Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.0accessh - can't start windows update and security essentials, random restarts, etc.


  • This topic is locked This topic is locked
21 replies to this topic

#1 mllrstvn

mllrstvn

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 12 August 2012 - 12:32 PM

Hello,

Thanks for this awesome site. I've often used its advice to resolve other security issues on my computer, but this time I'm stymied. A couple days ago (the 9th, I believe) my computer began to play random music, and I noticed my Microsoft Security Essentials was disabled. I attempted to reenable it, only to be told that the service wasn't started. It was actually no longer listed in services.msc, and I noticed that the Windows Update service was no longer listed too. I ran Malwarebytes, which revealed my computer was infected with rootkit.0accessh. This was removed on restart, but I could still no longer reenable Security Essentials and Windows Update. I then ran rkill, which disabled system32/services.exe. This caused Windows to restart. Following advice on another thread, I replaced system32/services.exe with a copy from another folder. After this I again ran rkill, which disabled a different (but still essential process), svchost.exe, which caused another Windows restart. Running Malwarebytes again, I now have two unidentified "Trojan Process"es, and I expect if I ran rkill, there would be another essential process that's bad.

(On Windows Update I get error 80246008 [which is a problem with Background Intelligent Transfer Service]; on windows security essentials the error has to do with update not working.)

Your assistance is much appreciated.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Steven at 12:17:43 on 2012-08-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2704 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Steven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{41053A86-477C-4F0C-B5DC-29E0BDCBE3A8} : DhcpNameServer = 97.64.168.12 97.64.183.165
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\we70oj1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Steven\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Steven\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Steven\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-12 16:42:06 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6667.tmp
2012-08-12 16:42:06 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6656.tmp
2012-08-11 20:55:40 20480 ------w- C:\Windows\svchost.exe
2012-08-10 23:16:16 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-10 23:03:17 -------- d-----w- C:\$RECYCLE.BIN
2012-08-10 02:18:38 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-08-10 02:17:23 303616 ----a-w- C:\SetACL.exe
2012-08-10 01:47:49 290304 ----a-w- C:\subinacl.exe
2012-08-10 01:37:44 -------- d-----w- C:\Intel
2012-08-10 01:37:41 -------- d-----w- C:\swsetup
2012-08-09 13:18:23 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-09 12:45:35 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{916C060A-A1EF-4CC9-8411-85B7C789F1B3}\mpengine.dll
2012-08-08 01:59:02 -------- d-----w- C:\Program Files\Microsoft Device Center
2012-08-07 22:18:26 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-28 14:15:05 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-07-28 14:15:05 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-07-28 14:15:05 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-28 14:14:37 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-28 14:14:37 -------- d-----w- C:\Program Files\iTunes
2012-07-28 14:14:37 -------- d-----w- C:\Program Files\iPod
2012-07-28 14:14:37 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-28 14:13:03 -------- d-----w- C:\Program Files\Bonjour
2012-07-28 14:13:03 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-07-27 17:03:02 -------- d-----w- C:\Users\Steven\AppData\Local\{0492BC0A-E41A-4EF3-8CA6-0454BF2C9442}
2012-07-27 17:02:40 -------- d-----w- C:\Users\Steven\AppData\Local\{5FA7344A-10BE-4965-80B7-721E0B819097}
2012-07-22 04:13:35 -------- d-----w- C:\Users\Steven\AppData\Local\FalloutNV
2012-07-19 02:08:26 -------- d-----w- C:\Program Files (x86)\Rockstar Games
.
==================== Find3M ====================
.
2012-08-03 11:02:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 11:02:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 02:38:30 46176 ----a-w- C:\Windows\System32\drivers\point64.sys
2012-06-25 03:24:48 52320 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 18:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 18:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 18:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 18:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 18:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 18:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-28 12:09:04 2168416 ----a-w- C:\Windows\System32\coin91.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 12:17:59.75 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:42 AM

Posted 12 August 2012 - 04:44 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mllrstvn

mllrstvn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 12 August 2012 - 07:29 PM

Thank you for the speedy reply. I'll pick up a flash drive tomorrow and do this tomorrow evening.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:42 AM

Posted 12 August 2012 - 07:34 PM

we can try a tool that doesn't require you to go and purchase a USB

try the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 mllrstvn

mllrstvn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 12 August 2012 - 10:15 PM

Thanks, CatByte. I did as you said. The log is below. I should note, though, that after rebooting and launching Firefox, I received a BSOD. It disappeared before I was able to write down its memory exception information. This may just be coincidental.

--- --- ---

ComboFix 12-08-10.02 - Steven 08/12/2012 21:49:27.3.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3041 [GMT -5:00]
Running from: c:\users\Steven\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-12 16:42 . 2012-08-12 16:42 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\6667.tmp
2012-08-12 16:42 . 2012-08-12 16:42 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\6656.tmp
2012-08-10 23:16 . 2012-08-10 23:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-10 02:18 . 2012-08-10 02:18 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-08-10 02:17 . 2012-08-10 01:39 303616 ----a-w- C:\SetACL.exe
2012-08-10 01:47 . 2012-08-10 01:39 290304 ----a-w- C:\subinacl.exe
2012-08-10 01:39 . 2012-08-10 02:21 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-10 01:37 . 2012-08-10 01:37 -------- d-----w- C:\Intel
2012-08-10 01:37 . 2012-08-10 01:37 -------- d-----w- c:\users\Steven\AppData\Roaming\InstallShield
2012-08-10 01:37 . 2012-08-10 01:37 -------- d-----w- c:\program files (x86)\Intel
2012-08-10 01:37 . 2012-08-10 01:37 -------- d-----w- C:\swsetup
2012-08-09 13:18 . 2012-08-09 13:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-09 12:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{916C060A-A1EF-4CC9-8411-85B7C789F1B3}\mpengine.dll
2012-08-08 01:59 . 2012-08-08 01:59 -------- d-----w- c:\program files\Microsoft Device Center
2012-08-07 22:18 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-28 14:15 . 2012-07-28 14:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-28 14:15 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-28 14:15 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-28 14:15 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-28 14:14 . 2012-07-28 14:15 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-28 14:14 . 2012-07-28 14:15 -------- d-----w- c:\program files\iTunes
2012-07-28 14:14 . 2012-07-28 14:15 -------- d-----w- c:\program files (x86)\iTunes
2012-07-28 14:14 . 2012-07-28 14:14 -------- d-----w- c:\program files\iPod
2012-07-28 14:13 . 2012-07-28 14:13 -------- d-----w- c:\program files\Common Files\Apple
2012-07-28 14:13 . 2012-07-28 14:13 -------- d-----w- c:\program files\Bonjour
2012-07-28 14:13 . 2012-07-28 14:13 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-22 04:13 . 2012-07-22 04:13 -------- d-----w- c:\users\Steven\AppData\Local\FalloutNV
2012-07-19 02:08 . 2012-07-19 02:08 -------- d-----w- c:\program files (x86)\Rockstar Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 11:02 . 2012-04-12 12:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 11:02 . 2011-07-19 14:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2011-09-08 02:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 08:19 . 2011-01-08 13:55 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-27 02:38 . 2012-06-27 02:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
2012-06-25 03:24 . 2012-06-25 03:24 52320 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-06-12 03:08 . 2012-07-12 06:04 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-10-26 02:05 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-10-26 02:04 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2011-10-26 01:55 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-10-26 01:46 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-10-26 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-10-26 01:21 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2011-10-26 01:20 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-09 05:43 . 2012-07-11 11:13 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:13 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:13 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:13 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:13 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:13 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:13 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 19:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 19:46 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 19:46 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:13 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:13 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:13 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:13 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:13 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:13 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:13 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:13 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:13 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-28 12:09 . 2012-05-28 12:09 2168416 ----a-w- c:\windows\system32\coin91.dll
2012-05-15 04:01 . 2012-06-13 02:56 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 02:56 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 02:56 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-07 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-08 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:02]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-61726908-45000090-3775354014-1000Core.job
- c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 03:42]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-61726908-45000090-3775354014-1000UA.job
- c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 03:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\we70oj1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-08-12 22:04:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 03:04
ComboFix2.txt 2012-08-10 23:09
.
Pre-Run: 288,027,357,184 bytes free
Post-Run: 288,086,900,736 bytes free
.
- - End Of File - - F51119374DD79818B61E648FDF743AAC

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:42 AM

Posted 12 August 2012 - 10:33 PM

please run the following, try it first in normal mode, if it wont run in normal mode, then run it in safe mode:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 mllrstvn

mllrstvn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 13 August 2012 - 06:16 AM

A TDSS file system was found; following your instructions, I selected "skip" because "cure" was not available.

