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:29:24.0229 2584 CLFS - ok
14:29:24.0276 2584 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:29:24.0292 2584 clr_optimization_v2.0.50727_32 - ok
14:29:24.0401 2584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:29:24.0401 2584 clr_optimization_v4.0.30319_32 - ok
14:29:24.0448 2584 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:29:24.0448 2584 CmBatt - ok
14:29:24.0479 2584 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
14:29:24.0479 2584 cmdide - ok
14:29:24.0495 2584 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:29:24.0495 2584 Compbatt - ok
14:29:24.0495 2584 COMSysApp - ok
14:29:24.0526 2584 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:29:24.0526 2584 crcdisk - ok
14:29:24.0541 2584 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:29:24.0541 2584 Crusoe - ok
14:29:24.0666 2584 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
14:29:24.0682 2584 CryptSvc - ok
14:29:24.0760 2584 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:29:24.0807 2584 DcomLaunch - ok
14:29:24.0885 2584 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:29:24.0885 2584 DfsC - ok
14:29:25.0197 2584 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:29:25.0306 2584 DFSR - ok
14:29:25.0493 2584 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:29:25.0493 2584 Dhcp - ok
14:29:25.0587 2584 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:29:25.0587 2584 disk - ok
14:29:25.0727 2584 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:29:25.0743 2584 Dnscache - ok
14:29:25.0774 2584 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:29:25.0789 2584 dot3svc - ok
14:29:25.0821 2584 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:29:25.0821 2584 DPS - ok
14:29:25.0867 2584 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:29:25.0867 2584 drmkaud - ok
14:29:26.0413 2584 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:29:26.0429 2584 DXGKrnl - ok
14:29:26.0491 2584 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:29:26.0507 2584 E1G60 - ok
14:29:26.0554 2584 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:29:26.0554 2584 EapHost - ok
14:29:26.0616 2584 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:29:26.0616 2584 Ecache - ok
14:29:26.0663 2584 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:29:26.0663 2584 ehRecvr - ok
14:29:26.0694 2584 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:29:26.0710 2584 ehSched - ok
14:29:26.0710 2584 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:29:26.0725 2584 ehstart - ok
14:29:26.0772 2584 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:29:26.0772 2584 elxstor - ok
14:29:27.0287 2584 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:29:27.0381 2584 EMDMgmt - ok
14:29:27.0459 2584 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:29:27.0474 2584 EventSystem - ok
14:29:27.0521 2584 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:29:27.0521 2584 exfat - ok
14:29:27.0552 2584 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:29:27.0552 2584 fastfat - ok
14:29:27.0583 2584 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:29:27.0583 2584 fdc - ok
14:29:27.0630 2584 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:29:27.0646 2584 fdPHost - ok
14:29:27.0677 2584 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:29:27.0677 2584 FDResPub - ok
14:29:27.0708 2584 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:29:27.0724 2584 FileInfo - ok
14:29:27.0739 2584 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:29:27.0739 2584 Filetrace - ok
14:29:27.0755 2584 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:29:27.0755 2584 flpydisk - ok
14:29:27.0771 2584 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:29:27.0786 2584 FltMgr - ok
14:29:27.0849 2584 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:29:27.0880 2584 FontCache - ok
14:29:28.0098 2584 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:29:28.0114 2584 FontCache3.0.0.0 - ok
14:29:28.0145 2584 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:29:28.0145 2584 Fs_Rec - ok
14:29:28.0254 2584 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:29:28.0254 2584 gagp30kx - ok
14:29:28.0457 2584 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:29:28.0473 2584 gpsvc - ok
14:29:28.0769 2584 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:29:28.0785 2584 gupdate - ok
14:29:28.0800 2584 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:29:28.0800 2584 gupdatem - ok
14:29:28.0847 2584 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:29:28.0863 2584 HdAudAddService - ok
14:29:28.0909 2584 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:29:28.0972 2584 HDAudBus - ok
14:29:29.0081 2584 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:29:29.0081 2584 HidBth - ok
14:29:29.0128 2584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:29:29.0128 2584 HidIr - ok
14:29:29.0190 2584 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:29:29.0190 2584 hidserv - ok
14:29:29.0206 2584 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:29:29.0206 2584 HidUsb - ok
14:29:29.0299 2584 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:29:29.0299 2584 hkmsvc - ok
14:29:29.0331 2584 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:29:29.0331 2584 HpCISSs - ok
14:29:29.0424 2584 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:29:29.0440 2584 HTTP - ok
14:29:29.0471 2584 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:29:29.0471 2584 i2omp - ok
14:29:29.0518 2584 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:29:29.0518 2584 i8042prt - ok
14:29:29.0549 2584 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:29:29.0549 2584 iaStorV - ok
14:29:30.0173 2584 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:29:30.0251 2584 idsvc - ok
14:29:30.0267 2584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:29:30.0267 2584 iirsp - ok
14:29:30.0313 2584 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:29:30.0329 2584 IKEEXT - ok
14:29:30.0485 2584 IntcAzAudAddService (67e40fa2e4f2b70e8b3c8597a38f3a49) C:\Windows\system32\drivers\RTKVHDA.sys
14:29:30.0563 2584 IntcAzAudAddService - ok
14:29:31.0109 2584 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:29:31.0109 2584 intelide - ok
14:29:31.0140 2584 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:29:31.0140 2584 intelppm - ok
14:29:31.0187 2584 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:29:31.0203 2584 IPBusEnum - ok
14:29:31.0218 2584 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:29:31.0218 2584 IpFilterDriver - ok
14:29:31.0249 2584 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:29:31.0265 2584 iphlpsvc - ok
14:29:31.0265 2584 IpInIp - ok
14:29:31.0312 2584 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:29:31.0312 2584 IPMIDRV - ok
14:29:31.0421 2584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:29:31.0421 2584 IPNAT - ok
14:29:31.0468 2584 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:29:31.0468 2584 IRENUM - ok
14:29:31.0483 2584 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:29:31.0483 2584 isapnp - ok
14:29:31.0515 2584 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:29:31.0530 2584 iScsiPrt - ok
14:29:31.0546 2584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:29:31.0546 2584 iteatapi - ok
14:29:31.0561 2584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:29:31.0561 2584 iteraid - ok
14:29:31.0593 2584 JRAID (222e263cc06e47bda386fe19b88e8583) C:\Windows\system32\drivers\jraid.sys
14:29:31.0593 2584 JRAID - ok
14:29:31.0655 2584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:29:31.0655 2584 kbdclass - ok
14:29:31.0717 2584 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:29:31.0717 2584 kbdhid - ok
14:29:31.0764 2584 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:29:31.0764 2584 KeyIso - ok
14:29:31.0811 2584 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
14:29:31.0827 2584 KSecDD - ok
14:29:31.0920 2584 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:29:31.0936 2584 KtmRm - ok
14:29:32.0061 2584 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:29:32.0076 2584 LanmanServer - ok
14:29:32.0107 2584 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:29:32.0123 2584 LanmanWorkstation - ok
14:29:32.0154 2584 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:29:32.0154 2584 lltdio - ok
14:29:32.0201 2584 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:29:32.0217 2584 lltdsvc - ok
14:29:32.0232 2584 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:29:32.0248 2584 lmhosts - ok
14:29:32.0295 2584 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:29:32.0295 2584 LSI_FC - ok
14:29:32.0310 2584 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:29:32.0310 2584 LSI_SAS - ok
14:29:32.0341 2584 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:29:32.0357 2584 LSI_SCSI - ok
14:29:32.0388 2584 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:29:32.0388 2584 luafv - ok
14:29:32.0419 2584 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:29:32.0419 2584 Mcx2Svc - ok
14:29:32.0466 2584 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:29:32.0466 2584 megasas - ok
14:29:32.0529 2584 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:29:32.0529 2584 MMCSS - ok
14:29:32.0560 2584 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:29:32.0560 2584 Modem - ok
14:29:32.0591 2584 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:29:32.0591 2584 monitor - ok
14:29:32.0607 2584 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:29:32.0607 2584 mouclass - ok
14:29:32.0638 2584 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:29:32.0638 2584 mouhid - ok
14:29:32.0653 2584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:29:32.0653 2584 MountMgr - ok
14:29:32.0685 2584 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:29:32.0685 2584 mpio - ok
14:29:32.0716 2584 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:29:32.0716 2584 mpsdrv - ok
14:29:32.0747 2584 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:29:32.0778 2584 MpsSvc - ok
14:29:32.0809 2584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:29:32.0809 2584 Mraid35x - ok
14:29:32.0825 2584 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:29:32.0825 2584 MRxDAV - ok
14:29:32.0856 2584 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:29:32.0856 2584 mrxsmb - ok
14:29:32.0887 2584 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:29:32.0887 2584 mrxsmb10 - ok
14:29:32.0903 2584 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:29:32.0903 2584 mrxsmb20 - ok
14:29:32.0919 2584 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
14:29:32.0919 2584 msahci - ok
14:29:32.0934 2584 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:29:32.0934 2584 msdsm - ok
14:29:32.0981 2584 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:29:32.0981 2584 MSDTC - ok
14:29:33.0012 2584 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:29:33.0012 2584 Msfs - ok
14:29:33.0043 2584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:29:33.0043 2584 msisadrv - ok
14:29:33.0090 2584 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:29:33.0090 2584 MSiSCSI - ok
14:29:33.0106 2584 msiserver - ok
14:29:33.0137 2584 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:29:33.0137 2584 MSKSSRV - ok
14:29:33.0168 2584 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:29:33.0168 2584 MSPCLOCK - ok
14:29:33.0168 2584 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:29:33.0168 2584 MSPQM - ok
14:29:33.0215 2584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:29:33.0215 2584 MsRPC - ok
14:29:33.0231 2584 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:29:33.0231 2584 mssmbios - ok
14:29:33.0231 2584 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:29:33.0231 2584 MSTEE - ok
