Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winrscmde still occuring after reformatting


  • Please log in to reply
9 replies to this topic

#1 AlmightyFork

AlmightyFork

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 07 October 2012 - 08:59 AM

I have had problems with the "winrscmd has stopped working" for awhile now. I decided to go ahead and just reformat my hard drive and reinstall windows and go with a fresh start, however it popped up once again. I don't know if it is actually a registry problem or if a virus stayed even after the reformatting.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 07 October 2012 - 09:11 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 AlmightyFork

AlmightyFork
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 07 October 2012 - 10:08 AM

TDSSKILLER:

10:37:48.0448 3488 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:37:48.0791 3488 ============================================================
10:37:48.0791 3488 Current date / time: 2012/10/07 10:37:48.0791
10:37:48.0791 3488 SystemInfo:
10:37:48.0791 3488
10:37:48.0791 3488 OS Version: 6.0.6001 ServicePack: 1.0
10:37:48.0791 3488 Product type: Workstation
10:37:48.0791 3488 ComputerName: SKIPPY
10:37:48.0791 3488 UserName: Administrator
10:37:48.0791 3488 Windows directory: C:\Windows
10:37:48.0791 3488 System windows directory: C:\Windows
10:37:48.0791 3488 Running under WOW64
10:37:48.0791 3488 Processor architecture: Intel x64
10:37:48.0791 3488 Number of processors: 2
10:37:48.0791 3488 Page size: 0x1000
10:37:48.0791 3488 Boot type: Normal boot
10:37:48.0791 3488 ============================================================
10:37:49.0743 3488 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:37:49.0743 3488 ============================================================
10:37:49.0743 3488 \Device\Harddisk0\DR0:
10:37:49.0743 3488 MBR partitions:
10:37:49.0743 3488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
10:37:49.0743 3488 ============================================================
10:37:49.0774 3488 C: <-> \Device\Harddisk0\DR0\Partition1
10:37:49.0774 3488 ============================================================
10:37:49.0774 3488 Initialize success
10:37:49.0774 3488 ============================================================
10:38:13.0346 3628 ============================================================
10:38:13.0346 3628 Scan started
10:38:13.0346 3628 Mode: Manual; TDLFS;
10:38:13.0346 3628 ============================================================
10:38:13.0767 3628 ================ Scan system memory ========================
10:38:13.0767 3628 System memory - ok
10:38:13.0767 3628 ================ Scan services =============================
10:38:14.0500 3628 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:38:14.0516 3628 ACPI - ok
10:38:14.0563 3628 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:38:14.0563 3628 adp94xx - ok
10:38:14.0594 3628 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:38:14.0594 3628 adpahci - ok
10:38:14.0594 3628 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:38:14.0609 3628 adpu160m - ok
10:38:14.0609 3628 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:38:14.0609 3628 adpu320 - ok
10:38:14.0641 3628 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:38:14.0641 3628 AeLookupSvc - ok
10:38:14.0656 3628 [ DB37041AB857ABC7E179E856D8E1582C ] AFD C:\Windows\system32\drivers\afd.sys
10:38:14.0656 3628 AFD - ok
10:38:14.0656 3628 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:38:14.0672 3628 agp440 - ok
10:38:14.0672 3628 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:38:14.0672 3628 aic78xx - ok
10:38:14.0672 3628 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
10:38:14.0687 3628 ALG - ok
10:38:14.0687 3628 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
10:38:14.0687 3628 aliide - ok
10:38:14.0687 3628 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
10:38:14.0687 3628 amdide - ok
10:38:14.0687 3628 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:38:14.0687 3628 AmdK8 - ok
10:38:14.0719 3628 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
10:38:14.0719 3628 Appinfo - ok
10:38:14.0719 3628 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
10:38:14.0719 3628 arc - ok
10:38:14.0719 3628 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:38:14.0734 3628 arcsas - ok