--- --- ---

06:08:21.0679 4384 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
06:08:22.0039 4384 ============================================================
06:08:22.0039 4384 Current date / time: 2012/08/13 06:08:22.0039
06:08:22.0039 4384 SystemInfo:
06:08:22.0039 4384
06:08:22.0039 4384 OS Version: 6.1.7601 ServicePack: 1.0
06:08:22.0039 4384 Product type: Workstation
06:08:22.0039 4384 ComputerName: STEVEN-PC
06:08:22.0039 4384 UserName: Steven
06:08:22.0039 4384 Windows directory: C:\Windows
06:08:22.0039 4384 System windows directory: C:\Windows
06:08:22.0039 4384 Running under WOW64
06:08:22.0039 4384 Processor architecture: Intel x64
06:08:22.0039 4384 Number of processors: 3
06:08:22.0039 4384 Page size: 0x1000
06:08:22.0039 4384 Boot type: Normal boot
06:08:22.0039 4384 ============================================================
06:08:22.0229 4384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
06:08:22.0229 4384 ============================================================
06:08:22.0229 4384 \Device\Harddisk0\DR0:
06:08:22.0229 4384 MBR partitions:
06:08:22.0229 4384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:08:22.0229 4384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
06:08:22.0229 4384 ============================================================
06:08:22.0249 4384 C: <-> \Device\Harddisk0\DR0\Partition1
06:08:22.0249 4384 ============================================================
06:08:22.0249 4384 Initialize success
06:08:22.0249 4384 ============================================================
06:08:33.0995 4476 ============================================================
06:08:33.0995 4476 Scan started
06:08:33.0995 4476 Mode: Manual; TDLFS;
06:08:33.0995 4476 ============================================================
06:08:34.0682 4476 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
06:08:34.0682 4476 1394ohci - ok
06:08:34.0744 4476 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:08:34.0760 4476 ACPI - ok
06:08:34.0775 4476 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:08:34.0775 4476 AcpiPmi - ok
06:08:34.0916 4476 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:08:34.0916 4476 AdobeARMservice - ok
06:08:35.0056 4476 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:08:35.0072 4476 AdobeFlashPlayerUpdateSvc - ok
06:08:35.0150 4476 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
06:08:35.0150 4476 adp94xx - ok
06:08:35.0181 4476 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
06:08:35.0181 4476 adpahci - ok
06:08:35.0197 4476 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
06:08:35.0197 4476 adpu320 - ok
06:08:35.0228 4476 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
06:08:35.0228 4476 AeLookupSvc - ok
06:08:35.0290 4476 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
06:08:35.0290 4476 AFD - ok
06:08:35.0321 4476 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:08:35.0321 4476 agp440 - ok
06:08:35.0337 4476 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
06:08:35.0353 4476 ALG - ok
06:08:35.0368 4476 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:08:35.0368 4476 aliide - ok
06:08:35.0431 4476 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
06:08:35.0431 4476 AMD External Events Utility - ok
06:08:35.0540 4476 AMD FUEL Service - ok
06:08:35.0555 4476 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:08:35.0555 4476 amdide - ok
06:08:35.0602 4476 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
06:08:35.0602 4476 amdiox64 - ok
06:08:35.0633 4476 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
06:08:35.0633 4476 AmdK8 - ok
06:08:35.0899 4476 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
06:08:35.0945 4476 amdkmdag - ok
06:08:36.0117 4476 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
06:08:36.0117 4476 amdkmdap - ok
06:08:36.0133 4476 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
06:08:36.0133 4476 AmdPPM - ok
06:08:36.0179 4476 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
06:08:36.0179 4476 amdsata - ok
06:08:36.0195 4476 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
06:08:36.0195 4476 amdsbs - ok
06:08:36.0226 4476 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
06:08:36.0226 4476 amdxata - ok
06:08:36.0335 4476 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
06:08:36.0335 4476 AODDriver4.01 - ok
06:08:36.0351 4476 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
06:08:36.0351 4476 AODDriver4.1 - ok
06:08:36.0445 4476 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
06:08:36.0445 4476 AppHostSvc - ok
06:08:36.0491 4476 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:08:36.0491 4476 AppID - ok
06:08:36.0507 4476 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
06:08:36.0507 4476 AppIDSvc - ok
06:08:36.0538 4476 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
06:08:36.0538 4476 Appinfo - ok
06:08:36.0632 4476 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:08:36.0632 4476 Apple Mobile Device - ok
06:08:36.0679 4476 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
06:08:36.0679 4476 AppMgmt - ok
06:08:36.0710 4476 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
06:08:36.0710 4476 arc - ok
06:08:36.0741 4476 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
06:08:36.0741 4476 arcsas - ok
06:08:36.0897 4476 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:08:36.0897 4476 aspnet_state - ok
06:08:36.0913 4476 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:08:36.0913 4476 AsyncMac - ok
06:08:36.0944 4476 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:08:36.0944 4476 atapi - ok
06:08:37.0053 4476 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
06:08:37.0069 4476 AtiHDAudioService - ok
06:08:37.0365 4476 atikmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
06:08:37.0412 4476 atikmdag - ok
06:08:37.0583 4476 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:08:37.0599 4476 AudioEndpointBuilder - ok
06:08:37.0599 4476 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:08:37.0599 4476 AudioSrv - ok
06:08:37.0677 4476 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
06:08:37.0677 4476 AxInstSV - ok
06:08:37.0755 4476 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
06:08:37.0755 4476 b06bdrv - ok
06:08:37.0802 4476 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:08:37.0802 4476 b57nd60a - ok
06:08:37.0833 4476 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
06:08:37.0833 4476 BDESVC - ok
06:08:37.0864 4476 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:08:37.0864 4476 Beep - ok
06:08:38.0005 4476 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
06:08:38.0005 4476 BFE - ok
06:08:38.0036 4476 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:08:38.0036 4476 blbdrive - ok
06:08:38.0098 4476 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
06:08:38.0114 4476 Bonjour Service - ok
06:08:38.0207 4476 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:08:38.0207 4476 bowser - ok
06:08:38.0348 4476 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:08:38.0348 4476 BrFiltLo - ok
06:08:38.0379 4476 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:08:38.0379 4476 BrFiltUp - ok
06:08:38.0410 4476 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
06:08:38.0410 4476 BridgeMP - ok
06:08:38.0441 4476 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
06:08:38.0441 4476 Browser - ok
06:08:38.0473 4476 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:08:38.0473 4476 Brserid - ok
06:08:38.0488 4476 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:08:38.0488 4476 BrSerWdm - ok
06:08:38.0504 4476 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:08:38.0504 4476 BrUsbMdm - ok
06:08:38.0519 4476 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:08:38.0519 4476 BrUsbSer - ok
06:08:38.0519 4476 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
06:08:38.0519 4476 BTHMODEM - ok
06:08:38.0582 4476 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
06:08:38.0582 4476 bthserv - ok
06:08:38.0613 4476 catchme - ok
06:08:38.0644 4476 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:08:38.0644 4476 cdfs - ok
06:08:38.0691 4476 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
06:08:38.0691 4476 cdrom - ok
06:08:38.0753 4476 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:08:38.0769 4476 CertPropSvc - ok
06:08:38.0785 4476 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
06:08:38.0785 4476 circlass - ok
06:08:38.0800 4476 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:08:38.0816 4476 CLFS - ok
06:08:38.0909 4476 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:08:38.0909 4476 clr_optimization_v2.0.50727_32 - ok
06:08:38.0941 4476 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:08:38.0941 4476 clr_optimization_v2.0.50727_64 - ok
06:08:39.0050 4476 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:08:39.0050 4476 clr_optimization_v4.0.30319_32 - ok
06:08:39.0097 4476 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:08:39.0097 4476 clr_optimization_v4.0.30319_64 - ok
06:08:39.0128 4476 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
06:08:39.0128 4476 CmBatt - ok
06:08:39.0175 4476 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:08:39.0175 4476 cmdide - ok
06:08:39.0284 4476 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
06:08:39.0284 4476 CNG - ok
06:08:39.0299 4476 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
06:08:39.0299 4476 Compbatt - ok
06:08:39.0346 4476 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
06:08:39.0346 4476 CompositeBus - ok
06:08:39.0393 4476 COMSysApp - ok
06:08:39.0409 4476 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
06:08:39.0409 4476 crcdisk - ok
06:08:39.0455 4476 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
06:08:39.0455 4476 CryptSvc - ok
06:08:39.0502 4476 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
06:08:39.0502 4476 CSC - ok
06:08:39.0549 4476 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
06:08:39.0549 4476 CscService - ok
06:08:39.0580 4476 dc3d (c7259495924d21f1afa26467d9f4dae0) C:\Windows\system32\DRIVERS\dc3d.sys
06:08:39.0580 4476 dc3d - ok
06:08:39.0674 4476 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:08:39.0674 4476 DcomLaunch - ok
06:08:39.0705 4476 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
06:08:39.0705 4476 defragsvc - ok
06:08:39.0767 4476 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:08:39.0767 4476 DfsC - ok
06:08:39.0845 4476 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
06:08:39.0845 4476 Dhcp - ok
06:08:39.0861 4476 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:08:39.0861 4476 discache - ok
06:08:39.0892 4476 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
06:08:39.0892 4476 Disk - ok
06:08:39.0939 4476 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
06:08:39.0939 4476 Dnscache - ok
06:08:40.0033 4476 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
06:08:40.0033 4476 dot3svc - ok
06:08:40.0064 4476 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
06:08:40.0064 4476 DPS - ok
06:08:40.0095 4476 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:08:40.0095 4476 drmkaud - ok
06:08:40.0142 4476 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:08:40.0157 4476 DXGKrnl - ok
06:08:40.0173 4476 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
06:08:40.0173 4476 EapHost - ok
06:08:40.0267 4476 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
06:08:40.0282 4476 ebdrv - ok
06:08:40.0407 4476 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
06:08:40.0407 4476 EFS - ok
06:08:40.0516 4476 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
06:08:40.0532 4476 ehRecvr - ok
06:08:40.0563 4476 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
06:08:40.0563 4476 ehSched - ok
06:08:40.0657 4476 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
06:08:40.0657 4476 elxstor - ok
06:08:40.0688 4476 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:08:40.0688 4476 ErrDev - ok
06:08:40.0735 4476 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
06:08:40.0735 4476 EventSystem - ok
06:08:40.0766 4476 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:08:40.0766 4476 exfat - ok
06:08:40.0781 4476 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:08:40.0781 4476 fastfat - ok
06:08:40.0828 4476 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
06:08:40.0844 4476 Fax - ok
06:08:40.0859 4476 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
06:08:40.0859 4476 fdc - ok
06:08:40.0891 4476 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
06:08:40.0906 4476 fdPHost - ok
06:08:40.0906 4476 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
06:08:40.0906 4476 FDResPub - ok
06:08:40.0922 4476 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:08:40.0922 4476 FileInfo - ok
06:08:40.0937 4476 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:08:40.0937 4476 Filetrace - ok
06:08:40.0953 4476 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
06:08:40.0953 4476 flpydisk - ok
06:08:40.0984 4476 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:08:41.0000 4476 FltMgr - ok
06:08:41.0062 4476 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
06:08:41.0062 4476 FontCache - ok
06:08:41.0187 4476 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:08:41.0187 4476 FontCache3.0.0.0 - ok
06:08:41.0234 4476 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:08:41.0234 4476 FsDepends - ok
06:08:41.0281 4476 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
06:08:41.0281 4476 Fs_Rec - ok
06:08:41.0327 4476 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:08:41.0327 4476 fvevol - ok
06:08:41.0359 4476 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:08:41.0359 4476 gagp30kx - ok
06:08:41.0405 4476 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:08:41.0405 4476 GEARAspiWDM - ok
06:08:41.0452 4476 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
06:08:41.0468 4476 gpsvc - ok
06:08:41.0499 4476 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:08:41.0499 4476 hcw85cir - ok
06:08:41.0577 4476 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
06:08:41.0577 4476 HdAudAddService - ok
06:08:41.0608 4476 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
06:08:41.0608 4476 HDAudBus - ok
06:08:41.0624 4476 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
06:08:41.0624 4476 HidBatt - ok
06:08:41.0624 4476 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
06:08:41.0624 4476 HidBth - ok
06:08:41.0686 4476 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
06:08:41.0686 4476 HidIr - ok
06:08:41.0702 4476 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
06:08:41.0702 4476 hidserv - ok
06:08:41.0717 4476 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
06:08:41.0717 4476 HidUsb - ok
06:08:41.0749 4476 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
06:08:41.0749 4476 hkmsvc - ok
06:08:41.0827 4476 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
06:08:41.0827 4476 HomeGroupListener - ok
06:08:41.0873 4476 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
06:08:41.0873 4476 HomeGroupProvider - ok
06:08:41.0905 4476 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
06:08:41.0905 4476 HpSAMD - ok
06:08:41.0998 4476 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
06:08:42.0014 4476 HTTP - ok
06:08:42.0029 4476 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
06:08:42.0029 4476 hwpolicy - ok
06:08:42.0107 4476 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
06:08:42.0107 4476 i8042prt - ok
06:08:42.0139 4476 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
06:08:42.0154 4476 iaStorV - ok
06:08:42.0263 4476 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:08:42.0263 4476 idsvc - ok
06:08:42.0295 4476 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
06:08:42.0295 4476 iirsp - ok
06:08:42.0404 4476 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
06:08:42.0404 4476 IKEEXT - ok
06:08:42.0435 4476 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:08:42.0435 4476 intelide - ok
06:08:42.0497 4476 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
06:08:42.0497 4476 intelppm - ok
06:08:42.0529 4476 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
06:08:42.0529 4476 IPBusEnum - ok
06:08:42.0560 4476 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:08:42.0560 4476 IpFilterDriver - ok
06:08:42.0591 4476 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
06:08:42.0591 4476 IPMIDRV - ok
06:08:42.0607 4476 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:08:42.0607 4476 IPNAT - ok
06:08:42.0700 4476 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
06:08:42.0700 4476 iPod Service - ok
06:08:42.0716 4476 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:08:42.0716 4476 IRENUM - ok
06:08:42.0747 4476 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:08:42.0747 4476 isapnp - ok
06:08:42.0763 4476 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
06:08:42.0763 4476 iScsiPrt - ok
06:08:42.0778 4476 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
06:08:42.0778 4476 kbdclass - ok
06:08:42.0809 4476 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
06:08:42.0809 4476 kbdhid - ok
06:08:42.0841 4476 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:08:42.0841 4476 KeyIso - ok
06:08:42.0872 4476 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
06:08:42.0872 4476 KSecDD - ok
06:08:42.0950 4476 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
06:08:42.0950 4476 KSecPkg - ok
06:08:42.0965 4476 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:08:42.0965 4476 ksthunk - ok
06:08:42.0997 4476 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
06:08:42.0997 4476 KtmRm - ok
06:08:43.0043 4476 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
06:08:43.0043 4476 LanmanServer - ok
06:08:43.0075 4476 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
06:08:43.0075 4476 LanmanWorkstation - ok
06:08:43.0106 4476 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:08:43.0106 4476 lltdio - ok
06:08:43.0184 4476 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
06:08:43.0184 4476 lltdsvc - ok
06:08:43.0215 4476 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
06:08:43.0215 4476 lmhosts - ok
06:08:43.0246 4476 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:08:43.0246 4476 LSI_FC - ok
06:08:43.0309 4476 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:08:43.0309 4476 LSI_SAS - ok
06:08:43.0324 4476 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:08:43.0324 4476 LSI_SAS2 - ok
06:08:43.0340 4476 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:08:43.0340 4476 LSI_SCSI - ok
06:08:43.0371 4476 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:08:43.0371 4476 luafv - ok
06:08:43.0433 4476 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
06:08:43.0449 4476 Mcx2Svc - ok
06:08:43.0465 4476 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
06:08:43.0465 4476 megasas - ok
06:08:43.0496 4476 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
06:08:43.0496 4476 MegaSR - ok
06:08:43.0605 4476 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
06:08:43.0605 4476 Microsoft Office Groove Audit Service - ok
06:08:43.0636 4476 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:08:43.0636 4476 MMCSS - ok
06:08:43.0652 4476 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:08:43.0652 4476 Modem - ok
06:08:43.0683 4476 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:08:43.0683 4476 monitor - ok
06:08:43.0730 4476 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
06:08:43.0730 4476 mouclass - ok
06:08:43.0745 4476 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:08:43.0745 4476 mouhid - ok
06:08:43.0777 4476 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
06:08:43.0777 4476 mountmgr - ok
06:08:43.0855 4476 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:08:43.0855 4476 MozillaMaintenance - ok
06:08:43.0917 4476 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
06:08:43.0933 4476 MpFilter - ok
06:08:43.0964 4476 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
06:08:43.0979 4476 mpio - ok
06:08:44.0026 4476 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:08:44.0026 4476 mpsdrv - ok
06:08:44.0073 4476 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
06:08:44.0073 4476 MRxDAV - ok
06:08:44.0104 4476 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:08:44.0104 4476 mrxsmb - ok
06:08:44.0167 4476 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:08:44.0167 4476 mrxsmb10 - ok
06:08:44.0198 4476 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:08:44.0198 4476 mrxsmb20 - ok
06:08:44.0213 4476 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
06:08:44.0213 4476 msahci - ok
06:08:44.0260 4476 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
06:08:44.0260 4476 msdsm - ok
06:08:44.0291 4476 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
06:08:44.0291 4476 MSDTC - ok
06:08:44.0354 4476 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:08:44.0354 4476 Msfs - ok
06:08:44.0369 4476 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:08:44.0369 4476 mshidkmdf - ok
06:08:44.0385 4476 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:08:44.0385 4476 msisadrv - ok
06:08:44.0416 4476 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
06:08:44.0432 4476 MSiSCSI - ok
06:08:44.0432 4476 msiserver - ok
06:08:44.0447 4476 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:08:44.0447 4476 MSKSSRV - ok
06:08:44.0494 4476 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:08:44.0494 4476 MSPCLOCK - ok
06:08:44.0494 4476 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:08:44.0494 4476 MSPQM - ok
06:08:44.0541 4476 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
06:08:44.0557 4476 MsRPC - ok
06:08:44.0572 4476 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
06:08:44.0572 4476 mssmbios - ok
06:08:44.0588 4476 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:08:44.0588 4476 MSTEE - ok
06:08:44.0588 4476 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
06:08:44.0603 4476 MTConfig - ok
06:08:44.0603 4476 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:08:44.0603 4476 Mup - ok
06:08:44.0666 4476 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
06:08:44.0666 4476 napagent - ok
06:08:44.0713 4476 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:08:44.0713 4476 NativeWifiP - ok
06:08:44.0775 4476 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
06:08:44.0775 4476 NDIS - ok
06:08:44.0791 4476 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:08:44.0791 4476 NdisCap - ok
06:08:44.0853 4476 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:08:44.0853 4476 NdisTapi - ok
06:08:44.0884 4476 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
06:08:44.0884 4476 Ndisuio - ok
06:08:44.0931 4476 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
06:08:44.0931 4476 NdisWan - ok
06:08:44.0962 4476 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
06:08:44.0962 4476 NDProxy - ok
06:08:44.0978 4476 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:08:44.0978 4476 NetBIOS - ok
06:08:45.0025 4476 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
06:08:45.0025 4476 NetBT - ok
06:08:45.0087 4476 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:08:45.0087 4476 Netlogon - ok
06:08:45.0149 4476 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
06:08:45.0149 4476 Netman - ok
06:08:45.0243 4476 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:08:45.0259 4476 NetMsmqActivator - ok
06:08:45.0259 4476 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:08:45.0259 4476 NetPipeActivator - ok
06:08:45.0321 4476 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
06:08:45.0337 4476 netprofm - ok
06:08:45.0352 4476 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:08:45.0352 4476 NetTcpActivator - ok
06:08:45.0352 4476 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:08:45.0352 4476 NetTcpPortSharing - ok
06:08:45.0415 4476 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
06:08:45.0415 4476 nfrd960 - ok
06:08:45.0508 4476 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
06:08:45.0508 4476 NisDrv - ok
06:08:45.0617 4476 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
06:08:45.0633 4476 NisSrv - ok
06:08:45.0664 4476 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
06:08:45.0664 4476 NlaSvc - ok
06:08:45.0680 4476 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:08:45.0680 4476 Npfs - ok
06:08:45.0742 4476 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
06:08:45.0742 4476 nsi - ok
06:08:45.0758 4476 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:08:45.0758 4476 nsiproxy - ok
06:08:45.0836 4476 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
06:08:45.0836 4476 Ntfs - ok
06:08:45.0961 4476 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:08:45.0961 4476 Null - ok
06:08:45.0992 4476 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
06:08:45.0992 4476 nvraid - ok
06:08:46.0007 4476 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
06:08:46.0007 4476 nvstor - ok
06:08:46.0023 4476 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:08:46.0023 4476 nv_agp - ok
06:08:46.0163 4476 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:08:46.0163 4476 odserv - ok
06:08:46.0179 4476 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:08:46.0179 4476 ohci1394 - ok
06:08:46.0257 4476 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:08:46.0257 4476 ose - ok
06:08:46.0288 4476 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:08:46.0288 4476 p2pimsvc - ok
06:08:46.0304 4476 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
06:08:46.0304 4476 p2psvc - ok
06:08:46.0366 4476 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
06:08:46.0366 4476 Parport - ok
06:08:46.0397 4476 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
06:08:46.0397 4476 partmgr - ok
06:08:46.0413 4476 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
06:08:46.0413 4476 PcaSvc - ok
06:08:46.0460 4476 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
06:08:46.0460 4476 pci - ok
06:08:46.0460 4476 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:08:46.0460 4476 pciide - ok
06:08:46.0538 4476 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
06:08:46.0538 4476 pcmcia - ok
06:08:46.0709 4476 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:08:46.0709 4476 pcw - ok
06:08:47.0053 4476 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:08:47.0068 4476 PEAUTH - ok
06:08:47.0240 4476 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
06:08:47.0240 4476 PeerDistSvc - ok
06:08:47.0380 4476 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
06:08:47.0380 4476 PerfHost - ok
06:08:47.0833 4476 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
06:08:47.0833 4476 pla - ok
06:08:47.0957 4476 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
06:08:47.0973 4476 PlugPlay - ok
06:08:47.0989 4476 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
06:08:47.0989 4476 PNRPAutoReg - ok
06:08:48.0020 4476 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:08:48.0020 4476 PNRPsvc - ok
06:08:48.0129 4476 Point64 (32d374c60778253b81fa76c2fe19e155) C:\Windows\system32\DRIVERS\point64.sys
06:08:48.0129 4476 Point64 - ok
06:08:48.0316 4476 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
06:08:48.0316 4476 PolicyAgent - ok
06:08:48.0347 4476 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
06:08:48.0347 4476 Power - ok
06:08:48.0472 4476 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
06:08:48.0472 4476 PptpMiniport - ok
06:08:48.0519 4476 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
06:08:48.0519 4476 Processor - ok
06:08:48.0597 4476 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
06:08:48.0597 4476 ProfSvc - ok
06:08:48.0628 4476 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:08:48.0628 4476 ProtectedStorage - ok
06:08:48.0659 4476 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
06:08:48.0675 4476 Psched - ok
06:08:48.0753 4476 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
06:08:48.0769 4476 ql2300 - ok
06:08:48.0878 4476 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
06:08:48.0878 4476 ql40xx - ok
06:08:48.0925 4476 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
06:08:48.0925 4476 QWAVE - ok
06:08:48.0940 4476 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:08:48.0940 4476 QWAVEdrv - ok
06:08:48.0956 4476 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:08:48.0956 4476 RasAcd - ok
06:08:49.0034 4476 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:08:49.0034 4476 RasAgileVpn - ok
06:08:49.0065 4476 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
06:08:49.0065 4476 RasAuto - ok
06:08:49.0174 4476 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:08:49.0174 4476 Rasl2tp - ok
06:08:49.0252 4476 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
06:08:49.0252 4476 RasMan - ok
06:08:49.0268 4476 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:08:49.0268 4476 RasPppoe - ok
06:08:49.0268 4476 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:08:49.0268 4476 RasSstp - ok
06:08:49.0330 4476 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
06:08:49.0330 4476 rdbss - ok
06:08:49.0346 4476 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
06:08:49.0346 4476 rdpbus - ok
06:08:49.0408 4476 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:08:49.0408 4476 RDPCDD - ok
06:08:49.0455 4476 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
06:08:49.0455 4476 RDPDR - ok
06:08:49.0455 4476 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:08:49.0455 4476 RDPENCDD - ok
06:08:49.0486 4476 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:08:49.0486 4476 RDPREFMP - ok
06:08:49.0564 4476 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
06:08:49.0580 4476 RDPWD - ok
06:08:49.0642 4476 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
06:08:49.0642 4476 rdyboost - ok
06:08:49.0720 4476 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
06:08:49.0720 4476 RemoteAccess - ok
06:08:49.0751 4476 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
06:08:49.0751 4476 RemoteRegistry - ok
06:08:49.0767 4476 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
06:08:49.0767 4476 RpcEptMapper - ok
06:08:49.0783 4476 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
06:08:49.0783 4476 RpcLocator - ok
06:08:49.0892 4476 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
06:08:49.0892 4476 RpcSs - ok
06:08:49.0907 4476 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:08:49.0907 4476 rspndr - ok
06:08:49.0954 4476 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
06:08:49.0954 4476 RTL8167 - ok
06:08:49.0970 4476 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
06:08:49.0970 4476 s3cap - ok
06:08:50.0032 4476 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:08:50.0032 4476 SamSs - ok
06:08:50.0079 4476 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
06:08:50.0079 4476 sbp2port - ok
06:08:50.0110 4476 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
06:08:50.0110 4476 SCardSvr - ok
06:08:50.0235 4476 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
06:08:50.0235 4476 scfilter - ok
06:08:50.0843 4476 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
06:08:50.0843 4476 Schedule - ok
06:08:50.0875 4476 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:08:50.0875 4476 SCPolicySvc - ok
06:08:50.0906 4476 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
06:08:50.0906 4476 SDRSVC - ok
06:08:50.0954 4476 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:08:50.0954 4476 secdrv - ok
06:08:50.0985 4476 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
06:08:50.0985 4476 seclogon - ok
06:08:50.0985 4476 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
06:08:50.0985 4476 SENS - ok
06:08:51.0000 4476 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
06:08:51.0000 4476 SensrSvc - ok
06:08:51.0110 4476 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
06:08:51.0110 4476 Serenum - ok
06:08:51.0141 4476 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
06:08:51.0141 4476 Serial - ok
06:08:51.0281 4476 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
06:08:51.0281 4476 sermouse - ok
06:08:51.0437 4476 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
06:08:51.0437 4476 SessionEnv - ok
06:08:51.0515 4476 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:08:51.0515 4476 sffdisk - ok
06:08:51.0531 4476 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:08:51.0531 4476 sffp_mmc - ok
06:08:51.0531 4476 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
06:08:51.0531 4476 sffp_sd - ok
06:08:51.0546 4476 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
06:08:51.0546 4476 sfloppy - ok
06:08:51.0624 4476 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
06:08:51.0624 4476 SharedAccess - ok
06:08:51.0656 4476 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
06:08:51.0656 4476 ShellHWDetection - ok
06:08:51.0671 4476 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:08:51.0671 4476 SiSRaid2 - ok
06:08:51.0687 4476 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
06:08:51.0687 4476 SiSRaid4 - ok
06:08:51.0749 4476 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:08:51.0749 4476 Smb - ok
06:08:51.0765 4476 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
06:08:51.0780 4476 SNMPTRAP - ok
06:08:51.0780 4476 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:08:51.0780 4476 spldr - ok
06:08:51.0843 4476 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
06:08:51.0843 4476 Spooler - ok
06:08:51.0983 4476 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
06:08:51.0999 4476 sppsvc - ok
06:08:52.0108 4476 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
06:08:52.0108 4476 sppuinotify - ok
06:08:52.0186 4476 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
06:08:52.0202 4476 srv - ok
06:08:52.0233 4476 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
06:08:52.0233 4476 srv2 - ok
06:08:52.0264 4476 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
06:08:52.0264 4476 srvnet - ok
06:08:52.0342 4476 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
06:08:52.0358 4476 SSDPSRV - ok
06:08:52.0373 4476 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
06:08:52.0373 4476 SstpSvc - ok
06:08:52.0467 4476 Steam Client Service - ok
06:08:52.0498 4476 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
06:08:52.0498 4476 stexstor - ok
06:08:52.0560 4476 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
06:08:52.0576 4476 stisvc - ok
06:08:52.0607 4476 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
06:08:52.0607 4476 storflt - ok
06:08:52.0623 4476 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
06:08:52.0623 4476 StorSvc - ok
06:08:52.0638 4476 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
06:08:52.0638 4476 storvsc - ok
06:08:52.0685 4476 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
06:08:52.0685 4476 swenum - ok
06:08:52.0732 4476 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
06:08:52.0732 4476 swprv - ok
06:08:52.0810 4476 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
06:08:52.0826 4476 SysMain - ok
06:08:52.0919 4476 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
06:08:52.0935 4476 TabletInputService - ok
06:08:52.0950 4476 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
06:08:52.0966 4476 TapiSrv - ok
06:08:52.0966 4476 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
06:08:52.0982 4476 TBS - ok
06:08:53.0138 4476 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
06:08:53.0169 4476 Tcpip - ok
06:08:53.0294 4476 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
06:08:53.0309 4476 TCPIP6 - ok
06:08:53.0356 4476 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
06:08:53.0356 4476 tcpipreg - ok
06:08:53.0387 4476 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:08:53.0387 4476 TDPIPE - ok
06:08:53.0418 4476 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
06:08:53.0418 4476 TDTCP - ok
06:08:53.0481 4476 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
06:08:53.0481 4476 tdx - ok
06:08:53.0528 4476 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
06:08:53.0528 4476 TermDD - ok
06:08:53.0574 4476 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
06:08:53.0574 4476 TermService - ok
06:08:53.0590 4476 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
06:08:53.0606 4476 Themes - ok
06:08:53.0621 4476 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:08:53.0621 4476 THREADORDER - ok
06:08:53.0637 4476 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
06:08:53.0637 4476 TrkWks - ok
06:08:53.0715 4476 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
06:08:53.0730 4476 TrustedInstaller - ok
06:08:53.0762 4476 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:08:53.0762 4476 tssecsrv - ok
06:08:53.0793 4476 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
06:08:53.0793 4476 TsUsbFlt - ok
06:08:53.0871 4476 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
06:08:53.0886 4476 tunnel - ok
06:08:53.0918 4476 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
06:08:53.0918 4476 uagp35 - ok
06:08:53.0964 4476 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
06:08:53.0964 4476 udfs - ok
06:08:53.0996 4476 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
06:08:54.0011 4476 UI0Detect - ok
06:08:54.0042 4476 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:08:54.0042 4476 uliagpkx - ok
06:08:54.0105 4476 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
06:08:54.0105 4476 umbus - ok
06:08:54.0136 4476 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
06:08:54.0136 4476 UmPass - ok
06:08:54.0183 4476 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
06:08:54.0183 4476 UmRdpService - ok
06:08:54.0198 4476 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
06:08:54.0198 4476 upnphost - ok
06:08:54.0230 4476 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
06:08:54.0230 4476 USBAAPL64 - ok
06:08:54.0292 4476 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
06:08:54.0292 4476 usbaudio - ok
06:08:54.0339 4476 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
06:08:54.0339 4476 usbccgp - ok
06:08:54.0370 4476 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:08:54.0370 4476 usbcir - ok
06:08:54.0386 4476 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
06:08:54.0386 4476 usbehci - ok
06:08:54.0417 4476 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
06:08:54.0432 4476 usbhub - ok
06:08:54.0432 4476 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
06:08:54.0432 4476 usbohci - ok
06:08:54.0464 4476 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
06:08:54.0464 4476 usbprint - ok
06:08:54.0479 4476 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:08:54.0479 4476 USBSTOR - ok
06:08:54.0495 4476 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
06:08:54.0495 4476 usbuhci - ok
06:08:54.0526 4476 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
06:08:54.0526 4476 usbvideo - ok
06:08:54.0542 4476 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
06:08:54.0557 4476 UxSms - ok
06:08:54.0620 4476 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:08:54.0620 4476 VaultSvc - ok
06:08:54.0651 4476 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:08:54.0651 4476 vdrvroot - ok
06:08:54.0713 4476 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
06:08:54.0713 4476 vds - ok
06:08:54.0729 4476 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:08:54.0729 4476 vga - ok
06:08:54.0744 4476 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:08:54.0744 4476 VgaSave - ok
06:08:54.0791 4476 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
06:08:54.0791 4476 vhdmp - ok
06:08:54.0791 4476 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:08:54.0791 4476 viaide - ok
06:08:54.0822 4476 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
06:08:54.0822 4476 vmbus - ok
06:08:54.0838 4476 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
06:08:54.0838 4476 VMBusHID - ok
06:08:54.0854 4476 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
06:08:54.0854 4476 volmgr - ok
06:08:54.0900 4476 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
06:08:54.0900 4476 volmgrx - ok
06:08:54.0932 4476 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
06:08:54.0932 4476 volsnap - ok
06:08:54.0963 4476 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
06:08:54.0978 4476 vsmraid - ok
06:08:55.0041 4476 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
06:08:55.0041 4476 VSS - ok
06:08:55.0197 4476 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
06:08:55.0197 4476 vwifibus - ok
06:08:55.0244 4476 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
06:08:55.0244 4476 W32Time - ok
06:08:55.0337 4476 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
06:08:55.0337 4476 W3SVC - ok
06:08:55.0368 4476 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
06:08:55.0368 4476 WacomPen - ok
06:08:55.0415 4476 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:08:55.0415 4476 WANARP - ok
06:08:55.0446 4476 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:08:55.0446 4476 Wanarpv6 - ok
06:08:55.0478 4476 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
06:08:55.0478 4476 WAS - ok
06:08:55.0556 4476 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
06:08:55.0556 4476 WatAdminSvc - ok
06:08:55.0618 4476 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
06:08:55.0634 4476 wbengine - ok
06:08:55.0758 4476 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
06:08:55.0774 4476 WbioSrvc - ok
06:08:55.0805 4476 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
06:08:55.0805 4476 wcncsvc - ok
06:08:55.0821 4476 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
06:08:55.0821 4476 WcsPlugInService - ok
06:08:55.0852 4476 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
06:08:55.0852 4476 Wd - ok
06:08:55.0883 4476 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:08:55.0899 4476 Wdf01000 - ok
06:08:55.0930 4476 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:08:55.0930 4476 WdiServiceHost - ok
06:08:55.0930 4476 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:08:55.0930 4476 WdiSystemHost - ok
06:08:55.0961 4476 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
06:08:55.0977 4476 WebClient - ok
06:08:55.0992 4476 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
06:08:55.0992 4476 Wecsvc - ok
06:08:56.0024 4476 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
06:08:56.0024 4476 wercplsupport - ok
06:08:56.0055 4476 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
06:08:56.0055 4476 WerSvc - ok
06:08:56.0086 4476 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:08:56.0086 4476 WfpLwf - ok
06:08:56.0086 4476 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:08:56.0086 4476 WIMMount - ok
06:08:56.0102 4476 WinHttpAutoProxySvc - ok
06:08:56.0148 4476 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
06:08:56.0148 4476 Winmgmt - ok
06:08:56.0242 4476 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
06:08:56.0258 4476 WinRM - ok
06:08:56.0398 4476 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
06:08:56.0398 4476 WinUsb - ok
06:08:56.0460 4476 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
06:08:56.0460 4476 Wlansvc - ok
06:08:56.0570 4476 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:08:56.0585 4476 wlidsvc - ok
06:08:56.0726 4476 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
06:08:56.0726 4476 WmiAcpi - ok
06:08:56.0772 4476 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
06:08:56.0772 4476 wmiApSrv - ok
06:08:56.0804 4476 WMPNetworkSvc - ok
06:08:56.0819 4476 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
06:08:56.0819 4476 WPCSvc - ok
06:08:56.0850 4476 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
06:08:56.0850 4476 WPDBusEnum - ok
06:08:56.0882 4476 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:08:56.0882 4476 ws2ifsl - ok
06:08:56.0882 4476 WSearch - ok
06:08:56.0928 4476 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
06:08:56.0928 4476 WudfPf - ok
06:08:56.0960 4476 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
06:08:56.0960 4476 wudfsvc - ok
06:08:56.0991 4476 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
06:08:56.0991 4476 WwanSvc - ok
06:08:57.0022 4476 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:08:57.0069 4476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
06:08:57.0069 4476 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
06:08:57.0131 4476 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:08:57.0131 4476 \Device\Harddisk0\DR0 - detected TDSS File System (1)
06:08:57.0131 4476 Boot (0x1200) (fa45829ad1ac2f0c43da08b883a65e91) \Device\Harddisk0\DR0\Partition0
06:08:57.0131 4476 \Device\Harddisk0\DR0\Partition0 - ok
06:08:57.0162 4476 Boot (0x1200) (adda34765dd9c37c0a7d0b6d4d192410) \Device\Harddisk0\DR0\Partition1
06:08:57.0178 4476 \Device\Harddisk0\DR0\Partition1 - ok
06:08:57.0178 4476 ============================================================
06:08:57.0178 4476 Scan finished
06:08:57.0178 4476 ============================================================
06:08:57.0209 2880 Detected object count: 2
06:08:57.0209 2880 Actual detected object count: 2
06:09:34.0012 2880 \Device\Harddisk0\DR0\# - copied to quarantine
06:09:34.0017 2880 \Device\Harddisk0\DR0 - copied to quarantine
06:09:34.0047 2880 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
06:09:34.0047 2880 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
06:09:34.0052 2880 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
06:09:34.0127 2880 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
06:09:34.0147 2880 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
06:09:34.0157 2880 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
06:09:34.0162 2880 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
06:09:34.0162 2880 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
06:09:34.0167 2880 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
06:09:34.0167 2880 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
06:09:34.0172 2880 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
06:09:34.0177 2880 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
06:09:34.0177 2880 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
06:09:34.0182 2880 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
06:09:34.0187 2880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
06:09:34.0192 2880 \Device\Harddisk0\DR0 - ok
06:09:34.0197 2880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
06:09:34.0197 2880 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
06:09:34.0197 2880 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
06:09:46.0866 4996 Deinitialize success