14:29:33.0246 2584 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:29:33.0246 2584 Mup - ok
14:29:33.0277 2584 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:29:33.0293 2584 napagent - ok
14:29:33.0340 2584 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:29:33.0340 2584 NativeWifiP - ok
14:29:33.0387 2584 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:29:33.0387 2584 NDIS - ok
14:29:33.0418 2584 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:29:33.0418 2584 NdisTapi - ok
14:29:33.0433 2584 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:29:33.0433 2584 Ndisuio - ok
14:29:33.0465 2584 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:29:33.0465 2584 NdisWan - ok
14:29:33.0480 2584 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:29:33.0480 2584 NDProxy - ok
14:29:33.0511 2584 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:29:33.0511 2584 NetBIOS - ok
14:29:33.0527 2584 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:29:33.0527 2584 netbt - ok
14:29:33.0558 2584 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:29:33.0558 2584 Netlogon - ok
14:29:33.0605 2584 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:29:33.0605 2584 Netman - ok
14:29:33.0636 2584 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:29:33.0667 2584 netprofm - ok
14:29:33.0730 2584 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:29:33.0730 2584 NetTcpPortSharing - ok
14:29:33.0855 2584 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
14:29:33.0933 2584 NETw3v32 - ok
14:29:34.0026 2584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:29:34.0042 2584 nfrd960 - ok
14:29:34.0057 2584 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:29:34.0073 2584 NlaSvc - ok
14:29:34.0089 2584 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:29:34.0089 2584 Npfs - ok
14:29:34.0104 2584 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:29:34.0120 2584 nsi - ok
14:29:34.0120 2584 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:29:34.0120 2584 nsiproxy - ok
14:29:34.0198 2584 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:29:34.0229 2584 Ntfs - ok
14:29:34.0245 2584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:29:34.0245 2584 ntrigdigi - ok
14:29:34.0276 2584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:29:34.0276 2584 Null - ok
14:29:34.0541 2584 nvlddmkm (05200c3a9b1370aa2d8c99f1a464168b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:29:34.0806 2584 nvlddmkm - ok
14:29:34.0915 2584 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
14:29:34.0915 2584 nvraid - ok
14:29:34.0931 2584 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
14:29:34.0931 2584 nvstor - ok
14:29:34.0962 2584 nvsvc (a1da6d6d706ba55348db4ba688f37ca5) C:\Windows\system32\nvvsvc.exe
14:29:34.0978 2584 nvsvc - ok
14:29:35.0009 2584 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:29:35.0009 2584 nv_agp - ok
14:29:35.0009 2584 NwlnkFlt - ok
14:29:35.0025 2584 NwlnkFwd - ok
14:29:35.0087 2584 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:29:35.0087 2584 ohci1394 - ok
14:29:35.0134 2584 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:29:35.0165 2584 p2pimsvc - ok
14:29:35.0165 2584 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:29:35.0181 2584 p2psvc - ok
14:29:35.0212 2584 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:29:35.0212 2584 Parport - ok
14:29:35.0243 2584 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:29:35.0243 2584 partmgr - ok
14:29:35.0259 2584 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:29:35.0259 2584 Parvdm - ok
14:29:35.0290 2584 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:29:35.0290 2584 PcaSvc - ok
14:29:35.0321 2584 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:29:35.0321 2584 pci - ok
14:29:35.0352 2584 pciide (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
14:29:35.0352 2584 pciide - ok
14:29:35.0368 2584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:29:35.0368 2584 pcmcia - ok
14:29:35.0430 2584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:29:35.0461 2584 PEAUTH - ok
14:29:35.0555 2584 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:29:35.0633 2584 pla - ok
14:29:35.0758 2584 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:29:35.0773 2584 PlugPlay - ok
14:29:35.0836 2584 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:29:35.0836 2584 PNRPAutoReg - ok
14:29:35.0851 2584 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:29:35.0867 2584 PNRPsvc - ok
14:29:35.0898 2584 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:29:35.0914 2584 PolicyAgent - ok
14:29:35.0961 2584 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:29:35.0961 2584 PptpMiniport - ok
14:29:35.0992 2584 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:29:35.0992 2584 Processor - ok
14:29:36.0023 2584 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:29:36.0039 2584 ProfSvc - ok
14:29:36.0054 2584 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:29:36.0070 2584 ProtectedStorage - ok
14:29:36.0070 2584 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:29:36.0070 2584 PSched - ok
14:29:36.0148 2584 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:29:36.0179 2584 ql2300 - ok
14:29:36.0195 2584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:29:36.0210 2584 ql40xx - ok
14:29:36.0257 2584 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:29:36.0273 2584 QWAVE - ok
14:29:36.0288 2584 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:29:36.0288 2584 QWAVEdrv - ok
14:29:36.0304 2584 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:29:36.0304 2584 RasAcd - ok
14:29:36.0319 2584 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:29:36.0319 2584 RasAuto - ok
14:29:36.0351 2584 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:29:36.0351 2584 Rasl2tp - ok
14:29:36.0382 2584 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:29:36.0397 2584 RasMan - ok
14:29:36.0429 2584 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:29:36.0429 2584 RasPppoe - ok
14:29:36.0444 2584 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:29:36.0444 2584 RasSstp - ok
14:29:36.0475 2584 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:29:36.0475 2584 rdbss - ok
14:29:36.0522 2584 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:29:36.0522 2584 RDPCDD - ok
14:29:36.0553 2584 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:29:36.0553 2584 rdpdr - ok
14:29:36.0553 2584 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:29:36.0553 2584 RDPENCDD - ok
14:29:36.0600 2584 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
14:29:36.0600 2584 RDPWD - ok
14:29:36.0663 2584 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:29:36.0663 2584 RemoteAccess - ok
14:29:36.0678 2584 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:29:36.0694 2584 RemoteRegistry - ok
14:29:36.0725 2584 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
14:29:36.0725 2584 RFCOMM - ok
14:29:36.0756 2584 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:29:36.0756 2584 RpcLocator - ok
14:29:36.0803 2584 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:29:36.0803 2584 RpcSs - ok
14:29:36.0850 2584 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:29:36.0850 2584 rspndr - ok
14:29:36.0865 2584 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:29:36.0865 2584 RTL8169 - ok
14:29:36.0881 2584 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:29:36.0897 2584 SamSs - ok
14:29:36.0912 2584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:29:36.0912 2584 sbp2port - ok
14:29:36.0959 2584 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:29:36.0959 2584 SCardSvr - ok
14:29:37.0006 2584 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:29:37.0037 2584 Schedule - ok
14:29:37.0068 2584 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:29:37.0068 2584 SCPolicySvc - ok
14:29:37.0099 2584 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:29:37.0099 2584 SDRSVC - ok
14:29:37.0115 2584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:29:37.0115 2584 secdrv - ok
14:29:37.0146 2584 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:29:37.0146 2584 seclogon - ok
14:29:37.0162 2584 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:29:37.0162 2584 SENS - ok
14:29:37.0177 2584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:29:37.0193 2584 Serenum - ok
14:29:37.0209 2584 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:29:37.0209 2584 Serial - ok
14:29:37.0240 2584 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:29:37.0240 2584 sermouse - ok
14:29:37.0271 2584 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:29:37.0271 2584 SessionEnv - ok
14:29:37.0302 2584 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:29:37.0302 2584 sffdisk - ok
14:29:37.0318 2584 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:29:37.0318 2584 sffp_mmc - ok
14:29:37.0333 2584 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:29:37.0333 2584 sffp_sd - ok
14:29:37.0349 2584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:29:37.0349 2584 sfloppy - ok
14:29:37.0380 2584 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:29:37.0396 2584 SharedAccess - ok
14:29:37.0427 2584 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:29:37.0458 2584 ShellHWDetection - ok
14:29:37.0474 2584 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:29:37.0474 2584 sisagp - ok
14:29:37.0505 2584 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:29:37.0505 2584 SiSRaid2 - ok
14:29:37.0536 2584 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:29:37.0536 2584 SiSRaid4 - ok
14:29:37.0770 2584 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:29:37.0895 2584 Skype C2C Service - ok
14:29:37.0957 2584 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
14:29:37.0973 2584 SkypeUpdate - ok
14:29:38.0191 2584 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:29:38.0301 2584 slsvc - ok
14:29:38.0379 2584 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:29:38.0379 2584 SLUINotify - ok
14:29:38.0410 2584 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:29:38.0410 2584 Smb - ok
14:29:38.0457 2584 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
14:29:38.0503 2584 smserial - ok
14:29:38.0535 2584 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:29:38.0550 2584 SNMPTRAP - ok
14:29:38.0566 2584 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:29:38.0581 2584 spldr - ok
14:29:38.0613 2584 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:29:38.0628 2584 Spooler - ok
14:29:38.0659 2584 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:29:38.0659 2584 srv - ok
14:29:38.0675 2584 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:29:38.0675 2584 srv2 - ok
14:29:38.0706 2584 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:29:38.0706 2584 srvnet - ok
14:29:38.0753 2584 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:29:38.0769 2584 SSDPSRV - ok
14:29:38.0800 2584 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:29:38.0800 2584 SstpSvc - ok
14:29:38.0862 2584 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:29:38.0893 2584 stisvc - ok
14:29:38.0909 2584 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:29:38.0925 2584 swenum - ok
14:29:39.0065 2584 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:29:39.0081 2584 SwitchBoard - ok
14:29:39.0127 2584 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:29:39.0159 2584 swprv - ok
14:29:39.0190 2584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:29:39.0190 2584 Symc8xx - ok
14:29:39.0221 2584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:29:39.0237 2584 Sym_hi - ok
14:29:39.0252 2584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:29:39.0252 2584 Sym_u3 - ok
14:29:39.0299 2584 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:29:39.0330 2584 SysMain - ok