10:38:14.0734 3628 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:38:14.0734 3628 AsyncMac - ok
10:38:14.0750 3628 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
10:38:14.0750 3628 atapi - ok
10:38:14.0765 3628 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:38:14.0765 3628 AudioEndpointBuilder - ok
10:38:14.0765 3628 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:38:14.0765 3628 AudioSrv - ok
10:38:14.0797 3628 [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE C:\Windows\System32\bfe.dll
10:38:14.0797 3628 BFE - ok
10:38:14.0828 3628 [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS C:\Windows\System32\qmgr.dll
10:38:14.0843 3628 BITS - ok
10:38:14.0843 3628 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:38:14.0843 3628 blbdrive - ok
10:38:14.0843 3628 [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:38:14.0843 3628 bowser - ok
10:38:14.0859 3628 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:38:14.0859 3628 BrFiltLo - ok
10:38:14.0875 3628 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:38:14.0875 3628 BrFiltUp - ok
10:38:14.0906 3628 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
10:38:14.0906 3628 Browser - ok
10:38:14.0906 3628 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
10:38:14.0921 3628 Brserid - ok
10:38:14.0921 3628 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:38:14.0921 3628 BrSerWdm - ok
10:38:14.0921 3628 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:38:14.0921 3628 BrUsbMdm - ok
10:38:14.0921 3628 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:38:14.0921 3628 BrUsbSer - ok
10:38:14.0921 3628 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:38:14.0937 3628 BTHMODEM - ok
10:38:14.0937 3628 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:38:14.0937 3628 cdfs - ok
10:38:14.0937 3628 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:38:14.0937 3628 cdrom - ok
10:38:14.0968 3628 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll
10:38:14.0968 3628 CertPropSvc - ok
10:38:14.0968 3628 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
10:38:14.0968 3628 circlass - ok
10:38:14.0984 3628 [ CAEDA2572B7042B11062F327F099251D ] CLFS C:\Windows\system32\CLFS.sys
10:38:14.0984 3628 CLFS - ok
10:38:15.0077 3628 [ A4AF4201BD519971F8F34724F3CA9DBB ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:38:15.0077 3628 clr_optimization_v2.0.50727_32 - ok
10:38:15.0155 3628 [ 0EE3F378DFF6A8F0A122B5BFB6F2D9E5 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:38:15.0171 3628 clr_optimization_v2.0.50727_64 - ok
10:38:15.0296 3628 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:38:15.0311 3628 cmdide - ok
10:38:15.0311 3628 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:38:15.0311 3628 Compbatt - ok
10:38:15.0327 3628 COMSysApp - ok
10:38:15.0327 3628 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:38:15.0327 3628 crcdisk - ok
10:38:15.0343 3628 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:38:15.0358 3628 CryptSvc - ok
10:38:15.0389 3628 [ FF27BE0BA7B3C48D5C99AFCB56D436C2 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:38:15.0389 3628 DcomLaunch - ok
10:38:15.0389 3628 [ BD4ACC56E477AD7419CBE90FCEEB621B ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:38:15.0405 3628 DfsC - ok
10:38:15.0467 3628 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe
10:38:15.0514 3628 DFSR - ok
10:38:15.0530 3628 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:38:15.0545 3628 Dhcp - ok
10:38:15.0545 3628 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys
10:38:15.0561 3628 disk - ok
10:38:15.0561 3628 [ 93CE26DBED3182634F18DD2FE10E41BE ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:38:15.0561 3628 Dnscache - ok
10:38:15.0577 3628 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll
10:38:15.0577 3628 dot3svc - ok
10:38:15.0577 3628 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
10:38:15.0577 3628 DPS - ok
10:38:15.0623 3628 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:38:15.0623 3628 drmkaud - ok
10:38:15.0655 3628 [ 645B6C9DAD903EDDE4703CB76929B7DC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:38:15.0655 3628 DXGKrnl - ok
10:38:15.0670 3628 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
10:38:15.0670 3628 E1G60 - ok
10:38:15.0670 3628 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
10:38:15.0670 3628 EapHost - ok
10:38:15.0686 3628 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys
10:38:15.0686 3628 Ecache - ok
10:38:15.0717 3628 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:38:15.0717 3628 ehRecvr - ok
10:38:15.0733 3628 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
10:38:15.0733 3628 ehSched - ok
10:38:15.0748 3628 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
10:38:15.0748 3628 ehstart - ok
10:38:15.0748 3628 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:38:15.0748 3628 elxstor - ok
10:38:15.0764 3628 [ 31272DD1F13EE5031AF1E3EA054FD92C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:38:15.0764 3628 EMDMgmt - ok
10:38:15.0764 3628 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:38:15.0764 3628 ErrDev - ok
10:38:15.0795 3628 [ D8338E6B3C23AD36096A6FDABD039283 ] EventSystem C:\Windows\system32\es.dll
10:38:15.0795 3628 EventSystem - ok
10:38:15.0795 3628 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys
10:38:15.0795 3628 exfat - ok
10:38:15.0795 3628 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:38:15.0811 3628 fastfat - ok
10:38:15.0811 3628 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:38:15.0811 3628 fdc - ok
10:38:15.0826 3628 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
10:38:15.0826 3628 fdPHost - ok
10:38:15.0826 3628 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
10:38:15.0826 3628 FDResPub - ok
10:38:15.0842 3628 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:38:15.0842 3628 FileInfo - ok
10:38:15.0842 3628 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:38:15.0842 3628 Filetrace - ok
10:38:15.0857 3628 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:38:15.0857 3628 flpydisk - ok
10:38:15.0873 3628 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:38:15.0873 3628 FltMgr - ok
10:38:15.0904 3628 [ 3A8059E00C155283323CF57F998A73E0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:38:15.0920 3628 FontCache3.0.0.0 - ok
10:38:15.0920 3628 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:38:15.0920 3628 Fs_Rec - ok
10:38:15.0920 3628 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:38:15.0920 3628 gagp30kx - ok
10:38:15.0967 3628 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll
10:38:15.0967 3628 gpsvc - ok
10:38:16.0013 3628 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:38:16.0013 3628 HdAudAddService - ok
10:38:16.0029 3628 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:38:16.0029 3628 HDAudBus - ok
10:38:16.0029 3628 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:38:16.0029 3628 HidBth - ok
10:38:16.0029 3628 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:38:16.0029 3628 HidIr - ok
10:38:16.0045 3628 [ 0AA154538544E988429DA2D5AA803A6C ] hidserv C:\Windows\system32\hidserv.dll
10:38:16.0045 3628 hidserv - ok
10:38:16.0045 3628 [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:38:16.0045 3628 HidUsb - ok
10:38:16.0076 3628 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
10:38:16.0076 3628 hkmsvc - ok
10:38:16.0091 3628 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:38:16.0091 3628 HpCISSs - ok
10:38:16.0091 3628 [ 7C39506BC3BE2B77B7671BB320FDB736 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:38:16.0107 3628 HTTP - ok
10:38:16.0107 3628 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:38:16.0107 3628 i2omp - ok
10:38:16.0138 3628 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:38:16.0138 3628 i8042prt - ok
10:38:16.0138 3628 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:38:16.0138 3628 iaStorV - ok
10:38:16.0201 3628 [ F8E071CD7B92E81A2C64D860347EDA1E ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:38:16.0201 3628 idsvc - ok
10:38:16.0201 3628 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:38:16.0216 3628 iirsp - ok
10:38:16.0216 3628 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll
10:38:16.0232 3628 IKEEXT - ok
10:38:16.0247 3628 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
10:38:16.0247 3628 intelide - ok
10:38:16.0247 3628 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:38:16.0247 3628 intelppm - ok
10:38:16.0279 3628 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:38:16.0279 3628 IPBusEnum - ok
10:38:16.0294 3628 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:38:16.0294 3628 IpFilterDriver - ok
10:38:16.0294 3628 [ 82EFC3D6D161DD874F1203C5F60F623C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:38:16.0294 3628 iphlpsvc - ok