#8 mllrstvn

mllrstvn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 13 August 2012 - 06:19 AM

After running TDSSKiller.zip, my Google searches are being redirected. I will not go to any sites other than this one until I receive further advice. Thank you, CatByte. :)

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:42 AM

Posted 13 August 2012 - 08:16 AM

did you reboot the computer so TDSSKiller was able to "cure" what it found?

If not please reboot, then immediately run ComboFix

(remember to disable your security programs)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 mllrstvn

mllrstvn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 13 August 2012 - 09:25 AM

Yes. After TDSSKiller found its two issues, it rebooted. I then came here and posted the log. Shall I run ComboFix and TDSSKiller again?

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:42 AM

Posted 13 August 2012 - 09:59 AM

We just need ComboFix run now

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 mllrstvn

mllrstvn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 13 August 2012 - 10:02 AM

ComboFix done! :)

--- --- ---

ComboFix 12-08-13.01 - Steven 08/13/2012 9:41.4.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2939 [GMT -5:00]
Running from: c:\users\Steven\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\@
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\L\00000004.@
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\L\201d3dde
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\n
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\00000004.@
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\00000008.@
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\000000cb.@
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\80000000.@
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\80000032.@
c:\windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\80000064.@
c:\windows\svchost.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy3_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 14:49 . 2012-08-13 14:49 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-13 14:49 . 2012-08-13 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 11:08 . 2012-08-13 11:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-12 16:42 . 2012-08-12 16:42 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\6667.tmp
2012-08-12 16:42 . 2012-08-12 16:42 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\6656.tmp
2012-08-10 23:16 . 2012-08-10 23:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-10 02:18 . 2012-08-10 02:18 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-08-10 02:17 . 2012-08-10 01:39 303616 ----a-w- C:\SetACL.exe
2012-08-10 01:47 . 2012-08-10 01:39 290304 ----a-w- C:\subinacl.exe
2012-08-10 01:39 . 2012-08-10 02:21 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-10 01:37 . 2012-08-10 01:37 -------- d-----w- C:\Intel
2012-08-10 01:37 . 2012-08-10 01:37 -------- d-----w- c:\users\Steven\AppData\Roaming\InstallShield
2012-08-10 01:37 . 2012-08-10 01:37 -------- d-----w- c:\program files (x86)\Intel
2012-08-10 01:37 . 2012-08-10 01:37 -------- d-----w- C:\swsetup
2012-08-09 13:18 . 2012-08-09 13:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-09 12:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{916C060A-A1EF-4CC9-8411-85B7C789F1B3}\mpengine.dll
2012-08-08 01:59 . 2012-08-08 01:59 -------- d-----w- c:\program files\Microsoft Device Center
2012-08-07 22:18 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-28 14:15 . 2012-07-28 14:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-28 14:15 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-28 14:15 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-28 14:15 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-28 14:14 . 2012-07-28 14:15 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-28 14:14 . 2012-07-28 14:15 -------- d-----w- c:\program files\iTunes
2012-07-28 14:14 . 2012-07-28 14:15 -------- d-----w- c:\program files (x86)\iTunes
2012-07-28 14:14 . 2012-07-28 14:14 -------- d-----w- c:\program files\iPod
2012-07-28 14:13 . 2012-07-28 14:13 -------- d-----w- c:\program files\Common Files\Apple
2012-07-28 14:13 . 2012-07-28 14:13 -------- d-----w- c:\program files\Bonjour
2012-07-28 14:13 . 2012-07-28 14:13 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-22 04:13 . 2012-07-22 04:13 -------- d-----w- c:\users\Steven\AppData\Local\FalloutNV
2012-07-19 02:08 . 2012-07-19 02:08 -------- d-----w- c:\program files (x86)\Rockstar Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 11:02 . 2012-04-12 12:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 11:02 . 2011-07-19 14:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2011-09-08 02:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 08:19 . 2011-01-08 13:55 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-27 02:38 . 2012-06-27 02:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
2012-06-25 03:24 . 2012-06-25 03:24 52320 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-06-12 03:08 . 2012-07-12 06:04 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-10-26 02:05 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-10-26 02:04 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2011-10-26 01:55 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-10-26 01:46 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-10-26 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-10-26 01:21 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2011-10-26 01:20 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-09 05:43 . 2012-07-11 11:13 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:13 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:13 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:13 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:13 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:13 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:13 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 19:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 19:46 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 19:46 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:13 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:13 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:13 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:13 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:13 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:13 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:13 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:13 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:13 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-28 12:09 . 2012-05-28 12:09 2168416 ----a-w- c:\windows\system32\coin91.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-13_02.58.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-10 23:05 . 2012-08-13 02:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-10 23:05 . 2012-08-13 05:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-13 14:21 . 2012-08-13 14:21 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-11 00:09 . 2012-08-13 11:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-08-11 00:09 . 2012-08-12 17:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-13 06:53 . 2012-08-13 14:21 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012081320120814\index.dat
+ 2012-08-13 06:53 . 2012-08-13 06:48 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012080620120813\index.dat
+ 2012-08-10 23:08 . 2012-08-13 14:21 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-08-10 23:16 . 2012-08-11 11:44 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-10 23:16 . 2012-08-13 14:21 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-08 14:12 . 2012-08-13 14:52 42008 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-13 14:52 41568 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-09 05:16 . 2012-08-13 14:52 14554 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-61726908-45000090-3775354014-1000_UserData.bin
- 2011-01-08 15:11 . 2012-08-13 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-08 15:11 . 2012-08-13 14:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-08 15:11 . 2012-08-13 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-08 15:11 . 2012-08-13 14:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-13 08:38 . 2012-08-13 08:38 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{381B4DFA-E522-11E1-AA88-90FBA6EDAB82}.dat
+ 2012-08-13 08:38 . 2012-08-13 08:38 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{381B4DFB-E522-11E1-AA88-90FBA6EDAB82}.dat
- 2011-02-04 02:31 . 2012-08-11 00:02 3244 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-02-04 02:31 . 2012-08-13 03:07 3244 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-13 02:57 . 2012-08-13 02:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-13 14:50 . 2012-08-13 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-13 14:50 . 2012-08-13 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-13 02:57 . 2012-08-13 02:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-13 14:21 622592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-13 02:58 622592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2012-08-13 14:45 720120 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-12 16:47 720120 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-13 14:45 141512 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-12 16:47 141512 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-13 02:57 390992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-13 14:49 390992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-08-13 14:21 3751936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-24 02:49 . 2012-08-13 14:49 1258584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-24 02:49 . 2012-08-13 02:57 1258584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-09 13:18 . 2012-08-13 14:49 59161604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-61726908-45000090-3775354014-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-07 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-08 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:02]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-61726908-45000090-3775354014-1000Core.job
- c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 03:42]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-61726908-45000090-3775354014-1000UA.job
- c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 03:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\we70oj1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-13 09:55:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 14:55
ComboFix2.txt 2012-08-13 03:04
ComboFix3.txt 2012-08-10 23:09
.
Pre-Run: 287,971,622,912 bytes free
Post-Run: 287,895,957,504 bytes free
.
- - End Of File - - 51C5251AD4EBA745C3773EE32B770506

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:42 AM

Posted 13 August 2012 - 10:13 AM

that looks much better :thumbup2:

you can re-run TDSSKiller with the parameters from the instructions above and this time allow it to delete the TDSS file system now that the rootkit has been taken care of (post the fresh log)
06:09:34.0197 2880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure :)
06:09:34.0197 2880 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip < delete this time


just a couple more scans to make sure there are no left overs, please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 mllrstvn

mllrstvn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 13 August 2012 - 11:52 AM

CatByte, I think you're my hero. TDSS deleted, MBAM came back clean, and ESET found a mess of threats, most of which were residual quarantines. I await further instruction. :)