14:29:39.0361 2584 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:29:39.0361 2584 TabletInputService - ok
14:29:39.0393 2584 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:29:39.0424 2584 TapiSrv - ok
14:29:39.0455 2584 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:29:39.0455 2584 TBS - ok
14:29:39.0533 2584 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:29:39.0564 2584 Tcpip - ok
14:29:39.0580 2584 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:29:39.0580 2584 Tcpip6 - ok
14:29:39.0627 2584 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:29:39.0627 2584 tcpipreg - ok
14:29:39.0642 2584 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:29:39.0658 2584 TDPIPE - ok
14:29:39.0673 2584 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:29:39.0673 2584 TDTCP - ok
14:29:39.0705 2584 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:29:39.0705 2584 tdx - ok
14:29:39.0736 2584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:29:39.0736 2584 TermDD - ok
14:29:39.0767 2584 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:29:39.0798 2584 TermService - ok
14:29:39.0861 2584 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:29:39.0861 2584 Themes - ok
14:29:39.0892 2584 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:29:39.0892 2584 THREADORDER - ok
14:29:39.0923 2584 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:29:39.0923 2584 TrkWks - ok
14:29:39.0954 2584 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:29:39.0954 2584 TrustedInstaller - ok
14:29:40.0001 2584 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:29:40.0001 2584 tssecsrv - ok
14:29:40.0032 2584 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:29:40.0048 2584 tunmp - ok
14:29:40.0063 2584 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:29:40.0063 2584 tunnel - ok
14:29:40.0095 2584 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:29:40.0110 2584 uagp35 - ok
14:29:40.0141 2584 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:29:40.0157 2584 udfs - ok
14:29:40.0188 2584 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:29:40.0188 2584 UI0Detect - ok
14:29:40.0219 2584 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:29:40.0219 2584 uliagpkx - ok
14:29:40.0251 2584 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:29:40.0251 2584 uliahci - ok
14:29:40.0282 2584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:29:40.0282 2584 UlSata - ok
14:29:40.0297 2584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:29:40.0297 2584 ulsata2 - ok
14:29:40.0329 2584 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:29:40.0329 2584 umbus - ok
14:29:40.0375 2584 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:29:40.0391 2584 upnphost - ok
14:29:40.0453 2584 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:29:40.0453 2584 usbccgp - ok
14:29:40.0485 2584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:29:40.0485 2584 usbcir - ok
14:29:40.0531 2584 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:29:40.0531 2584 usbehci - ok
14:29:40.0578 2584 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:29:40.0578 2584 usbhub - ok
14:29:40.0594 2584 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:29:40.0594 2584 usbohci - ok
14:29:40.0609 2584 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:29:40.0609 2584 usbprint - ok
14:29:40.0656 2584 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:29:40.0656 2584 USBSTOR - ok
14:29:40.0703 2584 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:29:40.0703 2584 usbuhci - ok
14:29:40.0734 2584 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:29:40.0734 2584 UxSms - ok
14:29:40.0797 2584 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:29:40.0812 2584 vds - ok
14:29:40.0859 2584 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:29:40.0859 2584 vga - ok
14:29:40.0890 2584 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:29:40.0890 2584 VgaSave - ok
14:29:40.0906 2584 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:29:40.0921 2584 viaagp - ok
14:29:40.0937 2584 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:29:40.0937 2584 ViaC7 - ok
14:29:40.0968 2584 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
14:29:40.0968 2584 viaide - ok
14:29:40.0999 2584 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
14:29:40.0999 2584 viamraid - ok
14:29:41.0015 2584 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:29:41.0031 2584 volmgr - ok
14:29:41.0062 2584 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:29:41.0062 2584 volmgrx - ok
14:29:41.0093 2584 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:29:41.0093 2584 volsnap - ok
14:29:41.0124 2584 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:29:41.0124 2584 vsmraid - ok
14:29:41.0171 2584 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:29:41.0202 2584 VSS - ok
14:29:41.0249 2584 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:29:41.0265 2584 W32Time - ok
14:29:41.0311 2584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:29:41.0311 2584 WacomPen - ok
14:29:41.0343 2584 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:41.0343 2584 Wanarp - ok
14:29:41.0343 2584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:41.0343 2584 Wanarpv6 - ok
14:29:41.0374 2584 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:29:41.0405 2584 wcncsvc - ok
14:29:41.0436 2584 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:29:41.0452 2584 WcsPlugInService - ok
14:29:41.0467 2584 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:29:41.0467 2584 Wd - ok
14:29:41.0514 2584 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:29:41.0530 2584 Wdf01000 - ok
14:29:41.0545 2584 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:29:41.0561 2584 WdiServiceHost - ok
14:29:41.0561 2584 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:29:41.0577 2584 WdiSystemHost - ok
14:29:41.0608 2584 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:29:41.0623 2584 WebClient - ok
14:29:41.0686 2584 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:29:41.0701 2584 Wecsvc - ok
14:29:41.0748 2584 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:29:41.0764 2584 wercplsupport - ok
14:29:41.0795 2584 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:29:41.0811 2584 WerSvc - ok
14:29:41.0904 2584 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:29:41.0920 2584 WinDefend - ok
14:29:41.0935 2584 WinHttpAutoProxySvc - ok
14:29:41.0998 2584 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:29:41.0998 2584 Winmgmt - ok
14:29:42.0076 2584 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:29:42.0123 2584 WinRM - ok
14:29:42.0185 2584 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:29:42.0216 2584 Wlansvc - ok
14:29:42.0341 2584 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:29:42.0403 2584 wlidsvc - ok
14:29:42.0513 2584 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:29:42.0513 2584 WmiAcpi - ok
14:29:42.0575 2584 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:29:42.0575 2584 wmiApSrv - ok
14:29:42.0637 2584 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:29:42.0715 2584 WMPNetworkSvc - ok
14:29:42.0762 2584 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:29:42.0778 2584 WPCSvc - ok
14:29:42.0825 2584 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:29:42.0840 2584 WPDBusEnum - ok
14:29:42.0903 2584 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:29:42.0903 2584 WpdUsb - ok
14:29:43.0027 2584 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:29:43.0059 2584 WPFFontCache_v0400 - ok
14:29:43.0090 2584 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:29:43.0090 2584 ws2ifsl - ok
14:29:43.0105 2584 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:29:43.0121 2584 wscsvc - ok
14:29:43.0121 2584 WSearch - ok
14:29:43.0215 2584 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:29:43.0293 2584 wuauserv - ok
14:29:43.0417 2584 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:29:43.0417 2584 WUDFRd - ok
14:29:43.0449 2584 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:29:43.0449 2584 wudfsvc - ok
14:29:43.0480 2584 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:29:43.0854 2584 \Device\Harddisk0\DR0 - ok
14:29:43.0854 2584 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:29:43.0854 2584 \Device\Harddisk1\DR1 - ok
14:29:43.0854 2584 Boot (0x1200) (e74e15b24b14001cb1757fa47ebfd8d0) \Device\Harddisk0\DR0\Partition0
14:29:43.0854 2584 \Device\Harddisk0\DR0\Partition0 - ok
14:29:43.0870 2584 Boot (0x1200) (f96e63747d947db100f557ae8b2b957e) \Device\Harddisk1\DR1\Partition0
14:29:43.0870 2584 \Device\Harddisk1\DR1\Partition0 - ok
14:29:43.0870 2584 ============================================================
14:29:43.0870 2584 Scan finished
14:29:43.0870 2584 ============================================================
14:29:43.0885 2828 Detected object count: 0
14:29:43.0885 2828 Actual detected object count: 0
14:29:58.0315 4796 ============================================================
14:29:58.0315 4796 Scan started
14:29:58.0315 4796 Mode: Manual; SigCheck; TDLFS;
14:29:58.0315 4796 ============================================================
14:29:58.0518 4796 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:29:58.0643 4796 ACPI - ok
14:29:58.0690 4796 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:29:58.0721 4796 AdobeFlashPlayerUpdateSvc - ok
14:29:58.0752 4796 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:29:58.0815 4796 adp94xx - ok
14:29:58.0877 4796 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:29:58.0908 4796 adpahci - ok
14:29:58.0924 4796 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:29:58.0939 4796 adpu160m - ok
14:29:58.0955 4796 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:29:58.0986 4796 adpu320 - ok
14:29:59.0002 4796 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:29:59.0127 4796 AeLookupSvc - ok
14:29:59.0158 4796 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:29:59.0220 4796 AFD - ok
14:29:59.0251 4796 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:29:59.0267 4796 agp440 - ok
14:29:59.0283 4796 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:29:59.0314 4796 aic78xx - ok
14:29:59.0361 4796 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:29:59.0423 4796 ALG - ok
14:29:59.0439 4796 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
14:29:59.0454 4796 aliide - ok
14:29:59.0485 4796 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:29:59.0501 4796 amdagp - ok
14:29:59.0532 4796 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
14:29:59.0548 4796 amdide - ok
14:29:59.0563 4796 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:29:59.0641 4796 AmdK7 - ok
14:29:59.0657 4796 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:29:59.0735 4796 AmdK8 - ok
14:29:59.0751 4796 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:29:59.0797 4796 Appinfo - ok
14:29:59.0813 4796 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:29:59.0829 4796 arc - ok
14:29:59.0844 4796 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:29:59.0860 4796 arcsas - ok
14:29:59.0891 4796 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
14:29:59.0938 4796 aswFsBlk - ok
14:29:59.0985 4796 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
14:30:00.0000 4796 aswMonFlt - ok
14:30:00.0016 4796 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\AswRdr.sys
14:30:00.0031 4796 AswRdr - ok
14:30:00.0063 4796 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
14:30:00.0125 4796 aswSnx - ok
14:30:00.0172 4796 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
14:30:00.0203 4796 aswSP - ok
14:30:00.0234 4796 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
14:30:00.0265 4796 aswTdi - ok
14:30:00.0297 4796 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:30:00.0359 4796 AsyncMac - ok