10:38:16.0294 3628 IpInIp - ok
10:38:16.0294 3628 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:38:16.0310 3628 IPMIDRV - ok
10:38:16.0310 3628 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:38:16.0310 3628 IPNAT - ok
10:38:16.0310 3628 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:38:16.0310 3628 IRENUM - ok
10:38:16.0325 3628 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:38:16.0325 3628 isapnp - ok
10:38:16.0341 3628 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:38:16.0341 3628 iScsiPrt - ok
10:38:16.0341 3628 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:38:16.0341 3628 iteatapi - ok
10:38:16.0357 3628 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:38:16.0357 3628 iteraid - ok
10:38:16.0357 3628 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:38:16.0357 3628 kbdclass - ok
10:38:16.0357 3628 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:38:16.0357 3628 kbdhid - ok
10:38:16.0372 3628 [ 1B461E9F6DB0EF829B4369F47A24BBEC ] KeyIso C:\Windows\system32\lsass.exe
10:38:16.0372 3628 KeyIso - ok
10:38:16.0388 3628 [ A6F636C447CF3DEF5F50018F0C0E1AAE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:38:16.0388 3628 KSecDD - ok
10:38:16.0388 3628 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:38:16.0388 3628 ksthunk - ok
10:38:16.0419 3628 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
10:38:16.0435 3628 KtmRm - ok
10:38:16.0450 3628 [ 6F212EDD7AAE8BD905C9E8824A34F8AE ] LanmanServer C:\Windows\system32\srvsvc.dll
10:38:16.0450 3628 LanmanServer - ok
10:38:16.0481 3628 [ D81690276C9E06A50D398CD1AE3C89AB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:38:16.0481 3628 LanmanWorkstation - ok
10:38:16.0481 3628 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:38:16.0481 3628 lltdio - ok
10:38:16.0497 3628 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:38:16.0497 3628 lltdsvc - ok
10:38:16.0497 3628 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:38:16.0513 3628 lmhosts - ok
10:38:16.0513 3628 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:38:16.0513 3628 LSI_FC - ok
10:38:16.0528 3628 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:38:16.0528 3628 LSI_SAS - ok
10:38:16.0528 3628 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:38:16.0528 3628 LSI_SCSI - ok
10:38:16.0528 3628 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
10:38:16.0528 3628 luafv - ok
10:38:16.0544 3628 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:38:16.0544 3628 Mcx2Svc - ok
10:38:16.0544 3628 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
10:38:16.0559 3628 megasas - ok
10:38:16.0591 3628 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:38:16.0591 3628 MegaSR - ok
10:38:16.0622 3628 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
10:38:16.0622 3628 MMCSS - ok
10:38:16.0622 3628 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
10:38:16.0622 3628 Modem - ok
10:38:16.0637 3628 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:38:16.0637 3628 monitor - ok
10:38:16.0637 3628 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:38:16.0637 3628 mouclass - ok
10:38:16.0637 3628 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:38:16.0637 3628 mouhid - ok
10:38:16.0637 3628 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:38:16.0637 3628 MountMgr - ok
10:38:16.0700 3628 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:38:16.0700 3628 MozillaMaintenance - ok
10:38:16.0715 3628 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
10:38:16.0715 3628 mpio - ok
10:38:16.0715 3628 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:38:16.0715 3628 mpsdrv - ok
10:38:16.0747 3628 [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc C:\Windows\system32\mpssvc.dll
10:38:16.0747 3628 MpsSvc - ok
10:38:16.0747 3628 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:38:16.0747 3628 Mraid35x - ok
10:38:16.0762 3628 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:38:16.0762 3628 MRxDAV - ok
10:38:16.0762 3628 [ 8E01ED1D845B0DAC094A9BE50D426187 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:38:16.0762 3628 mrxsmb - ok
10:38:16.0778 3628 [ 7ACA70376A4ECA01A8E02957E55D2710 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:38:16.0778 3628 mrxsmb10 - ok
10:38:16.0778 3628 [ 168DA84EBF8AFBC6E8F8EE229CC6DC9F ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:38:16.0778 3628 mrxsmb20 - ok