DEM LOGS
--- --- ---

10:17:12.0001 1676 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:17:12.0364 1676 ============================================================
10:17:12.0364 1676 Current date / time: 2012/08/13 10:17:12.0364
10:17:12.0365 1676 SystemInfo:
10:17:12.0365 1676
10:17:12.0365 1676 OS Version: 6.1.7601 ServicePack: 1.0
10:17:12.0365 1676 Product type: Workstation
10:17:12.0365 1676 ComputerName: STEVEN-PC
10:17:12.0365 1676 UserName: Steven
10:17:12.0365 1676 Windows directory: C:\Windows
10:17:12.0365 1676 System windows directory: C:\Windows
10:17:12.0366 1676 Running under WOW64
10:17:12.0366 1676 Processor architecture: Intel x64
10:17:12.0366 1676 Number of processors: 3
10:17:12.0366 1676 Page size: 0x1000
10:17:12.0366 1676 Boot type: Normal boot
10:17:12.0366 1676 ============================================================
10:17:13.0168 1676 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
10:17:13.0170 1676 ============================================================
10:17:13.0170 1676 \Device\Harddisk0\DR0:
10:17:13.0170 1676 MBR partitions:
10:17:13.0170 1676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:17:13.0170 1676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
10:17:13.0170 1676 ============================================================
10:17:13.0212 1676 C: <-> \Device\Harddisk0\DR0\Partition1
10:17:13.0212 1676 ============================================================
10:17:13.0212 1676 Initialize success
10:17:13.0212 1676 ============================================================
10:17:32.0049 3292 ============================================================
10:17:32.0049 3292 Scan started
10:17:32.0049 3292 Mode: Manual; TDLFS;
10:17:32.0049 3292 ============================================================
10:17:32.0471 3292 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:17:32.0473 3292 1394ohci - ok
10:17:32.0504 3292 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:17:32.0506 3292 ACPI - ok
10:17:32.0521 3292 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:17:32.0521 3292 AcpiPmi - ok
10:17:32.0639 3292 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:17:32.0641 3292 AdobeARMservice - ok
10:17:32.0778 3292 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:17:32.0782 3292 AdobeFlashPlayerUpdateSvc - ok
10:17:32.0841 3292 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:17:32.0845 3292 adp94xx - ok
10:17:32.0886 3292 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:17:32.0889 3292 adpahci - ok
10:17:32.0913 3292 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:17:32.0914 3292 adpu320 - ok
10:17:32.0939 3292 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:17:32.0939 3292 AeLookupSvc - ok
10:17:33.0017 3292 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:17:33.0025 3292 AFD - ok
10:17:33.0060 3292 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:17:33.0061 3292 agp440 - ok
10:17:33.0077 3292 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:17:33.0078 3292 ALG - ok
10:17:33.0098 3292 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:17:33.0099 3292 aliide - ok
10:17:33.0147 3292 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
10:17:33.0151 3292 AMD External Events Utility - ok
10:17:33.0219 3292 AMD FUEL Service - ok
10:17:33.0236 3292 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:17:33.0237 3292 amdide - ok
10:17:33.0279 3292 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
10:17:33.0279 3292 amdiox64 - ok
10:17:33.0311 3292 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:17:33.0312 3292 AmdK8 - ok
10:17:33.0750 3292 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
10:17:33.0794 3292 amdkmdag - ok
10:17:33.0937 3292 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
10:17:33.0943 3292 amdkmdap - ok
10:17:33.0975 3292 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:17:33.0976 3292 AmdPPM - ok
10:17:34.0012 3292 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:17:34.0013 3292 amdsata - ok
10:17:34.0066 3292 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:17:34.0068 3292 amdsbs - ok
10:17:34.0083 3292 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:17:34.0083 3292 amdxata - ok
10:17:34.0161 3292 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:17:34.0163 3292 AODDriver4.01 - ok
10:17:34.0197 3292 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:17:34.0199 3292 AODDriver4.1 - ok
10:17:34.0259 3292 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
10:17:34.0261 3292 AppHostSvc - ok
10:17:34.0309 3292 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:17:34.0311 3292 AppID - ok
10:17:34.0337 3292 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:17:34.0338 3292 AppIDSvc - ok
10:17:34.0374 3292 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:17:34.0375 3292 Appinfo - ok
10:17:34.0437 3292 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:17:34.0439 3292 Apple Mobile Device - ok
10:17:34.0484 3292 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:17:34.0485 3292 AppMgmt - ok
10:17:34.0524 3292 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:17:34.0524 3292 arc - ok
10:17:34.0546 3292 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:17:34.0547 3292 arcsas - ok
10:17:34.0636 3292 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:17:34.0637 3292 aspnet_state - ok
10:17:34.0650 3292 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:17:34.0651 3292 AsyncMac - ok
10:17:34.0673 3292 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:17:34.0673 3292 atapi - ok
10:17:34.0723 3292 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
10:17:34.0724 3292 AtiHDAudioService - ok
10:17:35.0091 3292 atikmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
10:17:35.0135 3292 atikmdag - ok
10:17:35.0290 3292 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:17:35.0295 3292 AudioEndpointBuilder - ok
10:17:35.0304 3292 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:17:35.0309 3292 AudioSrv - ok
10:17:35.0351 3292 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:17:35.0352 3292 AxInstSV - ok
10:17:35.0423 3292 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:17:35.0425 3292 b06bdrv - ok
10:17:35.0461 3292 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:17:35.0463 3292 b57nd60a - ok
10:17:35.0509 3292 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:17:35.0510 3292 BDESVC - ok
10:17:35.0521 3292 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:17:35.0521 3292 Beep - ok
10:17:35.0584 3292 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:17:35.0588 3292 BFE - ok
10:17:35.0612 3292 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:17:35.0612 3292 blbdrive - ok
10:17:35.0695 3292 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:17:35.0702 3292 Bonjour Service - ok
10:17:35.0747 3292 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:17:35.0748 3292 bowser - ok
10:17:35.0770 3292 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:17:35.0771 3292 BrFiltLo - ok
10:17:35.0782 3292 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:17:35.0783 3292 BrFiltUp - ok
10:17:35.0814 3292 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:17:35.0815 3292 BridgeMP - ok
10:17:35.0848 3292 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:17:35.0849 3292 Browser - ok
10:17:35.0878 3292 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:17:35.0880 3292 Brserid - ok
10:17:35.0899 3292 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:17:35.0900 3292 BrSerWdm - ok
10:17:35.0914 3292 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:17:35.0914 3292 BrUsbMdm - ok
10:17:35.0922 3292 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:17:35.0922 3292 BrUsbSer - ok
10:17:35.0930 3292 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:17:35.0931 3292 BTHMODEM - ok
10:17:35.0955 3292 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:17:35.0956 3292 bthserv - ok
10:17:35.0975 3292 catchme - ok
10:17:36.0005 3292 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:17:36.0006 3292 cdfs - ok
10:17:36.0062 3292 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:17:36.0064 3292 cdrom - ok
10:17:36.0092 3292 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:17:36.0093 3292 CertPropSvc - ok
10:17:36.0107 3292 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:17:36.0107 3292 circlass - ok
10:17:36.0133 3292 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:17:36.0135 3292 CLFS - ok
10:17:36.0197 3292 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:17:36.0198 3292 clr_optimization_v2.0.50727_32 - ok
10:17:36.0229 3292 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:17:36.0229 3292 clr_optimization_v2.0.50727_64 - ok
10:17:36.0284 3292 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:17:36.0285 3292 clr_optimization_v4.0.30319_32 - ok
10:17:36.0320 3292 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:17:36.0321 3292 clr_optimization_v4.0.30319_64 - ok
10:17:36.0342 3292 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:17:36.0342 3292 CmBatt - ok
10:17:36.0381 3292 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:17:36.0381 3292 cmdide - ok
10:17:36.0419 3292 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:17:36.0421 3292 CNG - ok
10:17:36.0433 3292 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:17:36.0433 3292 Compbatt - ok
10:17:36.0473 3292 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:17:36.0474 3292 CompositeBus - ok
10:17:36.0486 3292 COMSysApp - ok
10:17:36.0503 3292 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:17:36.0503 3292 crcdisk - ok
10:17:36.0540 3292 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:17:36.0541 3292 CryptSvc - ok
10:17:36.0580 3292 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:17:36.0583 3292 CSC - ok
10:17:36.0641 3292 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:17:36.0644 3292 CscService - ok
10:17:36.0689 3292 dc3d (c7259495924d21f1afa26467d9f4dae0) C:\Windows\system32\DRIVERS\dc3d.sys
10:17:36.0690 3292 dc3d - ok
10:17:36.0724 3292 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:17:36.0727 3292 DcomLaunch - ok
10:17:36.0774 3292 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:17:36.0779 3292 defragsvc - ok
10:17:36.0826 3292 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:17:36.0829 3292 DfsC - ok
10:17:36.0892 3292 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:17:36.0898 3292 Dhcp - ok
10:17:36.0917 3292 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:17:36.0917 3292 discache - ok
10:17:36.0940 3292 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:17:36.0940 3292 Disk - ok
10:17:36.0990 3292 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:17:36.0992 3292 Dnscache - ok
10:17:37.0029 3292 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:17:37.0031 3292 dot3svc - ok
10:17:37.0067 3292 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:17:37.0069 3292 DPS - ok
10:17:37.0095 3292 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:17:37.0096 3292 drmkaud - ok
10:17:37.0166 3292 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:17:37.0173 3292 DXGKrnl - ok
10:17:37.0203 3292 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:17:37.0204 3292 EapHost - ok
10:17:37.0333 3292 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:17:37.0348 3292 ebdrv - ok
10:17:37.0459 3292 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:17:37.0461 3292 EFS - ok
10:17:37.0554 3292 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:17:37.0565 3292 ehRecvr - ok
10:17:37.0596 3292 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:17:37.0597 3292 ehSched - ok
10:17:37.0690 3292 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:17:37.0694 3292 elxstor - ok
10:17:37.0722 3292 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:17:37.0723 3292 ErrDev - ok
10:17:37.0761 3292 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:17:37.0763 3292 EventSystem - ok
10:17:37.0789 3292 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:17:37.0790 3292 exfat - ok
10:17:37.0809 3292 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:17:37.0810 3292 fastfat - ok
10:17:37.0888 3292 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:17:37.0900 3292 Fax - ok
10:17:37.0924 3292 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:17:37.0924 3292 fdc - ok
10:17:37.0986 3292 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:17:37.0988 3292 fdPHost - ok
10:17:38.0073 3292 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:17:38.0075 3292 FDResPub - ok
10:17:38.0094 3292 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:17:38.0095 3292 FileInfo - ok
10:17:38.0154 3292 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:17:38.0155 3292 Filetrace - ok
10:17:38.0175 3292 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:17:38.0176 3292 flpydisk - ok
10:17:38.0226 3292 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:17:38.0230 3292 FltMgr - ok
10:17:38.0325 3292 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:17:38.0333 3292 FontCache - ok
10:17:38.0403 3292 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:17:38.0404 3292 FontCache3.0.0.0 - ok
10:17:38.0443 3292 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:17:38.0444 3292 FsDepends - ok
10:17:38.0470 3292 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:17:38.0471 3292 Fs_Rec - ok
10:17:38.0517 3292 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:17:38.0521 3292 fvevol - ok
10:17:38.0547 3292 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:17:38.0549 3292 gagp30kx - ok
10:17:38.0578 3292 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:17:38.0579 3292 GEARAspiWDM - ok
10:17:38.0637 3292 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:17:38.0643 3292 gpsvc - ok
10:17:38.0658 3292 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:17:38.0659 3292 hcw85cir - ok
10:17:38.0758 3292 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:17:38.0764 3292 HdAudAddService - ok
10:17:38.0789 3292 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:17:38.0790 3292 HDAudBus - ok
10:17:38.0810 3292 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:17:38.0811 3292 HidBatt - ok
10:17:38.0823 3292 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:17:38.0824 3292 HidBth - ok
10:17:38.0840 3292 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:17:38.0840 3292 HidIr - ok
10:17:38.0859 3292 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:17:38.0860 3292 hidserv - ok
10:17:38.0883 3292 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:17:38.0883 3292 HidUsb - ok
10:17:38.0914 3292 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:17:38.0915 3292 hkmsvc - ok
10:17:38.0950 3292 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:17:38.0952 3292 HomeGroupListener - ok
10:17:38.0990 3292 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:17:38.0993 3292 HomeGroupProvider - ok
10:17:39.0027 3292 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:17:39.0028 3292 HpSAMD - ok
10:17:39.0112 3292 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:17:39.0123 3292 HTTP - ok
10:17:39.0152 3292 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:17:39.0153 3292 hwpolicy - ok
10:17:39.0181 3292 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:17:39.0183 3292 i8042prt - ok
10:17:39.0242 3292 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:17:39.0249 3292 iaStorV - ok
10:17:39.0362 3292 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:17:39.0372 3292 idsvc - ok
10:17:39.0403 3292 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:17:39.0404 3292 iirsp - ok
10:17:39.0529 3292 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:17:39.0543 3292 IKEEXT - ok
10:17:39.0580 3292 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:17:39.0582 3292 intelide - ok
10:17:39.0603 3292 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:17:39.0604 3292 intelppm - ok
10:17:39.0627 3292 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:17:39.0628 3292 IPBusEnum - ok
10:17:39.0658 3292 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:17:39.0658 3292 IpFilterDriver - ok
10:17:39.0737 3292 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:17:39.0740 3292 iphlpsvc - ok
10:17:39.0769 3292 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:17:39.0769 3292 IPMIDRV - ok
10:17:39.0787 3292 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:17:39.0788 3292 IPNAT - ok
10:17:39.0885 3292 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
10:17:39.0890 3292 iPod Service - ok
10:17:39.0909 3292 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:17:39.0910 3292 IRENUM - ok
10:17:39.0928 3292 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:17:39.0928 3292 isapnp - ok
10:17:39.0951 3292 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:17:39.0952 3292 iScsiPrt - ok
10:17:39.0981 3292 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:17:39.0981 3292 kbdclass - ok
10:17:40.0005 3292 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:17:40.0006 3292 kbdhid - ok
10:17:40.0033 3292 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:40.0034 3292 KeyIso - ok
10:17:40.0071 3292 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:17:40.0072 3292 KSecDD - ok
10:17:40.0105 3292 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:17:40.0105 3292 KSecPkg - ok
10:17:40.0118 3292 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:17:40.0118 3292 ksthunk - ok
10:17:40.0166 3292 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:17:40.0169 3292 KtmRm - ok
10:17:40.0204 3292 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:17:40.0206 3292 LanmanServer - ok
10:17:40.0236 3292 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:17:40.0237 3292 LanmanWorkstation - ok
10:17:40.0267 3292 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:17:40.0267 3292 lltdio - ok
10:17:40.0296 3292 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:17:40.0298 3292 lltdsvc - ok
10:17:40.0313 3292 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:17:40.0314 3292 lmhosts - ok
10:17:40.0344 3292 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:17:40.0345 3292 LSI_FC - ok
10:17:40.0372 3292 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:17:40.0373 3292 LSI_SAS - ok
10:17:40.0388 3292 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:17:40.0388 3292 LSI_SAS2 - ok
10:17:40.0407 3292 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:17:40.0408 3292 LSI_SCSI - ok
10:17:40.0424 3292 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:17:40.0425 3292 luafv - ok
10:17:40.0458 3292 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:17:40.0459 3292 Mcx2Svc - ok
10:17:40.0472 3292 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:17:40.0473 3292 megasas - ok
10:17:40.0496 3292 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:17:40.0498 3292 MegaSR - ok
10:17:40.0573 3292 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:17:40.0575 3292 Microsoft Office Groove Audit Service - ok
10:17:40.0601 3292 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:17:40.0604 3292 MMCSS - ok
10:17:40.0625 3292 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:17:40.0627 3292 Modem - ok
10:17:40.0654 3292 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:17:40.0655 3292 monitor - ok
10:17:40.0686 3292 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:17:40.0687 3292 mouclass - ok
10:17:40.0707 3292 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:17:40.0708 3292 mouhid - ok
10:17:40.0736 3292 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:17:40.0737 3292 mountmgr - ok
10:17:40.0800 3292 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:17:40.0801 3292 MozillaMaintenance - ok
10:17:40.0862 3292 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
10:17:40.0866 3292 MpFilter - ok
10:17:40.0898 3292 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:17:40.0899 3292 mpio - ok
10:17:40.0920 3292 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:17:40.0920 3292 mpsdrv - ok
10:17:40.0990 3292 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:17:40.0997 3292 MpsSvc - ok
10:17:41.0036 3292 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:17:41.0038 3292 MRxDAV - ok
10:17:41.0065 3292 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:17:41.0066 3292 mrxsmb - ok
10:17:41.0106 3292 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:17:41.0108 3292 mrxsmb10 - ok
10:17:41.0128 3292 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:17:41.0129 3292 mrxsmb20 - ok
10:17:41.0153 3292 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:17:41.0154 3292 msahci - ok
10:17:41.0183 3292 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:17:41.0184 3292 msdsm - ok
10:17:41.0211 3292 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:17:41.0213 3292 MSDTC - ok
10:17:41.0242 3292 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:17:41.0242 3292 Msfs - ok
10:17:41.0258 3292 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:17:41.0258 3292 mshidkmdf - ok
10:17:41.0281 3292 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:17:41.0282 3292 msisadrv - ok
10:17:41.0310 3292 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:17:41.0312 3292 MSiSCSI - ok
10:17:41.0315 3292 msiserver - ok
10:17:41.0338 3292 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:17:41.0339 3292 MSKSSRV - ok
10:17:41.0351 3292 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:17:41.0351 3292 MSPCLOCK - ok
10:17:41.0359 3292 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:17:41.0360 3292 MSPQM - ok
10:17:41.0404 3292 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:17:41.0406 3292 MsRPC - ok
10:17:41.0418 3292 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:17:41.0418 3292 mssmbios - ok
10:17:41.0428 3292 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:17:41.0429 3292 MSTEE - ok
10:17:41.0441 3292 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:17:41.0441 3292 MTConfig - ok
10:17:41.0469 3292 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:17:41.0470 3292 Mup - ok
10:17:41.0522 3292 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:17:41.0525 3292 napagent - ok
10:17:41.0565 3292 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:17:41.0567 3292 NativeWifiP - ok