14:30:00.0390 4796 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:30:00.0406 4796 atapi - ok
14:30:00.0437 4796 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:30:00.0468 4796 AudioEndpointBuilder - ok
14:30:00.0468 4796 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:30:00.0499 4796 Audiosrv - ok
14:30:00.0577 4796 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:30:00.0609 4796 avast! Antivirus - ok
14:30:00.0624 4796 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:30:00.0687 4796 Beep - ok
14:30:00.0733 4796 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:30:00.0765 4796 BFE - ok
14:30:00.0827 4796 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:30:00.0921 4796 BITS - ok
14:30:00.0936 4796 blbdrive - ok
14:30:00.0983 4796 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:30:01.0030 4796 bowser - ok
14:30:01.0061 4796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:30:01.0092 4796 BrFiltLo - ok
14:30:01.0108 4796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:30:01.0155 4796 BrFiltUp - ok
14:30:01.0186 4796 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:30:01.0233 4796 Browser - ok
14:30:01.0248 4796 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:30:01.0342 4796 Brserid - ok
14:30:01.0357 4796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:30:01.0420 4796 BrSerWdm - ok
14:30:01.0435 4796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:30:01.0498 4796 BrUsbMdm - ok
14:30:01.0529 4796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:30:01.0591 4796 BrUsbSer - ok
14:30:01.0623 4796 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
14:30:01.0654 4796 BthEnum - ok
14:30:01.0669 4796 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:30:01.0732 4796 BTHMODEM - ok
14:30:01.0763 4796 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
14:30:01.0810 4796 BthPan - ok
14:30:01.0857 4796 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
14:30:01.0919 4796 BTHPORT - ok
14:30:01.0950 4796 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
14:30:01.0997 4796 BthServ - ok
14:30:02.0013 4796 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
14:30:02.0059 4796 BTHUSB - ok
14:30:02.0091 4796 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:30:02.0153 4796 cdfs - ok
14:30:02.0184 4796 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:30:02.0231 4796 cdrom - ok
14:30:02.0262 4796 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:30:02.0340 4796 CertPropSvc - ok
14:30:02.0371 4796 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:30:02.0434 4796 circlass - ok
14:30:02.0465 4796 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:30:02.0481 4796 CLFS - ok
14:30:02.0543 4796 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:30:02.0559 4796 clr_optimization_v2.0.50727_32 - ok
14:30:02.0621 4796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:30:02.0637 4796 clr_optimization_v4.0.30319_32 - ok
14:30:02.0668 4796 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:30:02.0715 4796 CmBatt - ok
14:30:02.0730 4796 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
14:30:02.0746 4796 cmdide - ok
14:30:02.0777 4796 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:30:02.0793 4796 Compbatt - ok
14:30:02.0793 4796 COMSysApp - ok
14:30:02.0808 4796 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:30:02.0824 4796 crcdisk - ok
14:30:02.0839 4796 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:30:02.0917 4796 Crusoe - ok
14:30:02.0949 4796 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
14:30:02.0995 4796 CryptSvc - ok
14:30:03.0027 4796 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:30:03.0136 4796 DcomLaunch - ok
14:30:03.0167 4796 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:30:03.0214 4796 DfsC - ok
14:30:03.0323 4796 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:30:03.0448 4796 DFSR - ok
14:30:03.0557 4796 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:30:03.0604 4796 Dhcp - ok
14:30:03.0619 4796 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:30:03.0651 4796 disk - ok
14:30:03.0682 4796 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:30:03.0729 4796 Dnscache - ok
14:30:03.0760 4796 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:30:03.0791 4796 dot3svc - ok
14:30:03.0838 4796 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:30:03.0869 4796 DPS - ok
14:30:03.0900 4796 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:30:03.0947 4796 drmkaud - ok
14:30:03.0994 4796 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:30:04.0056 4796 DXGKrnl - ok
14:30:04.0103 4796 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:30:04.0181 4796 E1G60 - ok
14:30:04.0212 4796 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:30:04.0259 4796 EapHost - ok
14:30:04.0290 4796 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:30:04.0306 4796 Ecache - ok
14:30:04.0353 4796 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:30:04.0384 4796 ehRecvr - ok
14:30:04.0399 4796 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:30:04.0431 4796 ehSched - ok
14:30:04.0446 4796 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:30:04.0462 4796 ehstart - ok
14:30:04.0509 4796 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:30:04.0524 4796 elxstor - ok
14:30:04.0571 4796 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:30:04.0665 4796 EMDMgmt - ok
14:30:04.0727 4796 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:30:04.0758 4796 EventSystem - ok
14:30:04.0789 4796 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:30:04.0836 4796 exfat - ok
14:30:04.0867 4796 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:30:04.0914 4796 fastfat - ok
14:30:04.0961 4796 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:30:05.0023 4796 fdc - ok
14:30:05.0039 4796 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:30:05.0070 4796 fdPHost - ok
14:30:05.0117 4796 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:30:05.0179 4796 FDResPub - ok
14:30:05.0195 4796 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:30:05.0211 4796 FileInfo - ok
14:30:05.0226 4796 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:30:05.0273 4796 Filetrace - ok
14:30:05.0289 4796 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:30:05.0351 4796 flpydisk - ok
14:30:05.0382 4796 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:30:05.0398 4796 FltMgr - ok
14:30:05.0460 4796 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:30:05.0523 4796 FontCache - ok
14:30:05.0601 4796 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:30:05.0616 4796 FontCache3.0.0.0 - ok
14:30:05.0647 4796 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:30:05.0694 4796 Fs_Rec - ok
14:30:05.0725 4796 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:30:05.0741 4796 gagp30kx - ok
14:30:05.0788 4796 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:30:05.0881 4796 gpsvc - ok
14:30:05.0975 4796 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:30:06.0006 4796 gupdate - ok
14:30:06.0006 4796 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:30:06.0037 4796 gupdatem - ok
14:30:06.0069 4796 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:30:06.0115 4796 HdAudAddService - ok
14:30:06.0162 4796 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:30:06.0271 4796 HDAudBus - ok
14:30:06.0287 4796 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:30:06.0396 4796 HidBth - ok
14:30:06.0412 4796 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:30:06.0505 4796 HidIr - ok
14:30:06.0537 4796 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:30:06.0583 4796 hidserv - ok
14:30:06.0615 4796 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:30:06.0661 4796 HidUsb - ok
14:30:06.0693 4796 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:30:06.0755 4796 hkmsvc - ok
14:30:06.0771 4796 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:30:06.0802 4796 HpCISSs - ok
14:30:06.0849 4796 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:30:06.0927 4796 HTTP - ok
14:30:06.0958 4796 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:30:06.0989 4796 i2omp - ok
14:30:07.0020 4796 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:30:07.0067 4796 i8042prt - ok
14:30:07.0098 4796 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:30:07.0114 4796 iaStorV - ok
14:30:07.0207 4796 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:30:07.0285 4796 idsvc - ok
14:30:07.0317 4796 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:30:07.0332 4796 iirsp - ok
14:30:07.0379 4796 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:30:07.0441 4796 IKEEXT - ok
14:30:07.0519 4796 IntcAzAudAddService (67e40fa2e4f2b70e8b3c8597a38f3a49) C:\Windows\system32\drivers\RTKVHDA.sys
14:30:07.0613 4796 IntcAzAudAddService - ok
14:30:07.0722 4796 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:30:07.0738 4796 intelide - ok
14:30:07.0769 4796 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:30:07.0800 4796 intelppm - ok
14:30:07.0831 4796 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:30:07.0894 4796 IPBusEnum - ok
14:30:07.0894 4796 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:30:07.0941 4796 IpFilterDriver - ok
14:30:07.0972 4796 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:30:08.0019 4796 iphlpsvc - ok
14:30:08.0019 4796 IpInIp - ok
14:30:08.0050 4796 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:30:08.0112 4796 IPMIDRV - ok
14:30:08.0128 4796 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:30:08.0159 4796 IPNAT - ok
14:30:08.0190 4796 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:30:08.0221 4796 IRENUM - ok
14:30:08.0237 4796 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:30:08.0253 4796 isapnp - ok
14:30:08.0284 4796 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:30:08.0315 4796 iScsiPrt - ok
14:30:08.0331 4796 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:30:08.0346 4796 iteatapi - ok
14:30:08.0393 4796 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:30:08.0409 4796 iteraid - ok
14:30:08.0455 4796 JRAID (222e263cc06e47bda386fe19b88e8583) C:\Windows\system32\drivers\jraid.sys
14:30:08.0471 4796 JRAID - ok
14:30:08.0518 4796 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:30:08.0533 4796 kbdclass - ok
14:30:08.0549 4796 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:30:08.0596 4796 kbdhid - ok
14:30:08.0627 4796 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:30:08.0674 4796 KeyIso - ok
14:30:08.0721 4796 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
14:30:08.0752 4796 KSecDD - ok
14:30:08.0799 4796 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:30:08.0845 4796 KtmRm - ok
14:30:08.0892 4796 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:30:08.0939 4796 LanmanServer - ok
14:30:08.0955 4796 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:30:08.0986 4796 LanmanWorkstation - ok
14:30:09.0017 4796 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:30:09.0064 4796 lltdio - ok
14:30:09.0095 4796 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:30:09.0142 4796 lltdsvc - ok
14:30:09.0157 4796 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:30:09.0220 4796 lmhosts - ok
14:30:09.0251 4796 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:30:09.0282 4796 LSI_FC - ok
14:30:09.0298 4796 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:30:09.0313 4796 LSI_SAS - ok
14:30:09.0345 4796 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:30:09.0360 4796 LSI_SCSI - ok
14:30:09.0391 4796 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:30:09.0438 4796 luafv - ok
14:30:09.0469 4796 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:30:09.0501 4796 Mcx2Svc - ok
14:30:09.0532 4796 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:30:09.0547 4796 megasas - ok