10:38:16.0778 3628 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
10:38:16.0793 3628 msahci - ok
10:38:16.0793 3628 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:38:16.0793 3628 msdsm - ok
10:38:16.0825 3628 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
10:38:16.0825 3628 MSDTC - ok
10:38:16.0825 3628 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:38:16.0825 3628 Msfs - ok
10:38:16.0840 3628 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:38:16.0840 3628 msisadrv - ok
10:38:16.0871 3628 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:38:16.0871 3628 MSiSCSI - ok
10:38:16.0871 3628 msiserver - ok
10:38:16.0887 3628 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:38:16.0887 3628 MSKSSRV - ok
10:38:16.0887 3628 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:38:16.0887 3628 MSPCLOCK - ok
10:38:16.0918 3628 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:38:16.0918 3628 MSPQM - ok
10:38:16.0934 3628 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:38:16.0934 3628 MsRPC - ok
10:38:16.0949 3628 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:38:16.0949 3628 mssmbios - ok
10:38:16.0965 3628 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:38:16.0965 3628 MSTEE - ok
10:38:16.0965 3628 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys
10:38:16.0965 3628 Mup - ok
10:38:17.0012 3628 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll
10:38:17.0012 3628 napagent - ok
10:38:17.0043 3628 [ 7C81124EA83CCA576558371C6AC0896D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:38:17.0043 3628 NativeWifiP - ok
10:38:17.0059 3628 [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS C:\Windows\system32\drivers\ndis.sys
10:38:17.0074 3628 NDIS - ok
10:38:17.0074 3628 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:38:17.0074 3628 NdisTapi - ok
10:38:17.0074 3628 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:38:17.0074 3628 Ndisuio - ok
10:38:17.0074 3628 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:38:17.0090 3628 NdisWan - ok
10:38:17.0090 3628 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:38:17.0090 3628 NDProxy - ok
10:38:17.0090 3628 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:38:17.0090 3628 NetBIOS - ok
10:38:17.0105 3628 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:38:17.0105 3628 netbt - ok
10:38:17.0105 3628 [ 1B461E9F6DB0EF829B4369F47A24BBEC ] Netlogon C:\Windows\system32\lsass.exe
10:38:17.0105 3628 Netlogon - ok
10:38:17.0121 3628 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
10:38:17.0137 3628 Netman - ok
10:38:17.0137 3628 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
10:38:17.0137 3628 netprofm - ok
10:38:17.0168 3628 [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:38:17.0168 3628 NetTcpPortSharing - ok
10:38:17.0168 3628 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:38:17.0168 3628 nfrd960 - ok
10:38:17.0199 3628 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
10:38:17.0199 3628 NlaSvc - ok
10:38:17.0199 3628 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:38:17.0199 3628 Npfs - ok
10:38:17.0215 3628 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
10:38:17.0215 3628 nsi - ok
10:38:17.0215 3628 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:38:17.0215 3628 nsiproxy - ok
10:38:17.0230 3628 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:38:17.0246 3628 Ntfs - ok
10:38:17.0277 3628 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
10:38:17.0277 3628 Null - ok
10:38:17.0371 3628 [ 9733F305FA84AAF84E7FB09C0B345ADB ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x64.sys
10:38:17.0386 3628 NVENETFD - ok
10:38:20.0085 3628 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:38:20.0147 3628 nvlddmkm - ok
10:38:20.0179 3628 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:38:20.0210 3628 nvraid - ok
10:38:20.0225 3628 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:38:20.0225 3628 nvstor - ok
10:38:20.0366 3628 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
10:38:20.0397 3628 nvsvc - ok
10:38:20.0678 3628 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:38:20.0678 3628 nvUpdatusService - ok
10:38:20.0693 3628 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:38:20.0709 3628 nv_agp - ok
10:38:20.0725 3628 NwlnkFlt - ok
10:38:20.0725 3628 NwlnkFwd - ok
10:38:20.0756 3628 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:38:20.0771 3628 ohci1394 - ok