10:17:41.0631 3292 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:17:41.0636 3292 NDIS - ok
10:17:41.0654 3292 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:17:41.0655 3292 NdisCap - ok
10:17:41.0671 3292 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:17:41.0671 3292 NdisTapi - ok
10:17:41.0707 3292 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:17:41.0708 3292 Ndisuio - ok
10:17:41.0751 3292 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:17:41.0754 3292 NdisWan - ok
10:17:41.0787 3292 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:17:41.0789 3292 NDProxy - ok
10:17:41.0801 3292 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:17:41.0803 3292 NetBIOS - ok
10:17:41.0850 3292 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:17:41.0852 3292 NetBT - ok
10:17:41.0879 3292 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:41.0881 3292 Netlogon - ok
10:17:41.0925 3292 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:17:41.0929 3292 Netman - ok
10:17:42.0017 3292 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:42.0020 3292 NetMsmqActivator - ok
10:17:42.0028 3292 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:42.0031 3292 NetPipeActivator - ok
10:17:42.0073 3292 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:17:42.0077 3292 netprofm - ok
10:17:42.0081 3292 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:42.0083 3292 NetTcpActivator - ok
10:17:42.0087 3292 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:42.0088 3292 NetTcpPortSharing - ok
10:17:42.0141 3292 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:17:42.0142 3292 nfrd960 - ok
10:17:42.0182 3292 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:17:42.0182 3292 NisDrv - ok
10:17:42.0264 3292 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:17:42.0266 3292 NisSrv - ok
10:17:42.0307 3292 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:17:42.0309 3292 NlaSvc - ok
10:17:42.0330 3292 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:17:42.0331 3292 Npfs - ok
10:17:42.0456 3292 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:17:42.0459 3292 nsi - ok
10:17:42.0482 3292 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:17:42.0483 3292 nsiproxy - ok
10:17:42.0824 3292 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:17:42.0832 3292 Ntfs - ok
10:17:42.0962 3292 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:17:42.0962 3292 Null - ok
10:17:42.0990 3292 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:17:42.0991 3292 nvraid - ok
10:17:43.0014 3292 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:17:43.0015 3292 nvstor - ok
10:17:43.0026 3292 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:17:43.0026 3292 nv_agp - ok
10:17:43.0161 3292 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:17:43.0163 3292 odserv - ok
10:17:43.0185 3292 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:17:43.0186 3292 ohci1394 - ok
10:17:43.0242 3292 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:17:43.0244 3292 ose - ok
10:17:43.0279 3292 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:17:43.0281 3292 p2pimsvc - ok
10:17:43.0302 3292 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:17:43.0305 3292 p2psvc - ok
10:17:43.0336 3292 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:17:43.0337 3292 Parport - ok
10:17:43.0362 3292 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:17:43.0363 3292 partmgr - ok
10:17:43.0381 3292 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:17:43.0383 3292 PcaSvc - ok
10:17:43.0469 3292 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:17:43.0472 3292 pci - ok
10:17:43.0503 3292 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:17:43.0503 3292 pciide - ok
10:17:43.0557 3292 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:17:43.0559 3292 pcmcia - ok
10:17:43.0587 3292 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:17:43.0587 3292 pcw - ok
10:17:43.0636 3292 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:17:43.0639 3292 PEAUTH - ok
10:17:43.0713 3292 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:17:43.0720 3292 PeerDistSvc - ok
10:17:43.0782 3292 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:17:43.0783 3292 PerfHost - ok
10:17:43.0906 3292 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:17:43.0913 3292 pla - ok
10:17:43.0953 3292 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:17:43.0956 3292 PlugPlay - ok
10:17:43.0986 3292 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:17:43.0988 3292 PNRPAutoReg - ok
10:17:44.0015 3292 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:17:44.0017 3292 PNRPsvc - ok
10:17:44.0076 3292 Point64 (32d374c60778253b81fa76c2fe19e155) C:\Windows\system32\DRIVERS\point64.sys
10:17:44.0077 3292 Point64 - ok
10:17:44.0158 3292 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:17:44.0161 3292 PolicyAgent - ok
10:17:44.0197 3292 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:17:44.0198 3292 Power - ok
10:17:44.0247 3292 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:17:44.0247 3292 PptpMiniport - ok
10:17:44.0275 3292 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:17:44.0275 3292 Processor - ok
10:17:44.0305 3292 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:17:44.0307 3292 ProfSvc - ok
10:17:44.0338 3292 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:44.0339 3292 ProtectedStorage - ok
10:17:44.0395 3292 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:17:44.0396 3292 Psched - ok
10:17:44.0498 3292 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:17:44.0511 3292 ql2300 - ok
10:17:44.0620 3292 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:17:44.0621 3292 ql40xx - ok
10:17:44.0676 3292 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:17:44.0678 3292 QWAVE - ok
10:17:44.0689 3292 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:17:44.0689 3292 QWAVEdrv - ok
10:17:44.0702 3292 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:17:44.0702 3292 RasAcd - ok
10:17:44.0731 3292 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:17:44.0732 3292 RasAgileVpn - ok
10:17:44.0744 3292 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:17:44.0746 3292 RasAuto - ok
10:17:44.0779 3292 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:17:44.0780 3292 Rasl2tp - ok
10:17:44.0815 3292 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:17:44.0817 3292 RasMan - ok
10:17:44.0837 3292 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:17:44.0838 3292 RasPppoe - ok
10:17:44.0853 3292 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:17:44.0854 3292 RasSstp - ok
10:17:44.0895 3292 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:17:44.0896 3292 rdbss - ok
10:17:44.0911 3292 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:17:44.0911 3292 rdpbus - ok
10:17:44.0921 3292 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:17:44.0921 3292 RDPCDD - ok
10:17:44.0964 3292 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:17:44.0965 3292 RDPDR - ok
10:17:44.0978 3292 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:17:44.0979 3292 RDPENCDD - ok
10:17:44.0995 3292 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:17:44.0995 3292 RDPREFMP - ok
10:17:45.0029 3292 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:17:45.0030 3292 RDPWD - ok
10:17:45.0085 3292 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:17:45.0087 3292 rdyboost - ok
10:17:45.0130 3292 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:17:45.0131 3292 RemoteAccess - ok
10:17:45.0169 3292 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:17:45.0171 3292 RemoteRegistry - ok
10:17:45.0184 3292 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:17:45.0186 3292 RpcEptMapper - ok
10:17:45.0203 3292 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:17:45.0204 3292 RpcLocator - ok
10:17:45.0254 3292 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
10:17:45.0258 3292 RpcSs - ok
10:17:45.0269 3292 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:17:45.0270 3292 rspndr - ok
10:17:45.0301 3292 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:17:45.0302 3292 RTL8167 - ok
10:17:45.0331 3292 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:17:45.0331 3292 s3cap - ok
10:17:45.0365 3292 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:45.0366 3292 SamSs - ok
10:17:45.0381 3292 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:17:45.0381 3292 sbp2port - ok
10:17:45.0406 3292 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:17:45.0407 3292 SCardSvr - ok
10:17:45.0439 3292 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:17:45.0440 3292 scfilter - ok
10:17:45.0498 3292 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:17:45.0504 3292 Schedule - ok
10:17:45.0538 3292 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:17:45.0539 3292 SCPolicySvc - ok
10:17:45.0571 3292 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:17:45.0573 3292 SDRSVC - ok
10:17:45.0627 3292 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:17:45.0627 3292 secdrv - ok
10:17:45.0654 3292 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:17:45.0655 3292 seclogon - ok
10:17:45.0675 3292 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:17:45.0677 3292 SENS - ok
10:17:45.0689 3292 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:17:45.0690 3292 SensrSvc - ok
10:17:45.0704 3292 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:17:45.0705 3292 Serenum - ok
10:17:45.0718 3292 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:17:45.0719 3292 Serial - ok
10:17:45.0748 3292 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:17:45.0748 3292 sermouse - ok
10:17:45.0789 3292 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:17:45.0791 3292 SessionEnv - ok
10:17:45.0820 3292 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:17:45.0820 3292 sffdisk - ok
10:17:45.0829 3292 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:17:45.0829 3292 sffp_mmc - ok
10:17:45.0856 3292 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:17:45.0856 3292 sffp_sd - ok
10:17:45.0874 3292 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:17:45.0875 3292 sfloppy - ok
10:17:45.0935 3292 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:17:45.0937 3292 SharedAccess - ok
10:17:45.0977 3292 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:17:45.0980 3292 ShellHWDetection - ok
10:17:45.0998 3292 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:17:45.0999 3292 SiSRaid2 - ok
10:17:46.0011 3292 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:17:46.0012 3292 SiSRaid4 - ok
10:17:46.0039 3292 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:17:46.0040 3292 Smb - ok
10:17:46.0068 3292 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:17:46.0069 3292 SNMPTRAP - ok
10:17:46.0079 3292 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:17:46.0080 3292 spldr - ok
10:17:46.0130 3292 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:17:46.0133 3292 Spooler - ok
10:17:46.0285 3292 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:17:46.0302 3292 sppsvc - ok
10:17:46.0394 3292 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:17:46.0395 3292 sppuinotify - ok
10:17:46.0462 3292 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:17:46.0464 3292 srv - ok
10:17:46.0513 3292 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:17:46.0515 3292 srv2 - ok
10:17:46.0538 3292 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:17:46.0539 3292 srvnet - ok
10:17:46.0574 3292 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:17:46.0576 3292 SSDPSRV - ok
10:17:46.0599 3292 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:17:46.0600 3292 SstpSvc - ok
10:17:46.0648 3292 Steam Client Service - ok
10:17:46.0670 3292 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:17:46.0671 3292 stexstor - ok
10:17:46.0721 3292 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:17:46.0724 3292 stisvc - ok
10:17:46.0758 3292 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:17:46.0758 3292 storflt - ok
10:17:46.0779 3292 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
10:17:46.0780 3292 StorSvc - ok
10:17:46.0791 3292 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:17:46.0792 3292 storvsc - ok
10:17:46.0805 3292 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:17:46.0805 3292 swenum - ok
10:17:46.0835 3292 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:17:46.0838 3292 swprv - ok
10:17:46.0933 3292 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:17:46.0942 3292 SysMain - ok
10:17:47.0029 3292 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:17:47.0034 3292 TabletInputService - ok
10:17:47.0085 3292 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:17:47.0088 3292 TapiSrv - ok
10:17:47.0123 3292 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:17:47.0124 3292 TBS - ok
10:17:47.0247 3292 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:17:47.0259 3292 Tcpip - ok
10:17:47.0417 3292 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:17:47.0425 3292 TCPIP6 - ok
10:17:47.0486 3292 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:17:47.0486 3292 tcpipreg - ok
10:17:47.0504 3292 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:17:47.0504 3292 TDPIPE - ok
10:17:47.0530 3292 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:17:47.0531 3292 TDTCP - ok
10:17:47.0560 3292 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:17:47.0561 3292 tdx - ok
10:17:47.0600 3292 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:17:47.0600 3292 TermDD - ok
10:17:47.0654 3292 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:17:47.0658 3292 TermService - ok
10:17:47.0677 3292 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:17:47.0678 3292 Themes - ok
10:17:47.0705 3292 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:17:47.0706 3292 THREADORDER - ok
10:17:47.0721 3292 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:17:47.0723 3292 TrkWks - ok
10:17:47.0764 3292 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:17:47.0765 3292 TrustedInstaller - ok
10:17:47.0793 3292 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:17:47.0793 3292 tssecsrv - ok
10:17:47.0828 3292 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:17:47.0828 3292 TsUsbFlt - ok
10:17:47.0873 3292 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:17:47.0874 3292 tunnel - ok
10:17:47.0907 3292 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:17:47.0908 3292 uagp35 - ok
10:17:47.0955 3292 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:17:47.0958 3292 udfs - ok
10:17:48.0000 3292 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:17:48.0002 3292 UI0Detect - ok
10:17:48.0031 3292 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:17:48.0031 3292 uliagpkx - ok
10:17:48.0079 3292 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:17:48.0080 3292 umbus - ok
10:17:48.0094 3292 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:17:48.0095 3292 UmPass - ok
10:17:48.0141 3292 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:17:48.0144 3292 UmRdpService - ok
10:17:48.0169 3292 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:17:48.0173 3292 upnphost - ok
10:17:48.0215 3292 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:17:48.0216 3292 USBAAPL64 - ok
10:17:48.0269 3292 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:17:48.0272 3292 usbaudio - ok
10:17:48.0315 3292 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:17:48.0316 3292 usbccgp - ok
10:17:48.0342 3292 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:17:48.0343 3292 usbcir - ok
10:17:48.0356 3292 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:17:48.0357 3292 usbehci - ok
10:17:48.0390 3292 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:17:48.0393 3292 usbhub - ok
10:17:48.0407 3292 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:17:48.0407 3292 usbohci - ok
10:17:48.0430 3292 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:17:48.0430 3292 usbprint - ok
10:17:48.0452 3292 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:17:48.0453 3292 USBSTOR - ok
10:17:48.0467 3292 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:17:48.0468 3292 usbuhci - ok
10:17:48.0510 3292 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:17:48.0511 3292 usbvideo - ok
10:17:48.0538 3292 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:17:48.0540 3292 UxSms - ok
10:17:48.0570 3292 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:48.0571 3292 VaultSvc - ok
10:17:48.0610 3292 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:17:48.0610 3292 vdrvroot - ok
10:17:48.0663 3292 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:17:48.0668 3292 vds - ok
10:17:48.0690 3292 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:17:48.0690 3292 vga - ok
10:17:48.0705 3292 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:17:48.0706 3292 VgaSave - ok
10:17:48.0741 3292 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:17:48.0742 3292 vhdmp - ok
10:17:48.0753 3292 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:17:48.0753 3292 viaide - ok
10:17:48.0772 3292 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:17:48.0773 3292 vmbus - ok
10:17:48.0786 3292 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:17:48.0787 3292 VMBusHID - ok
10:17:48.0809 3292 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:17:48.0810 3292 volmgr - ok
10:17:48.0851 3292 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:17:48.0853 3292 volmgrx - ok
10:17:48.0874 3292 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:17:48.0875 3292 volsnap - ok
10:17:48.0910 3292 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:17:48.0913 3292 vsmraid - ok
10:17:49.0015 3292 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:17:49.0028 3292 VSS - ok
10:17:49.0125 3292 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:17:49.0125 3292 vwifibus - ok
10:17:49.0166 3292 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:17:49.0169 3292 W32Time - ok
10:17:49.0259 3292 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
10:17:49.0267 3292 W3SVC - ok
10:17:49.0288 3292 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:17:49.0289 3292 WacomPen - ok
10:17:49.0324 3292 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:17:49.0325 3292 WANARP - ok
10:17:49.0328 3292 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:17:49.0329 3292 Wanarpv6 - ok
10:17:49.0347 3292 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
10:17:49.0350 3292 WAS - ok
10:17:49.0428 3292 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:17:49.0437 3292 WatAdminSvc - ok
10:17:49.0619 3292 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:17:49.0630 3292 wbengine - ok
10:17:49.0786 3292 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:17:49.0792 3292 WbioSrvc - ok
10:17:49.0840 3292 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:17:49.0844 3292 wcncsvc - ok
10:17:49.0852 3292 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:17:49.0854 3292 WcsPlugInService - ok
10:17:49.0911 3292 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:17:49.0912 3292 Wd - ok
10:17:49.0952 3292 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:17:49.0956 3292 Wdf01000 - ok
10:17:49.0969 3292 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:17:49.0971 3292 WdiServiceHost - ok
10:17:49.0975 3292 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:17:49.0977 3292 WdiSystemHost - ok
10:17:50.0036 3292 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:17:50.0043 3292 WebClient - ok
10:17:50.0079 3292 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:17:50.0083 3292 Wecsvc - ok
10:17:50.0095 3292 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:17:50.0097 3292 wercplsupport - ok
10:17:50.0125 3292 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:17:50.0127 3292 WerSvc - ok
10:17:50.0165 3292 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:17:50.0166 3292 WfpLwf - ok
10:17:50.0182 3292 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:17:50.0183 3292 WIMMount - ok
10:17:50.0242 3292 WinDefend - ok
10:17:50.0263 3292 WinHttpAutoProxySvc - ok
10:17:50.0316 3292 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:17:50.0318 3292 Winmgmt - ok
10:17:50.0418 3292 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:17:50.0428 3292 WinRM - ok
10:17:50.0560 3292 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:17:50.0561 3292 WinUsb - ok
10:17:50.0618 3292 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:17:50.0623 3292 Wlansvc - ok
10:17:50.0788 3292 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:17:50.0802 3292 wlidsvc - ok
10:17:50.0915 3292 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:17:50.0916 3292 WmiAcpi - ok
10:17:50.0966 3292 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:17:50.0967 3292 wmiApSrv - ok
10:17:51.0003 3292 WMPNetworkSvc - ok
10:17:51.0020 3292 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:17:51.0024 3292 WPCSvc - ok
10:17:51.0049 3292 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:17:51.0052 3292 WPDBusEnum - ok
10:17:51.0079 3292 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:17:51.0080 3292 ws2ifsl - ok
10:17:51.0127 3292 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:17:51.0129 3292 wscsvc - ok
10:17:51.0133 3292 WSearch - ok
10:17:51.0249 3292 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:17:51.0261 3292 wuauserv - ok
10:17:51.0370 3292 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:17:51.0371 3292 WudfPf - ok
10:17:51.0395 3292 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:17:51.0396 3292 wudfsvc - ok
10:17:51.0430 3292 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:17:51.0433 3292 WwanSvc - ok
10:17:51.0445 3292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:17:51.0646 3292 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:17:51.0646 3292 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:17:51.0648 3292 Boot (0x1200) (fa45829ad1ac2f0c43da08b883a65e91) \Device\Harddisk0\DR0\Partition0
10:17:51.0650 3292 \Device\Harddisk0\DR0\Partition0 - ok
10:17:51.0681 3292 Boot (0x1200) (adda34765dd9c37c0a7d0b6d4d192410) \Device\Harddisk0\DR0\Partition1
10:17:51.0682 3292 \Device\Harddisk0\DR0\Partition1 - ok