14:30:09.0563 4796 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:30:09.0625 4796 MMCSS - ok
14:30:09.0641 4796 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:30:09.0703 4796 Modem - ok
14:30:09.0719 4796 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:30:09.0781 4796 monitor - ok
14:30:09.0797 4796 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:30:09.0813 4796 mouclass - ok
14:30:09.0844 4796 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:30:09.0875 4796 mouhid - ok
14:30:09.0906 4796 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:30:09.0922 4796 MountMgr - ok
14:30:09.0937 4796 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:30:09.0953 4796 mpio - ok
14:30:09.0969 4796 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:30:10.0000 4796 mpsdrv - ok
14:30:10.0047 4796 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:30:10.0109 4796 MpsSvc - ok
14:30:10.0125 4796 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:30:10.0156 4796 Mraid35x - ok
14:30:10.0187 4796 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:30:10.0218 4796 MRxDAV - ok
14:30:10.0249 4796 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:10.0281 4796 mrxsmb - ok
14:30:10.0296 4796 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:10.0327 4796 mrxsmb10 - ok
14:30:10.0327 4796 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:10.0359 4796 mrxsmb20 - ok
14:30:10.0390 4796 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
14:30:10.0405 4796 msahci - ok
14:30:10.0421 4796 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:30:10.0437 4796 msdsm - ok
14:30:10.0483 4796 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:30:10.0515 4796 MSDTC - ok
14:30:10.0546 4796 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:30:10.0593 4796 Msfs - ok
14:30:10.0624 4796 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:30:10.0639 4796 msisadrv - ok
14:30:10.0671 4796 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:30:10.0717 4796 MSiSCSI - ok
14:30:10.0717 4796 msiserver - ok
14:30:10.0764 4796 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:30:10.0811 4796 MSKSSRV - ok
14:30:10.0842 4796 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:10.0889 4796 MSPCLOCK - ok
14:30:10.0905 4796 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:30:10.0936 4796 MSPQM - ok
14:30:10.0983 4796 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:30:10.0998 4796 MsRPC - ok
14:30:11.0029 4796 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:30:11.0061 4796 mssmbios - ok
14:30:11.0061 4796 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:30:11.0107 4796 MSTEE - ok
14:30:11.0107 4796 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:30:11.0139 4796 Mup - ok
14:30:11.0185 4796 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:30:11.0232 4796 napagent - ok
14:30:11.0263 4796 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:30:11.0279 4796 NativeWifiP - ok
14:30:11.0341 4796 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:30:11.0373 4796 NDIS - ok
14:30:11.0419 4796 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:11.0466 4796 NdisTapi - ok
14:30:11.0482 4796 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:11.0513 4796 Ndisuio - ok
14:30:11.0544 4796 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:11.0560 4796 NdisWan - ok
14:30:11.0575 4796 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:30:11.0607 4796 NDProxy - ok
14:30:11.0622 4796 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:30:11.0653 4796 NetBIOS - ok
14:30:11.0669 4796 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:30:11.0700 4796 netbt - ok
14:30:11.0731 4796 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:30:11.0747 4796 Netlogon - ok
14:30:11.0778 4796 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:30:11.0825 4796 Netman - ok
14:30:11.0872 4796 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:30:11.0919 4796 netprofm - ok
14:30:11.0997 4796 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:30:12.0012 4796 NetTcpPortSharing - ok
14:30:12.0121 4796 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
14:30:12.0293 4796 NETw3v32 - ok
14:30:12.0418 4796 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:30:12.0433 4796 nfrd960 - ok
14:30:12.0465 4796 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:30:12.0527 4796 NlaSvc - ok
14:30:12.0558 4796 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:30:12.0589 4796 Npfs - ok
14:30:12.0621 4796 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:30:12.0667 4796 nsi - ok
14:30:12.0683 4796 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:30:12.0714 4796 nsiproxy - ok
14:30:12.0792 4796 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:30:12.0870 4796 Ntfs - ok
14:30:12.0886 4796 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:30:12.0948 4796 ntrigdigi - ok
14:30:12.0964 4796 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:30:12.0995 4796 Null - ok
14:30:13.0291 4796 nvlddmkm (05200c3a9b1370aa2d8c99f1a464168b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:30:13.0697 4796 nvlddmkm - ok
14:30:13.0822 4796 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
14:30:13.0837 4796 nvraid - ok
14:30:13.0837 4796 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
14:30:13.0869 4796 nvstor - ok
14:30:13.0915 4796 nvsvc (a1da6d6d706ba55348db4ba688f37ca5) C:\Windows\system32\nvvsvc.exe
14:30:13.0931 4796 nvsvc - ok
14:30:13.0962 4796 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:30:13.0978 4796 nv_agp - ok
14:30:13.0978 4796 NwlnkFlt - ok
14:30:13.0978 4796 NwlnkFwd - ok
14:30:14.0025 4796 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:30:14.0071 4796 ohci1394 - ok
14:30:14.0118 4796 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:30:14.0165 4796 p2pimsvc - ok
14:30:14.0165 4796 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:30:14.0227 4796 p2psvc - ok
14:30:14.0259 4796 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:30:14.0321 4796 Parport - ok
14:30:14.0352 4796 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:30:14.0368 4796 partmgr - ok
14:30:14.0383 4796 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:30:14.0446 4796 Parvdm - ok
14:30:14.0477 4796 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:30:14.0508 4796 PcaSvc - ok
14:30:14.0539 4796 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:30:14.0555 4796 pci - ok
14:30:14.0571 4796 pciide (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
14:30:14.0586 4796 pciide - ok
14:30:14.0602 4796 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:30:14.0617 4796 pcmcia - ok
14:30:14.0680 4796 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:30:14.0789 4796 PEAUTH - ok
14:30:14.0883 4796 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:30:14.0961 4796 pla - ok
14:30:15.0085 4796 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:30:15.0117 4796 PlugPlay - ok
14:30:15.0163 4796 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:30:15.0226 4796 PNRPAutoReg - ok
14:30:15.0241 4796 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:30:15.0304 4796 PNRPsvc - ok
14:30:15.0366 4796 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:30:15.0413 4796 PolicyAgent - ok
14:30:15.0460 4796 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:30:15.0491 4796 PptpMiniport - ok
14:30:15.0522 4796 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:30:15.0585 4796 Processor - ok
14:30:15.0631 4796 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:30:15.0663 4796 ProfSvc - ok
14:30:15.0678 4796 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:30:15.0694 4796 ProtectedStorage - ok
14:30:15.0709 4796 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:30:15.0741 4796 PSched - ok
14:30:15.0787 4796 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:30:15.0865 4796 ql2300 - ok
14:30:15.0897 4796 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:30:15.0912 4796 ql40xx - ok
14:30:15.0959 4796 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:30:15.0990 4796 QWAVE - ok
14:30:16.0006 4796 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:30:16.0037 4796 QWAVEdrv - ok
14:30:16.0053 4796 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:30:16.0084 4796 RasAcd - ok
14:30:16.0115 4796 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:30:16.0162 4796 RasAuto - ok
14:30:16.0193 4796 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:16.0224 4796 Rasl2tp - ok
14:30:16.0255 4796 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:30:16.0302 4796 RasMan - ok
14:30:16.0333 4796 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:16.0365 4796 RasPppoe - ok
14:30:16.0396 4796 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:30:16.0427 4796 RasSstp - ok
14:30:16.0458 4796 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:30:16.0489 4796 rdbss - ok
14:30:16.0489 4796 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:16.0536 4796 RDPCDD - ok
14:30:16.0583 4796 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:30:16.0645 4796 rdpdr - ok
14:30:16.0645 4796 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:30:16.0677 4796 RDPENCDD - ok
14:30:16.0723 4796 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
14:30:16.0739 4796 RDPWD - ok
14:30:16.0770 4796 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:30:16.0833 4796 RemoteAccess - ok
14:30:16.0848 4796 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:30:16.0895 4796 RemoteRegistry - ok
14:30:16.0911 4796 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
14:30:16.0942 4796 RFCOMM - ok
14:30:16.0973 4796 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:30:16.0989 4796 RpcLocator - ok
14:30:17.0035 4796 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:30:17.0067 4796 RpcSs - ok
14:30:17.0082 4796 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:30:17.0129 4796 rspndr - ok
14:30:17.0176 4796 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:30:17.0223 4796 RTL8169 - ok
14:30:17.0238 4796 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:30:17.0269 4796 SamSs - ok
14:30:17.0301 4796 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:30:17.0316 4796 sbp2port - ok
14:30:17.0363 4796 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:30:17.0410 4796 SCardSvr - ok
14:30:17.0457 4796 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:30:17.0503 4796 Schedule - ok
14:30:17.0550 4796 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:30:17.0581 4796 SCPolicySvc - ok
14:30:17.0613 4796 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:30:17.0659 4796 SDRSVC - ok
14:30:17.0675 4796 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:30:17.0753 4796 secdrv - ok
14:30:17.0769 4796 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:30:17.0815 4796 seclogon - ok
14:30:17.0847 4796 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:30:17.0878 4796 SENS - ok
14:30:17.0909 4796 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:30:17.0971 4796 Serenum - ok
14:30:17.0987 4796 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:30:18.0049 4796 Serial - ok
14:30:18.0081 4796 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:30:18.0112 4796 sermouse - ok
14:30:18.0143 4796 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:30:18.0190 4796 SessionEnv - ok
14:30:18.0205 4796 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:30:18.0252 4796 sffdisk - ok
14:30:18.0268 4796 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:30:18.0330 4796 sffp_mmc - ok
14:30:18.0346 4796 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:30:18.0393 4796 sffp_sd - ok
14:30:18.0424 4796 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:30:18.0486 4796 sfloppy - ok
14:30:18.0533 4796 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:30:18.0580 4796 SharedAccess - ok