10:38:20.0881 3628 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:38:20.0927 3628 p2pimsvc - ok
10:38:20.0990 3628 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll
10:38:20.0990 3628 p2psvc - ok
10:38:21.0037 3628 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:38:21.0052 3628 Parport - ok
10:38:21.0068 3628 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:38:21.0083 3628 partmgr - ok
10:38:21.0115 3628 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
10:38:21.0130 3628 PcaSvc - ok
10:38:21.0130 3628 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys
10:38:21.0146 3628 pci - ok
10:38:21.0177 3628 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
10:38:21.0177 3628 pciide - ok
10:38:21.0208 3628 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:38:21.0208 3628 pcmcia - ok
10:38:21.0271 3628 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:38:21.0286 3628 PEAUTH - ok
10:38:21.0879 3628 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:38:21.0895 3628 PerfHost - ok
10:38:22.0160 3628 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
10:38:22.0253 3628 pla - ok
10:38:22.0456 3628 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:38:22.0472 3628 PlugPlay - ok
10:38:22.0643 3628 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:38:22.0659 3628 PNRPAutoReg - ok
10:38:22.0815 3628 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:38:22.0831 3628 PNRPsvc - ok
10:38:22.0877 3628 [ 93EDFB7BE39DC47645069B4890B2CE7E ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:38:22.0893 3628 PolicyAgent - ok
10:38:22.0924 3628 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:38:22.0924 3628 PptpMiniport - ok
10:38:22.0955 3628 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
10:38:22.0955 3628 Processor - ok
10:38:23.0002 3628 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll
10:38:23.0018 3628 ProfSvc - ok
10:38:23.0033 3628 [ 1B461E9F6DB0EF829B4369F47A24BBEC ] ProtectedStorage C:\Windows\system32\lsass.exe
10:38:23.0033 3628 ProtectedStorage - ok
10:38:23.0065 3628 [ CE3AECB2BF2C377380EE028864841F4E ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:38:23.0096 3628 PSched - ok
10:38:23.0252 3628 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:38:23.0283 3628 ql2300 - ok
10:38:23.0330 3628 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:38:23.0345 3628 ql40xx - ok
10:38:23.0377 3628 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
10:38:23.0392 3628 QWAVE - ok
10:38:23.0392 3628 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:38:23.0392 3628 QWAVEdrv - ok
10:38:23.0408 3628 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:38:23.0408 3628 RasAcd - ok
10:38:23.0423 3628 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
10:38:23.0423 3628 RasAuto - ok
10:38:23.0439 3628 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:38:23.0439 3628 Rasl2tp - ok
10:38:23.0455 3628 [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan C:\Windows\System32\rasmans.dll
10:38:23.0455 3628 RasMan - ok
10:38:23.0455 3628 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:38:23.0455 3628 RasPppoe - ok
10:38:23.0486 3628 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:38:23.0486 3628 RasSstp - ok
10:38:23.0501 3628 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:38:23.0517 3628 rdbss - ok
10:38:23.0517 3628 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:38:23.0517 3628 RDPCDD - ok
10:38:23.0564 3628 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:38:23.0564 3628 rdpdr - ok
10:38:23.0579 3628 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:38:23.0579 3628 RDPENCDD - ok
10:38:23.0595 3628 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:38:23.0595 3628 RDPWD - ok
10:38:23.0611 3628 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:38:23.0657 3628 RemoteAccess - ok
10:38:23.0798 3628 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:38:23.0860 3628 RemoteRegistry - ok
10:38:23.0891 3628 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
10:38:23.0923 3628 RpcLocator - ok
10:38:24.0079 3628 [ FF27BE0BA7B3C48D5C99AFCB56D436C2 ] RpcSs C:\Windows\system32\rpcss.dll
10:38:24.0079 3628 RpcSs - ok
10:38:24.0094 3628 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:38:24.0110 3628 rspndr - ok
10:38:24.0110 3628 [ 1B461E9F6DB0EF829B4369F47A24BBEC ] SamSs C:\Windows\system32\lsass.exe
10:38:24.0110 3628 SamSs - ok