10:17:51.0682 3292 ============================================================
10:17:51.0682 3292 Scan finished
10:17:51.0682 3292 ============================================================
10:17:51.0692 2660 Detected object count: 1
10:17:51.0693 2660 Actual detected object count: 1
10:17:56.0425 2660 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:17:56.0427 2660 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:17:56.0430 2660 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:17:56.0432 2660 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:17:56.0438 2660 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:17:56.0461 2660 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:17:56.0462 2660 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:17:56.0463 2660 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:17:56.0464 2660 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:17:56.0466 2660 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:17:56.0468 2660 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:17:56.0468 2660 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:17:56.0469 2660 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:17:56.0470 2660 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:17:56.0471 2660 \Device\Harddisk0\DR0\TDLFS - deleted
10:17:56.0471 2660 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
10:18:01.0928 0732 ============================================================
10:18:01.0928 0732 Scan started
10:18:01.0928 0732 Mode: Manual; TDLFS;
10:18:01.0928 0732 ============================================================
10:18:02.0359 0732 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:18:02.0361 0732 1394ohci - ok
10:18:02.0388 0732 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:18:02.0391 0732 ACPI - ok
10:18:02.0401 0732 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:18:02.0401 0732 AcpiPmi - ok
10:18:02.0486 0732 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:18:02.0488 0732 AdobeARMservice - ok
10:18:02.0610 0732 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:18:02.0612 0732 AdobeFlashPlayerUpdateSvc - ok
10:18:02.0651 0732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:18:02.0654 0732 adp94xx - ok
10:18:02.0682 0732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:18:02.0684 0732 adpahci - ok
10:18:02.0702 0732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:18:02.0704 0732 adpu320 - ok
10:18:02.0728 0732 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:18:02.0728 0732 AeLookupSvc - ok
10:18:02.0776 0732 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:18:02.0780 0732 AFD - ok
10:18:02.0808 0732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:18:02.0808 0732 agp440 - ok
10:18:02.0825 0732 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:18:02.0826 0732 ALG - ok
10:18:02.0838 0732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:18:02.0838 0732 aliide - ok
10:18:02.0870 0732 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
10:18:02.0871 0732 AMD External Events Utility - ok
10:18:02.0925 0732 AMD FUEL Service - ok
10:18:02.0943 0732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:18:02.0943 0732 amdide - ok
10:18:02.0977 0732 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
10:18:02.0977 0732 amdiox64 - ok
10:18:02.0999 0732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:18:03.0000 0732 AmdK8 - ok
10:18:03.0256 0732 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
10:18:03.0301 0732 amdkmdag - ok
10:18:03.0430 0732 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
10:18:03.0433 0732 amdkmdap - ok
10:18:03.0449 0732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:18:03.0450 0732 AmdPPM - ok
10:18:03.0478 0732 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:18:03.0479 0732 amdsata - ok
10:18:03.0515 0732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:18:03.0516 0732 amdsbs - ok
10:18:03.0533 0732 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:18:03.0533 0732 amdxata - ok
10:18:03.0602 0732 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:18:03.0604 0732 AODDriver4.01 - ok
10:18:03.0611 0732 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:18:03.0612 0732 AODDriver4.1 - ok
10:18:03.0676 0732 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
10:18:03.0676 0732 AppHostSvc - ok
10:18:03.0707 0732 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:18:03.0707 0732 AppID - ok
10:18:03.0728 0732 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:18:03.0728 0732 AppIDSvc - ok
10:18:03.0755 0732 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:18:03.0756 0732 Appinfo - ok
10:18:03.0811 0732 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:18:03.0812 0732 Apple Mobile Device - ok
10:18:03.0844 0732 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:18:03.0845 0732 AppMgmt - ok
10:18:03.0865 0732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:18:03.0866 0732 arc - ok
10:18:03.0880 0732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:18:03.0881 0732 arcsas - ok
10:18:03.0992 0732 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:18:03.0994 0732 aspnet_state - ok
10:18:04.0017 0732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:18:04.0018 0732 AsyncMac - ok
10:18:04.0041 0732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:18:04.0042 0732 atapi - ok
10:18:04.0074 0732 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
10:18:04.0074 0732 AtiHDAudioService - ok
10:18:04.0325 0732 atikmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
10:18:04.0372 0732 atikmdag - ok
10:18:04.0479 0732 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:18:04.0483 0732 AudioEndpointBuilder - ok
10:18:04.0488 0732 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:18:04.0492 0732 AudioSrv - ok
10:18:04.0522 0732 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:18:04.0522 0732 AxInstSV - ok
10:18:04.0588 0732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:18:04.0590 0732 b06bdrv - ok
10:18:04.0621 0732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:18:04.0622 0732 b57nd60a - ok
10:18:04.0652 0732 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:18:04.0653 0732 BDESVC - ok
10:18:04.0664 0732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:18:04.0664 0732 Beep - ok
10:18:04.0704 0732 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:18:04.0708 0732 BFE - ok
10:18:04.0722 0732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:18:04.0723 0732 blbdrive - ok
10:18:04.0773 0732 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:18:04.0775 0732 Bonjour Service - ok
10:18:04.0817 0732 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:18:04.0819 0732 bowser - ok
10:18:04.0831 0732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:18:04.0833 0732 BrFiltLo - ok
10:18:04.0850 0732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:18:04.0850 0732 BrFiltUp - ok
10:18:04.0857 0732 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:18:04.0858 0732 BridgeMP - ok
10:18:04.0891 0732 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:18:04.0893 0732 Browser - ok
10:18:04.0926 0732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:18:04.0928 0732 Brserid - ok
10:18:04.0968 0732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:18:04.0969 0732 BrSerWdm - ok
10:18:04.0983 0732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:18:04.0984 0732 BrUsbMdm - ok
10:18:04.0998 0732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:18:04.0999 0732 BrUsbSer - ok
10:18:05.0029 0732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:18:05.0029 0732 BTHMODEM - ok
10:18:05.0056 0732 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:18:05.0057 0732 bthserv - ok
10:18:05.0059 0732 catchme - ok
10:18:05.0073 0732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:18:05.0073 0732 cdfs - ok
10:18:05.0119 0732 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:18:05.0122 0732 cdrom - ok
10:18:05.0147 0732 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:18:05.0149 0732 CertPropSvc - ok
10:18:05.0170 0732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:18:05.0171 0732 circlass - ok
10:18:05.0195 0732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:18:05.0198 0732 CLFS - ok
10:18:05.0257 0732 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:18:05.0258 0732 clr_optimization_v2.0.50727_32 - ok
10:18:05.0290 0732 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:18:05.0291 0732 clr_optimization_v2.0.50727_64 - ok
10:18:05.0344 0732 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:18:05.0345 0732 clr_optimization_v4.0.30319_32 - ok
10:18:05.0389 0732 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:18:05.0391 0732 clr_optimization_v4.0.30319_64 - ok
10:18:05.0403 0732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:18:05.0403 0732 CmBatt - ok
10:18:05.0425 0732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:18:05.0426 0732 cmdide - ok
10:18:05.0473 0732 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:18:05.0476 0732 CNG - ok
10:18:05.0493 0732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:18:05.0494 0732 Compbatt - ok
10:18:05.0517 0732 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:18:05.0518 0732 CompositeBus - ok
10:18:05.0520 0732 COMSysApp - ok
10:18:05.0537 0732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:18:05.0538 0732 crcdisk - ok
10:18:05.0574 0732 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:18:05.0575 0732 CryptSvc - ok
10:18:05.0612 0732 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:18:05.0615 0732 CSC - ok
10:18:05.0663 0732 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:18:05.0667 0732 CscService - ok
10:18:05.0700 0732 dc3d (c7259495924d21f1afa26467d9f4dae0) C:\Windows\system32\DRIVERS\dc3d.sys
10:18:05.0700 0732 dc3d - ok
10:18:05.0730 0732 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:18:05.0734 0732 DcomLaunch - ok
10:18:05.0762 0732 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:18:05.0764 0732 defragsvc - ok
10:18:05.0786 0732 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:18:05.0786 0732 DfsC - ok
10:18:05.0811 0732 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:18:05.0813 0732 Dhcp - ok
10:18:05.0829 0732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:18:05.0829 0732 discache - ok
10:18:05.0853 0732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:18:05.0854 0732 Disk - ok
10:18:05.0892 0732 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:18:05.0894 0732 Dnscache - ok
10:18:05.0932 0732 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:18:05.0933 0732 dot3svc - ok
10:18:05.0962 0732 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:18:05.0963 0732 DPS - ok
10:18:05.0983 0732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:18:05.0984 0732 drmkaud - ok
10:18:06.0031 0732 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:18:06.0036 0732 DXGKrnl - ok
10:18:06.0065 0732 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:18:06.0066 0732 EapHost - ok
10:18:06.0159 0732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:18:06.0174 0732 ebdrv - ok
10:18:06.0280 0732 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:18:06.0281 0732 EFS - ok
10:18:06.0353 0732 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:18:06.0358 0732 ehRecvr - ok
10:18:06.0383 0732 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:18:06.0384 0732 ehSched - ok
10:18:06.0440 0732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:18:06.0444 0732 elxstor - ok
10:18:06.0469 0732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:18:06.0470 0732 ErrDev - ok
10:18:06.0516 0732 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:18:06.0520 0732 EventSystem - ok
10:18:06.0546 0732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:18:06.0548 0732 exfat - ok
10:18:06.0573 0732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:18:06.0575 0732 fastfat - ok
10:18:06.0622 0732 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:18:06.0628 0732 Fax - ok
10:18:06.0640 0732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:18:06.0640 0732 fdc - ok
10:18:06.0657 0732 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:18:06.0657 0732 fdPHost - ok
10:18:06.0670 0732 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:18:06.0671 0732 FDResPub - ok
10:18:06.0680 0732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:18:06.0681 0732 FileInfo - ok
10:18:06.0689 0732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:18:06.0690 0732 Filetrace - ok
10:18:06.0706 0732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:18:06.0707 0732 flpydisk - ok
10:18:06.0743 0732 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:18:06.0745 0732 FltMgr - ok
10:18:06.0808 0732 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:18:06.0813 0732 FontCache - ok
10:18:06.0901 0732 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:18:06.0902 0732 FontCache3.0.0.0 - ok
10:18:06.0930 0732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:18:06.0930 0732 FsDepends - ok
10:18:06.0968 0732 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:18:06.0969 0732 Fs_Rec - ok
10:18:07.0001 0732 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:18:07.0003 0732 fvevol - ok
10:18:07.0019 0732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:18:07.0020 0732 gagp30kx - ok
10:18:07.0043 0732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:18:07.0044 0732 GEARAspiWDM - ok
10:18:07.0093 0732 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:18:07.0097 0732 gpsvc - ok
10:18:07.0107 0732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:18:07.0108 0732 hcw85cir - ok
10:18:07.0143 0732 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:18:07.0145 0732 HdAudAddService - ok
10:18:07.0162 0732 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:18:07.0163 0732 HDAudBus - ok
10:18:07.0176 0732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:18:07.0176 0732 HidBatt - ok
10:18:07.0189 0732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:18:07.0190 0732 HidBth - ok
10:18:07.0205 0732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:18:07.0206 0732 HidIr - ok
10:18:07.0225 0732 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:18:07.0225 0732 hidserv - ok
10:18:07.0232 0732 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:18:07.0233 0732 HidUsb - ok
10:18:07.0262 0732 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:18:07.0264 0732 hkmsvc - ok
10:18:07.0297 0732 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:18:07.0299 0732 HomeGroupListener - ok
10:18:07.0330 0732 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:18:07.0332 0732 HomeGroupProvider - ok
10:18:07.0351 0732 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:18:07.0352 0732 HpSAMD - ok
10:18:07.0397 0732 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:18:07.0400 0732 HTTP - ok
10:18:07.0427 0732 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:18:07.0428 0732 hwpolicy - ok
10:18:07.0453 0732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:18:07.0453 0732 i8042prt - ok
10:18:07.0480 0732 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:18:07.0482 0732 iaStorV - ok
10:18:07.0578 0732 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:18:07.0589 0732 idsvc - ok
10:18:07.0612 0732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:18:07.0612 0732 iirsp - ok
10:18:07.0665 0732 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:18:07.0670 0732 IKEEXT - ok
10:18:07.0706 0732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:18:07.0706 0732 intelide - ok
10:18:07.0721 0732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:18:07.0721 0732 intelppm - ok
10:18:07.0745 0732 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:18:07.0746 0732 IPBusEnum - ok
10:18:07.0784 0732 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:18:07.0785 0732 IpFilterDriver - ok
10:18:07.0820 0732 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:18:07.0824 0732 iphlpsvc - ok
10:18:07.0853 0732 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:18:07.0854 0732 IPMIDRV - ok
10:18:07.0872 0732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:18:07.0873 0732 IPNAT - ok
10:18:07.0940 0732 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
10:18:07.0945 0732 iPod Service - ok
10:18:07.0961 0732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:18:07.0961 0732 IRENUM - ok
10:18:07.0980 0732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:18:07.0980 0732 isapnp - ok
10:18:08.0009 0732 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:18:08.0010 0732 iScsiPrt - ok
10:18:08.0024 0732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:18:08.0025 0732 kbdclass - ok
10:18:08.0032 0732 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:18:08.0033 0732 kbdhid - ok
10:18:08.0060 0732 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:18:08.0061 0732 KeyIso - ok
10:18:08.0098 0732 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:18:08.0099 0732 KSecDD - ok
10:18:08.0131 0732 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:18:08.0132 0732 KSecPkg - ok
10:18:08.0154 0732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:18:08.0154 0732 ksthunk - ok
10:18:08.0184 0732 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:18:08.0187 0732 KtmRm - ok
10:18:08.0223 0732 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:18:08.0225 0732 LanmanServer - ok
10:18:08.0253 0732 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:18:08.0254 0732 LanmanWorkstation - ok
10:18:08.0269 0732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:18:08.0269 0732 lltdio - ok
10:18:08.0302 0732 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:18:08.0304 0732 lltdsvc - ok
10:18:08.0315 0732 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:18:08.0316 0732 lmhosts - ok
10:18:08.0338 0732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:18:08.0339 0732 LSI_FC - ok
10:18:08.0365 0732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:18:08.0366 0732 LSI_SAS - ok
10:18:08.0381 0732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:18:08.0382 0732 LSI_SAS2 - ok
10:18:08.0401 0732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:18:08.0401 0732 LSI_SCSI - ok
10:18:08.0418 0732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:18:08.0419 0732 luafv - ok
10:18:08.0451 0732 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:18:08.0452 0732 Mcx2Svc - ok
10:18:08.0466 0732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:18:08.0466 0732 megasas - ok
10:18:08.0488 0732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:18:08.0490 0732 MegaSR - ok
10:18:08.0565 0732 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:18:08.0566 0732 Microsoft Office Groove Audit Service - ok
10:18:08.0594 0732 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:18:08.0595 0732 MMCSS - ok
10:18:08.0610 0732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:18:08.0610 0732 Modem - ok
10:18:08.0623 0732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:18:08.0623 0732 monitor - ok
10:18:08.0647 0732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:18:08.0647 0732 mouclass - ok
10:18:08.0651 0732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:18:08.0652 0732 mouhid - ok
10:18:08.0690 0732 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:18:08.0691 0732 mountmgr - ok
10:18:08.0755 0732 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:18:08.0757 0732 MozillaMaintenance - ok
10:18:08.0801 0732 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
10:18:08.0803 0732 MpFilter - ok
10:18:08.0833 0732 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:18:08.0835 0732 mpio - ok
10:18:08.0855 0732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:18:08.0856 0732 mpsdrv - ok
10:18:08.0903 0732 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:18:08.0909 0732 MpsSvc - ok
10:18:08.0938 0732 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:18:08.0939 0732 MRxDAV - ok
10:18:08.0965 0732 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:18:08.0966 0732 mrxsmb - ok
10:18:09.0007 0732 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:18:09.0009 0732 mrxsmb10 - ok
10:18:09.0030 0732 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:18:09.0031 0732 mrxsmb20 - ok
10:18:09.0054 0732 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:18:09.0055 0732 msahci - ok
10:18:09.0085 0732 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:18:09.0086 0732 msdsm - ok
10:18:09.0106 0732 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:18:09.0108 0732 MSDTC - ok
10:18:09.0136 0732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:18:09.0137 0732 Msfs - ok
10:18:09.0144 0732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:18:09.0145 0732 mshidkmdf - ok
10:18:09.0167 0732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:18:09.0168 0732 msisadrv - ok
10:18:09.0197 0732 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:18:09.0198 0732 MSiSCSI - ok
10:18:09.0202 0732 msiserver - ok
10:18:09.0216 0732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:18:09.0216 0732 MSKSSRV - ok
10:18:09.0228 0732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:18:09.0229 0732 MSPCLOCK - ok
10:18:09.0254 0732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:18:09.0254 0732 MSPQM - ok
10:18:09.0305 0732 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:18:09.0311 0732 MsRPC - ok
10:18:09.0330 0732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:18:09.0331 0732 mssmbios - ok
10:18:09.0348 0732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:18:09.0348 0732 MSTEE - ok
10:18:09.0360 0732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:18:09.0360 0732 MTConfig - ok
10:18:09.0380 0732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:18:09.0381 0732 Mup - ok
10:18:09.0429 0732 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:18:09.0433 0732 napagent - ok
10:18:09.0467 0732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:18:09.0470 0732 NativeWifiP - ok
10:18:09.0503 0732 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:18:09.0508 0732 NDIS - ok
10:18:09.0524 0732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:18:09.0524 0732 NdisCap - ok