14:30:18.0611 4796 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:30:18.0658 4796 ShellHWDetection - ok
14:30:18.0673 4796 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:30:18.0689 4796 sisagp - ok
14:30:18.0705 4796 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:30:18.0720 4796 SiSRaid2 - ok
14:30:18.0736 4796 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:30:18.0751 4796 SiSRaid4 - ok
14:30:18.0939 4796 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:30:19.0157 4796 Skype C2C Service - ok
14:30:19.0219 4796 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
14:30:19.0235 4796 SkypeUpdate - ok
14:30:19.0485 4796 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:30:19.0703 4796 slsvc - ok
14:30:19.0765 4796 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:30:19.0828 4796 SLUINotify - ok
14:30:19.0859 4796 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:30:19.0921 4796 Smb - ok
14:30:19.0968 4796 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
14:30:20.0124 4796 smserial - ok
14:30:20.0155 4796 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:30:20.0187 4796 SNMPTRAP - ok
14:30:20.0218 4796 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:30:20.0233 4796 spldr - ok
14:30:20.0265 4796 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:30:20.0296 4796 Spooler - ok
14:30:20.0327 4796 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:30:20.0358 4796 srv - ok
14:30:20.0374 4796 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:30:20.0421 4796 srv2 - ok
14:30:20.0452 4796 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:30:20.0467 4796 srvnet - ok
14:30:20.0499 4796 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:30:20.0530 4796 SSDPSRV - ok
14:30:20.0545 4796 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:30:20.0577 4796 SstpSvc - ok
14:30:20.0623 4796 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:30:20.0701 4796 stisvc - ok
14:30:20.0717 4796 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:30:20.0733 4796 swenum - ok
14:30:20.0842 4796 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:30:20.0904 4796 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:30:20.0904 4796 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:30:20.0951 4796 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:30:21.0013 4796 swprv - ok
14:30:21.0045 4796 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:30:21.0076 4796 Symc8xx - ok
14:30:21.0091 4796 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:30:21.0107 4796 Sym_hi - ok
14:30:21.0138 4796 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:30:21.0154 4796 Sym_u3 - ok
14:30:21.0201 4796 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:30:21.0279 4796 SysMain - ok
14:30:21.0325 4796 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:30:21.0372 4796 TabletInputService - ok
14:30:21.0419 4796 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:30:21.0481 4796 TapiSrv - ok
14:30:21.0513 4796 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:30:21.0575 4796 TBS - ok
14:30:21.0637 4796 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:30:21.0715 4796 Tcpip - ok
14:30:21.0731 4796 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:30:21.0809 4796 Tcpip6 - ok
14:30:21.0840 4796 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:30:21.0871 4796 tcpipreg - ok
14:30:21.0903 4796 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:30:21.0949 4796 TDPIPE - ok
14:30:21.0965 4796 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:30:21.0996 4796 TDTCP - ok
14:30:22.0043 4796 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:30:22.0105 4796 tdx - ok
14:30:22.0137 4796 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:30:22.0168 4796 TermDD - ok
14:30:22.0199 4796 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:30:22.0293 4796 TermService - ok
14:30:22.0339 4796 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:30:22.0371 4796 Themes - ok
14:30:22.0402 4796 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:30:22.0464 4796 THREADORDER - ok
14:30:22.0495 4796 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:30:22.0573 4796 TrkWks - ok
14:30:22.0620 4796 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:30:22.0667 4796 TrustedInstaller - ok
14:30:22.0714 4796 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:22.0761 4796 tssecsrv - ok
14:30:22.0792 4796 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:30:22.0839 4796 tunmp - ok
14:30:22.0870 4796 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:30:22.0901 4796 tunnel - ok
14:30:22.0932 4796 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:30:22.0963 4796 uagp35 - ok
14:30:23.0010 4796 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:30:23.0057 4796 udfs - ok
14:30:23.0104 4796 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:30:23.0151 4796 UI0Detect - ok
14:30:23.0182 4796 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:30:23.0197 4796 uliagpkx - ok
14:30:23.0229 4796 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:30:23.0260 4796 uliahci - ok
14:30:23.0291 4796 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:30:23.0307 4796 UlSata - ok
14:30:23.0322 4796 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:30:23.0338 4796 ulsata2 - ok
14:30:23.0369 4796 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:30:23.0400 4796 umbus - ok
14:30:23.0447 4796 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:30:23.0494 4796 upnphost - ok
14:30:23.0525 4796 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:23.0556 4796 usbccgp - ok
14:30:23.0587 4796 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:30:23.0650 4796 usbcir - ok
14:30:23.0697 4796 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:30:23.0728 4796 usbehci - ok
14:30:23.0759 4796 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:30:23.0806 4796 usbhub - ok
14:30:23.0821 4796 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:30:23.0899 4796 usbohci - ok
14:30:23.0915 4796 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:30:23.0962 4796 usbprint - ok
14:30:23.0993 4796 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:24.0024 4796 USBSTOR - ok
14:30:24.0071 4796 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:30:24.0087 4796 usbuhci - ok
14:30:24.0118 4796 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:30:24.0165 4796 UxSms - ok
14:30:24.0196 4796 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:30:24.0243 4796 vds - ok
14:30:24.0305 4796 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:24.0336 4796 vga - ok
14:30:24.0367 4796 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:30:24.0399 4796 VgaSave - ok
14:30:24.0430 4796 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:30:24.0445 4796 viaagp - ok
14:30:24.0477 4796 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:30:24.0523 4796 ViaC7 - ok
14:30:24.0539 4796 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
14:30:24.0555 4796 viaide - ok
14:30:24.0601 4796 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
14:30:24.0648 4796 viamraid - ok
14:30:24.0664 4796 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:30:24.0679 4796 volmgr - ok
14:30:24.0726 4796 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:30:24.0757 4796 volmgrx - ok
14:30:24.0789 4796 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:30:24.0804 4796 volsnap - ok
14:30:24.0820 4796 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:30:24.0835 4796 vsmraid - ok
14:30:24.0898 4796 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:30:25.0038 4796 VSS - ok
14:30:25.0069 4796 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:30:25.0116 4796 W32Time - ok
14:30:25.0163 4796 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:30:25.0210 4796 WacomPen - ok
14:30:25.0241 4796 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:25.0257 4796 Wanarp - ok
14:30:25.0272 4796 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:25.0288 4796 Wanarpv6 - ok
14:30:25.0319 4796 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:30:25.0350 4796 wcncsvc - ok
14:30:25.0413 4796 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:30:25.0444 4796 WcsPlugInService - ok
14:30:25.0459 4796 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:30:25.0475 4796 Wd - ok
14:30:25.0522 4796 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:30:25.0537 4796 Wdf01000 - ok
14:30:25.0553 4796 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:30:25.0615 4796 WdiServiceHost - ok
14:30:25.0615 4796 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:30:25.0647 4796 WdiSystemHost - ok
14:30:25.0693 4796 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:30:25.0725 4796 WebClient - ok
14:30:25.0771 4796 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:30:25.0787 4796 Wecsvc - ok
14:30:25.0803 4796 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:30:25.0849 4796 wercplsupport - ok
14:30:25.0881 4796 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:30:25.0912 4796 WerSvc - ok
14:30:25.0990 4796 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:30:26.0005 4796 WinDefend - ok
14:30:26.0021 4796 WinHttpAutoProxySvc - ok
14:30:26.0083 4796 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:30:26.0115 4796 Winmgmt - ok
14:30:26.0177 4796 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:30:26.0302 4796 WinRM - ok
14:30:26.0349 4796 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:30:26.0411 4796 Wlansvc - ok
14:30:26.0520 4796 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:30:26.0598 4796 wlidsvc - ok
14:30:26.0676 4796 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:30:26.0707 4796 WmiAcpi - ok
14:30:26.0754 4796 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:30:26.0785 4796 wmiApSrv - ok
14:30:26.0848 4796 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:30:26.0910 4796 WMPNetworkSvc - ok
14:30:26.0957 4796 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:30:27.0004 4796 WPCSvc - ok
14:30:27.0035 4796 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:30:27.0066 4796 WPDBusEnum - ok
14:30:27.0113 4796 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:30:27.0129 4796 WpdUsb - ok
14:30:27.0253 4796 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:30:27.0300 4796 WPFFontCache_v0400 - ok
14:30:27.0316 4796 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:30:27.0347 4796 ws2ifsl - ok
14:30:27.0363 4796 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:30:27.0394 4796 wscsvc - ok
14:30:27.0409 4796 WSearch - ok
14:30:27.0503 4796 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:30:27.0612 4796 wuauserv - ok
14:30:27.0706 4796 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:30:27.0753 4796 WUDFRd - ok
14:30:27.0768 4796 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:30:27.0815 4796 wudfsvc - ok
14:30:27.0846 4796 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:30:28.0267 4796 \Device\Harddisk0\DR0 - ok
14:30:28.0283 4796 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:30:28.0767 4796 \Device\Harddisk1\DR1 - ok
14:30:28.0767 4796 Boot (0x1200) (e74e15b24b14001cb1757fa47ebfd8d0) \Device\Harddisk0\DR0\Partition0
14:30:28.0782 4796 \Device\Harddisk0\DR0\Partition0 - ok
14:30:28.0782 4796 Boot (0x1200) (f96e63747d947db100f557ae8b2b957e) \Device\Harddisk1\DR1\Partition0
14:30:28.0782 4796 \Device\Harddisk1\DR1\Partition0 - ok
14:30:28.0782 4796 ============================================================
14:30:28.0782 4796 Scan finished
14:30:28.0782 4796 ============================================================
14:30:28.0798 4644 Detected object count: 1
14:30:28.0798 4644 Actual detected object count: 1
14:30:57.0112 4644 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:30:57.0112 4644 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:30:59.0062 4024 Deinitialize success


aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 19:27:59
-----------------------------
19:27:59.410 OS Version: Windows 6.0.6002 Service Pack 2
19:27:59.410 Number of processors: 2 586 0xF02
19:27:59.410 ComputerName: DIEGO-PC UserName: diego
19:28:00.455 Initialize success
19:28:00.580 AVAST engine defs: 12072800
19:28:02.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port3Path0Target0Lun0
19:28:02.312 Disk 0 Vendor: WDC_WD80 04.0 Size: 76319MB BusType: 1
19:28:02.312 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port3Path0Target2Lun0
19:28:02.312 Disk 1 Vendor: WDC_WD80 04.0 Size: 76319MB BusType: 1
19:28:02.374 Disk 0 MBR read successfully
19:28:02.374 Disk 0 MBR scan
19:28:02.390 Disk 0 Windows VISTA default MBR code
19:28:02.405 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 65915 MB offset 63
19:28:02.405 Disk 0 Partition - 00 05 Extended 10401 MB offset 134994195
19:28:02.468 Disk 0 Partition 2 00 82 Linux swap 486 MB offset 155300418
19:28:02.483 Disk 0 scanning sectors +156296385
19:28:02.546 Disk 0 scanning C:\Windows\system32\drivers
19:28:10.533 Service scanning
19:28:24.589 Modules scanning
19:28:29.643 Disk 0 trace - called modules:
19:28:29.721 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys
19:28:29.737 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859a26b0]
19:28:29.737 3 CLASSPNP.SYS[887a18b3] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port3Path0Target0Lun0[0x8564a030]
19:28:30.142 AVAST engine scan C:\Windows
19:28:31.858 AVAST engine scan C:\Windows\system32
19:30:35.941 AVAST engine scan C:\Windows\system32\drivers
19:30:46.081 AVAST engine scan C:\Users\diego
19:41:19.534 AVAST engine scan C:\ProgramData
19:43:03.571 Scan finished successfully
19:59:28.305 Disk 0 MBR has been saved successfully to "C:\Users\diego\Desktop\MBR.dat"
19:59:28.305 The log file has been saved successfully to "C:\Users\diego\Desktop\aswMBR.txt"

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 PM

Posted 29 July 2012 - 01:22 PM

Greetings joeyuser,

This SW is not really from a trustfull source

BleepingComputer's Forum Rules are intended to ensure the use of legal copyrighted material and prohibits assistance when it appears that may have been compromised. In order to continue we need to be assured that if illegally obtained software is present it has been removed. It is also necessary to know what program you are referring to. If you could provide the information relative to hosts file entries required by this software that would assist us in our efforts to clean your computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 PM

Posted 30 July 2012 - 06:16 PM

Greetings joeyuser,

As agreed, the software has been removed from your computer. I would now like you to run a couple of online scans to look for evidences of malware. Please perform the following for me.


===================================================


Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    Posted Image

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • MBAM results
  • ESET results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 joeyuser

joeyuser
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 01 August 2012 - 08:20 AM

Hello Oh My,

here are the results:

==========================================


MBAM


==========================================


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
diego :: DIEGO-PC [administrator]

01.08.2012 12:39:07
mbam-log-2012-08-01 (12-39-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173954
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

==========================================


ESET


==========================================


C:\Users\diego\AppData\Local\Temp\ICReinstall\cnet2_hamsterfreeziparchiver_shareware_others_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\diego\AppData\Local\Temp\ICReinstall\cnet2_ValidateJOBv18_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\diego\AppData\Local\Temp\ICReinstall\cnet_WinMerge-2_12_4-Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\Downloads\cnet2_hamsterfreeziparchiver_shareware_others_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\Downloads\cnet2_ValidateJOBv18_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\Downloads\cnet_WinMerge-2_12_4-Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\Downloads\FreeYouTubeDownloaderInstaller.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
D:\Downloads\FreeYouTubeDownload_3.1.27.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined


Thanks for watching those logs...
Best

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 PM

Posted 01 August 2012 - 09:20 AM

Greetings joeyuser,

Those logs look good. How is your computer running now? Is this still true (all or part)?

Now, 2 months after this fresh installation, the same problems came back: internet slow, browser and/or VLC with high CPU usage, every now and then they (browser/VLC) are freezing for several seconds.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 joeyuser

joeyuser
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 03 August 2012 - 02:42 PM

Hello Oh My,

so, I've used my computer normally in the last two days. As of now, it seems everything is back to the normal functioning. However, I have two questions:

1 - ESET said the infected files were resolved by "deleting - quarantined". Should I make sure they were deleted (I dont need any of those files)?

2 - Is it safe to plug in my laptop USB sticks and external HD that I connected before, when my laptop was still infected? I.e., is there the possibility that those devices could be harboring the infection?

Thanks for the support

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 PM

Posted 03 August 2012 - 02:59 PM

Greetings joeyuser,

ESET has neutralized those file by quarantining them so there is no real reason to have to delete them. You may if it makes you feel better.

The 2 things to worry about with external devices is an autorun infection, which I have seen no evidence of, and the transferring of possibly infected files back on to the computer. My recommendation would be to scan those devices with your onboard Avast AV.

I would appreciate one final check in to confirm your external devices are clean and make sure your computer is still running fine.

Please let me know the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 joeyuser

joeyuser
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 06 August 2012 - 01:34 PM

Hey Oh My!,

Thanks for the info.

However, I have bad news. Yesterday, I noticed that my browser got high CPU usage again and eventually freezed for a couple of seconds.

Is it possible that my laptop got infected again? Should I run ESET again?

Thanks for the support,

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 PM

Posted 06 August 2012 - 01:44 PM

Greetings joeyuser,

It is not uncommon for a web browser to lock up for a brief time once in awhile.

When you say your browser indicated a high CPU usage can you explain/describe exactly what you are referring to, with numbers if possible. You are not talking about memory usage, right?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users