10:18:09.0540 0732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:18:09.0541 0732 NdisTapi - ok
10:18:09.0568 0732 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:18:09.0569 0732 Ndisuio - ok
10:18:09.0599 0732 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:18:09.0600 0732 NdisWan - ok
10:18:09.0630 0732 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:18:09.0630 0732 NDProxy - ok
10:18:09.0637 0732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:18:09.0637 0732 NetBIOS - ok
10:18:09.0679 0732 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:18:09.0684 0732 NetBT - ok
10:18:09.0716 0732 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:18:09.0719 0732 Netlogon - ok
10:18:09.0772 0732 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:18:09.0775 0732 Netman - ok
10:18:09.0862 0732 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:18:09.0866 0732 NetMsmqActivator - ok
10:18:09.0874 0732 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:18:09.0877 0732 NetPipeActivator - ok
10:18:09.0920 0732 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:18:09.0929 0732 netprofm - ok
10:18:09.0938 0732 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:18:09.0940 0732 NetTcpActivator - ok
10:18:09.0945 0732 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:18:09.0946 0732 NetTcpPortSharing - ok
10:18:09.0986 0732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:18:09.0987 0732 nfrd960 - ok
10:18:10.0018 0732 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:18:10.0019 0732 NisDrv - ok
10:18:10.0097 0732 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:18:10.0101 0732 NisSrv - ok
10:18:10.0147 0732 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:18:10.0152 0732 NlaSvc - ok
10:18:10.0166 0732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:18:10.0167 0732 Npfs - ok
10:18:10.0189 0732 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:18:10.0191 0732 nsi - ok
10:18:10.0201 0732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:18:10.0202 0732 nsiproxy - ok
10:18:10.0274 0732 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:18:10.0282 0732 Ntfs - ok
10:18:10.0359 0732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:18:10.0360 0732 Null - ok
10:18:10.0394 0732 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:18:10.0395 0732 nvraid - ok
10:18:10.0411 0732 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:18:10.0412 0732 nvstor - ok
10:18:10.0423 0732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:18:10.0423 0732 nv_agp - ok
10:18:10.0516 0732 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:18:10.0518 0732 odserv - ok
10:18:10.0541 0732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:18:10.0542 0732 ohci1394 - ok
10:18:10.0565 0732 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:18:10.0566 0732 ose - ok
10:18:10.0600 0732 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:18:10.0602 0732 p2pimsvc - ok
10:18:10.0621 0732 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:18:10.0624 0732 p2psvc - ok
10:18:10.0651 0732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:18:10.0652 0732 Parport - ok
10:18:10.0677 0732 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:18:10.0678 0732 partmgr - ok
10:18:10.0697 0732 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:18:10.0698 0732 PcaSvc - ok
10:18:10.0752 0732 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:18:10.0753 0732 pci - ok
10:18:10.0760 0732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:18:10.0760 0732 pciide - ok
10:18:10.0780 0732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:18:10.0781 0732 pcmcia - ok
10:18:10.0797 0732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:18:10.0797 0732 pcw - ok
10:18:10.0828 0732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:18:10.0831 0732 PEAUTH - ok
10:18:10.0896 0732 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:18:10.0903 0732 PeerDistSvc - ok
10:18:10.0956 0732 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:18:10.0957 0732 PerfHost - ok
10:18:11.0045 0732 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:18:11.0052 0732 pla - ok
10:18:11.0092 0732 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:18:11.0095 0732 PlugPlay - ok
10:18:11.0119 0732 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:18:11.0120 0732 PNRPAutoReg - ok
10:18:11.0146 0732 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:18:11.0148 0732 PNRPsvc - ok
10:18:11.0193 0732 Point64 (32d374c60778253b81fa76c2fe19e155) C:\Windows\system32\DRIVERS\point64.sys
10:18:11.0193 0732 Point64 - ok
10:18:11.0234 0732 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:18:11.0237 0732 PolicyAgent - ok
10:18:11.0263 0732 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:18:11.0265 0732 Power - ok
10:18:11.0299 0732 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:18:11.0302 0732 PptpMiniport - ok
10:18:11.0333 0732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:18:11.0333 0732 Processor - ok
10:18:11.0365 0732 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:18:11.0367 0732 ProfSvc - ok
10:18:11.0396 0732 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:18:11.0397 0732 ProtectedStorage - ok
10:18:11.0429 0732 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:18:11.0430 0732 Psched - ok
10:18:11.0486 0732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:18:11.0493 0732 ql2300 - ok
10:18:11.0615 0732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:18:11.0617 0732 ql40xx - ok
10:18:11.0661 0732 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:18:11.0664 0732 QWAVE - ok
10:18:11.0673 0732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:18:11.0674 0732 QWAVEdrv - ok
10:18:11.0685 0732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:18:11.0686 0732 RasAcd - ok
10:18:11.0706 0732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:18:11.0707 0732 RasAgileVpn - ok
10:18:11.0719 0732 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:18:11.0721 0732 RasAuto - ok
10:18:11.0754 0732 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:18:11.0755 0732 Rasl2tp - ok
10:18:11.0788 0732 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:18:11.0791 0732 RasMan - ok
10:18:11.0803 0732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:18:11.0804 0732 RasPppoe - ok
10:18:11.0820 0732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:18:11.0821 0732 RasSstp - ok
10:18:11.0861 0732 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:18:11.0862 0732 rdbss - ok
10:18:11.0886 0732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:18:11.0886 0732 rdpbus - ok
10:18:11.0896 0732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:18:11.0896 0732 RDPCDD - ok
10:18:11.0932 0732 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:18:11.0933 0732 RDPDR - ok
10:18:11.0936 0732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:18:11.0936 0732 RDPENCDD - ok
10:18:11.0954 0732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:18:11.0954 0732 RDPREFMP - ok
10:18:11.0986 0732 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:18:11.0987 0732 RDPWD - ok
10:18:12.0034 0732 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:18:12.0035 0732 rdyboost - ok
10:18:12.0075 0732 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:18:12.0076 0732 RemoteAccess - ok
10:18:12.0112 0732 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:18:12.0114 0732 RemoteRegistry - ok
10:18:12.0126 0732 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:18:12.0127 0732 RpcEptMapper - ok
10:18:12.0137 0732 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:18:12.0138 0732 RpcLocator - ok
10:18:12.0180 0732 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
10:18:12.0183 0732 RpcSs - ok
10:18:12.0211 0732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:18:12.0212 0732 rspndr - ok
10:18:12.0235 0732 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:18:12.0236 0732 RTL8167 - ok
10:18:12.0265 0732 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:18:12.0265 0732 s3cap - ok
10:18:12.0290 0732 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:18:12.0291 0732 SamSs - ok
10:18:12.0306 0732 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:18:12.0307 0732 sbp2port - ok
10:18:12.0331 0732 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:18:12.0332 0732 SCardSvr - ok
10:18:12.0356 0732 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:18:12.0357 0732 scfilter - ok
10:18:12.0433 0732 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:18:12.0442 0732 Schedule - ok
10:18:12.0464 0732 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:18:12.0465 0732 SCPolicySvc - ok
10:18:12.0498 0732 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:18:12.0501 0732 SDRSVC - ok
10:18:12.0553 0732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:18:12.0554 0732 secdrv - ok
10:18:12.0588 0732 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:18:12.0592 0732 seclogon - ok
10:18:12.0618 0732 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:18:12.0620 0732 SENS - ok
10:18:12.0631 0732 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:18:12.0633 0732 SensrSvc - ok
10:18:12.0646 0732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:18:12.0647 0732 Serenum - ok
10:18:12.0660 0732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:18:12.0661 0732 Serial - ok
10:18:12.0690 0732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:18:12.0690 0732 sermouse - ok
10:18:12.0723 0732 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:18:12.0725 0732 SessionEnv - ok
10:18:12.0754 0732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:18:12.0754 0732 sffdisk - ok
10:18:12.0763 0732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:18:12.0763 0732 sffp_mmc - ok
10:18:12.0770 0732 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:18:12.0770 0732 sffp_sd - ok
10:18:12.0783 0732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:18:12.0784 0732 sfloppy - ok
10:18:12.0817 0732 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:18:12.0819 0732 SharedAccess - ok
10:18:12.0852 0732 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:18:12.0855 0732 ShellHWDetection - ok
10:18:12.0866 0732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:18:12.0867 0732 SiSRaid2 - ok
10:18:12.0878 0732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:18:12.0879 0732 SiSRaid4 - ok
10:18:12.0890 0732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:18:12.0890 0732 Smb - ok
10:18:12.0919 0732 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:18:12.0920 0732 SNMPTRAP - ok
10:18:12.0930 0732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:18:12.0931 0732 spldr - ok
10:18:12.0976 0732 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:18:12.0979 0732 Spooler - ok
10:18:13.0091 0732 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:18:13.0107 0732 sppsvc - ok
10:18:13.0197 0732 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:18:13.0199 0732 sppuinotify - ok
10:18:13.0254 0732 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:18:13.0257 0732 srv - ok
10:18:13.0280 0732 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:18:13.0282 0732 srv2 - ok
10:18:13.0298 0732 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:18:13.0299 0732 srvnet - ok
10:18:13.0325 0732 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:18:13.0327 0732 SSDPSRV - ok
10:18:13.0343 0732 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:18:13.0344 0732 SstpSvc - ok
10:18:13.0385 0732 Steam Client Service - ok
10:18:13.0415 0732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:18:13.0416 0732 stexstor - ok
10:18:13.0479 0732 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:18:13.0485 0732 stisvc - ok
10:18:13.0518 0732 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:18:13.0518 0732 storflt - ok
10:18:13.0539 0732 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
10:18:13.0541 0732 StorSvc - ok
10:18:13.0561 0732 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:18:13.0562 0732 storvsc - ok
10:18:13.0573 0732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:18:13.0574 0732 swenum - ok
10:18:13.0602 0732 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:18:13.0607 0732 swprv - ok
10:18:13.0687 0732 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:18:13.0696 0732 SysMain - ok
10:18:13.0761 0732 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:18:13.0763 0732 TabletInputService - ok
10:18:13.0783 0732 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:18:13.0786 0732 TapiSrv - ok
10:18:13.0808 0732 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:18:13.0810 0732 TBS - ok
10:18:13.0888 0732 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:18:13.0897 0732 Tcpip - ok
10:18:13.0962 0732 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:18:13.0971 0732 TCPIP6 - ok
10:18:14.0022 0732 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:18:14.0023 0732 tcpipreg - ok
10:18:14.0040 0732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:18:14.0041 0732 TDPIPE - ok
10:18:14.0065 0732 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:18:14.0066 0732 TDTCP - ok
10:18:14.0096 0732 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:18:14.0097 0732 tdx - ok
10:18:14.0124 0732 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:18:14.0125 0732 TermDD - ok
10:18:14.0158 0732 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:18:14.0162 0732 TermService - ok
10:18:14.0189 0732 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:18:14.0190 0732 Themes - ok
10:18:14.0216 0732 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:18:14.0217 0732 THREADORDER - ok
10:18:14.0232 0732 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:18:14.0234 0732 TrkWks - ok
10:18:14.0275 0732 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:18:14.0276 0732 TrustedInstaller - ok
10:18:14.0304 0732 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:18:14.0305 0732 tssecsrv - ok
10:18:14.0331 0732 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:18:14.0332 0732 TsUsbFlt - ok
10:18:14.0359 0732 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:18:14.0360 0732 tunnel - ok
10:18:14.0387 0732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:18:14.0388 0732 uagp35 - ok
10:18:14.0424 0732 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:18:14.0425 0732 udfs - ok
10:18:14.0444 0732 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:18:14.0445 0732 UI0Detect - ok
10:18:14.0467 0732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:18:14.0468 0732 uliagpkx - ok
10:18:14.0491 0732 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:18:14.0492 0732 umbus - ok
10:18:14.0506 0732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:18:14.0507 0732 UmPass - ok
10:18:14.0543 0732 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:18:14.0545 0732 UmRdpService - ok
10:18:14.0581 0732 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:18:14.0584 0732 upnphost - ok
10:18:14.0610 0732 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:18:14.0611 0732 USBAAPL64 - ok
10:18:14.0627 0732 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:18:14.0628 0732 usbaudio - ok
10:18:14.0643 0732 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:18:14.0644 0732 usbccgp - ok
10:18:14.0662 0732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:18:14.0662 0732 usbcir - ok
10:18:14.0684 0732 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:18:14.0685 0732 usbehci - ok
10:18:14.0708 0732 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:18:14.0710 0732 usbhub - ok
10:18:14.0719 0732 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:18:14.0719 0732 usbohci - ok
10:18:14.0741 0732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:18:14.0742 0732 usbprint - ok
10:18:14.0763 0732 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:18:14.0764 0732 USBSTOR - ok
10:18:14.0779 0732 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:18:14.0779 0732 usbuhci - ok
10:18:14.0802 0732 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:18:14.0804 0732 usbvideo - ok
10:18:14.0824 0732 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:18:14.0826 0732 UxSms - ok
10:18:14.0857 0732 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:18:14.0858 0732 VaultSvc - ok
10:18:14.0881 0732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:18:14.0882 0732 vdrvroot - ok
10:18:14.0946 0732 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:18:14.0953 0732 vds - ok
10:18:14.0969 0732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:18:14.0970 0732 vga - ok
10:18:14.0993 0732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:18:14.0994 0732 VgaSave - ok
10:18:15.0039 0732 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:18:15.0041 0732 vhdmp - ok
10:18:15.0066 0732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:18:15.0067 0732 viaide - ok
10:18:15.0092 0732 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:18:15.0093 0732 vmbus - ok
10:18:15.0106 0732 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:18:15.0107 0732 VMBusHID - ok
10:18:15.0121 0732 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:18:15.0122 0732 volmgr - ok
10:18:15.0162 0732 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:18:15.0165 0732 volmgrx - ok
10:18:15.0192 0732 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:18:15.0195 0732 volsnap - ok
10:18:15.0221 0732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:18:15.0223 0732 vsmraid - ok
10:18:15.0293 0732 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:18:15.0306 0732 VSS - ok
10:18:15.0406 0732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:18:15.0407 0732 vwifibus - ok
10:18:15.0457 0732 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:18:15.0463 0732 W32Time - ok
10:18:15.0524 0732 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
10:18:15.0527 0732 W3SVC - ok
10:18:15.0550 0732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:18:15.0551 0732 WacomPen - ok
10:18:15.0577 0732 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:18:15.0578 0732 WANARP - ok
10:18:15.0584 0732 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:18:15.0585 0732 Wanarpv6 - ok
10:18:15.0592 0732 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
10:18:15.0595 0732 WAS - ok
10:18:15.0681 0732 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:18:15.0689 0732 WatAdminSvc - ok
10:18:15.0760 0732 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:18:15.0767 0732 wbengine - ok
10:18:15.0859 0732 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:18:15.0861 0732 WbioSrvc - ok
10:18:15.0895 0732 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:18:15.0898 0732 wcncsvc - ok
10:18:15.0912 0732 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:18:15.0913 0732 WcsPlugInService - ok
10:18:15.0950 0732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:18:15.0950 0732 Wd - ok
10:18:15.0983 0732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:18:15.0986 0732 Wdf01000 - ok
10:18:15.0999 0732 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:18:16.0000 0732 WdiServiceHost - ok
10:18:16.0003 0732 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:18:16.0005 0732 WdiSystemHost - ok
10:18:16.0039 0732 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:18:16.0041 0732 WebClient - ok
10:18:16.0075 0732 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:18:16.0077 0732 Wecsvc - ok
10:18:16.0091 0732 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:18:16.0093 0732 wercplsupport - ok
10:18:16.0105 0732 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:18:16.0107 0732 WerSvc - ok
10:18:16.0121 0732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:18:16.0121 0732 WfpLwf - ok
10:18:16.0138 0732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:18:16.0139 0732 WIMMount - ok
10:18:16.0164 0732 WinDefend - ok
10:18:16.0171 0732 WinHttpAutoProxySvc - ok
10:18:16.0239 0732 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:18:16.0243 0732 Winmgmt - ok
10:18:16.0331 0732 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:18:16.0341 0732 WinRM - ok
10:18:16.0450 0732 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:18:16.0452 0732 WinUsb - ok
10:18:16.0522 0732 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:18:16.0529 0732 Wlansvc - ok
10:18:16.0659 0732 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:18:16.0670 0732 wlidsvc - ok
10:18:16.0780 0732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:18:16.0781 0732 WmiAcpi - ok
10:18:16.0850 0732 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:18:16.0854 0732 wmiApSrv - ok
10:18:16.0902 0732 WMPNetworkSvc - ok
10:18:16.0926 0732 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:18:16.0930 0732 WPCSvc - ok
10:18:16.0962 0732 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:18:16.0964 0732 WPDBusEnum - ok
10:18:17.0002 0732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:18:17.0003 0732 ws2ifsl - ok
10:18:17.0016 0732 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:18:17.0018 0732 wscsvc - ok
10:18:17.0022 0732 WSearch - ok
10:18:17.0113 0732 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:18:17.0125 0732 wuauserv - ok
10:18:17.0236 0732 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:18:17.0238 0732 WudfPf - ok
10:18:17.0268 0732 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:18:17.0270 0732 wudfsvc - ok
10:18:17.0303 0732 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:18:17.0306 0732 WwanSvc - ok
10:18:17.0327 0732 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:18:17.0527 0732 \Device\Harddisk0\DR0 - ok
10:18:17.0529 0732 Boot (0x1200) (fa45829ad1ac2f0c43da08b883a65e91) \Device\Harddisk0\DR0\Partition0
10:18:17.0530 0732 \Device\Harddisk0\DR0\Partition0 - ok
10:18:17.0554 0732 Boot (0x1200) (adda34765dd9c37c0a7d0b6d4d192410) \Device\Harddisk0\DR0\Partition1
10:18:17.0555 0732 \Device\Harddisk0\DR0\Partition1 - ok
10:18:17.0557 0732 ============================================================
10:18:17.0557 0732 Scan finished
10:18:17.0557 0732 ============================================================
10:18:17.0565 0900 Detected object count: 0
10:18:17.0565 0900 Actual detected object count: 0
10:18:21.0427 2688 Deinitialize success

--- --- ---

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Steven :: STEVEN-PC [administrator]

8/13/2012 10:22:38 AM
mbam-log-2012-08-13 (10-22-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219748
Time elapsed: 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--- --- ---

C:\ProgramData\Microsoft\Windows\DRM\6656.tmp Win64/Olmarik.AH trojan
C:\ProgramData\Microsoft\Windows\DRM\6667.tmp Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\000000cb.@.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\80000000.@.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{13041dc0-fe5a-c602-ee30-4940628c4e64}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.07.36\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.07.36\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.07.36\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.07.36\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.07.36\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.07.36\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.07.36\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.07.36\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.08.22\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.08.22\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.08.22\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.08.22\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.08.22\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.08.22\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.08.22\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\13.08.2012_06.08.22\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\13.08.2012_10.17.12\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\13.08.2012_10.17.12\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\13.08.2012_10.17.12\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\13.08.2012_10.17.12\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\13.08.2012_10.17.12\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\13.08.2012_10.17.12\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\13.08.2012_10.17.12\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\13.08.2012_10.17.12\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\Users\All Users\Microsoft\Windows\DRM\6656.tmp Win64/Olmarik.AH trojan
C:\Users\All Users\Microsoft\Windows\DRM\6667.tmp Win64/Olmarik.AH trojan
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-489e05cb multiple threats
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\78d63127-334df038 a variant of Java/Exploit.CVE-2012-1723.AI trojan
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7ca1bc67-22682994 multiple threats
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\667acdfa-3e8827f1 Java/Exploit.CVE-2011-3544.F trojan
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\69928a3d-4b098c72 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2920f3c7-5b8752d6 Java/Exploit.CVE-2012-0507.DH trojan
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-7bd1818c a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com\components\FreeWorkzFirefox.dll a variant of Win32/Adware.Gamevance.CS application
C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\we70oj1s.default\extensions\links@freeworkz.com\components\FreeWorkzFirefox.dll a variant of Win32/Adware.Gamevance.CS application
C:\Windows\System32\config\systemprofile\AppData\Local\{13041dc0-fe5a-c602-ee30-4940628c4e64}\n Win64/Sirefef.W trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{13041dc0-fe5a-c602-ee30-4940628c4e64}\n Win64/Sirefef.W trojan

--- --- ---

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:42 AM

Posted 13 August 2012 - 12:03 PM

A few leftovers to take care of:

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\ProgramData\Microsoft\Windows\DRM\6656.tmp 
C:\ProgramData\Microsoft\Windows\DRM\6667.tmp 
C:\Users\All Users\Microsoft\Windows\DRM\6656.tmp 
C:\Users\All Users\Microsoft\Windows\DRM\6667.tmp 
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-489e05cb 
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\78d63127-334df038 
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7ca1bc67-22682994
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\667acdfa-3e8827f1 
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\69928a3d-4b098c72 
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2920f3c7-5b8752d6 
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-7bd1818c 
C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com\components\FreeWorkzFirefox.dll 
C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\we70oj1s.default\extensions\links@freeworkz.com\components\FreeWorkzFirefox.dll 
C:\Windows\System32\config\systemprofile\AppData\Local\{13041dc0-fe5a-c602-ee30-4940628c4e64}\n 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{13041dc0-fe5a-c602-ee30-4940628c4e64}\n 

Folder::
C:\Windows\System32\config\systemprofile\AppData\Local\{13041dc0-fe5a-c602-ee30-4940628c4e64}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{13041dc0-fe5a-c602-ee30-4940628c4e64}
 
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT



Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users