10:38:24.0110 3628 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:38:24.0125 3628 sbp2port - ok
10:38:24.0141 3628 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:38:24.0141 3628 SCardSvr - ok
10:38:24.0157 3628 [ C74C6C01353D87AAFE1193B426D667B0 ] Schedule C:\Windows\system32\schedsvc.dll
10:38:24.0172 3628 Schedule - ok
10:38:24.0188 3628 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:38:24.0188 3628 SCPolicySvc - ok
10:38:24.0219 3628 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:38:24.0219 3628 SDRSVC - ok
10:38:24.0219 3628 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:38:24.0219 3628 secdrv - ok
10:38:24.0235 3628 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
10:38:24.0235 3628 seclogon - ok
10:38:24.0250 3628 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
10:38:24.0250 3628 SENS - ok
10:38:24.0281 3628 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:38:24.0281 3628 Serenum - ok
10:38:24.0297 3628 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:38:24.0297 3628 Serial - ok
10:38:24.0313 3628 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:38:24.0328 3628 sermouse - ok
10:38:24.0344 3628 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
10:38:24.0344 3628 SessionEnv - ok
10:38:24.0359 3628 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:38:24.0359 3628 sffdisk - ok
10:38:24.0359 3628 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:38:24.0359 3628 sffp_mmc - ok
10:38:24.0359 3628 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:38:24.0359 3628 sffp_sd - ok
10:38:24.0375 3628 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:38:24.0375 3628 sfloppy - ok
10:38:24.0375 3628 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:38:24.0391 3628 SharedAccess - ok
10:38:24.0437 3628 [ EB3114330236CF030E8EDF62881BAF67 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:38:24.0437 3628 ShellHWDetection - ok
10:38:24.0453 3628 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:38:24.0453 3628 SiSRaid2 - ok
10:38:24.0484 3628 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:38:24.0484 3628 SiSRaid4 - ok
10:38:24.0531 3628 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe
10:38:24.0562 3628 slsvc - ok
10:38:24.0562 3628 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:38:24.0562 3628 SLUINotify - ok
10:38:24.0578 3628 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:38:24.0578 3628 Smb - ok
10:38:24.0593 3628 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:38:24.0593 3628 SNMPTRAP - ok
10:38:24.0609 3628 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys
10:38:24.0609 3628 spldr - ok
10:38:24.0625 3628 [ E6519A9E756D74DC51C697BA62162F51 ] Spooler C:\Windows\System32\spoolsv.exe
10:38:24.0640 3628 Spooler - ok
10:38:24.0671 3628 [ B02F20D0D581496B826E21F8572C62B0 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:38:24.0687 3628 srv - ok
10:38:24.0718 3628 [ 68DCD148225F40EF1CDF6CFC115CB6FE ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:38:24.0734 3628 srv2 - ok
10:38:24.0765 3628 [ 4D0858B640CDBCBA671C5439A8EF45CB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:38:24.0781 3628 srvnet - ok
10:38:24.0796 3628 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:38:24.0812 3628 SSDPSRV - ok
10:38:24.0937 3628 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:38:24.0937 3628 SstpSvc - ok
10:38:25.0061 3628 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:38:25.0077 3628 Stereo Service - ok
10:38:25.0108 3628 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll
10:38:25.0155 3628 stisvc - ok
10:38:25.0171 3628 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:38:25.0171 3628 swenum - ok
10:38:25.0233 3628 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll
10:38:25.0264 3628 swprv - ok
10:38:25.0264 3628 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:38:25.0264 3628 Symc8xx - ok
10:38:25.0280 3628 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:38:25.0280 3628 Sym_hi - ok
10:38:25.0295 3628 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:38:25.0311 3628 Sym_u3 - ok
10:38:25.0373 3628 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll
10:38:25.0389 3628 SysMain - ok
10:38:25.0405 3628 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:38:25.0405 3628 TabletInputService - ok
10:38:25.0420 3628 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll
10:38:25.0420 3628 TapiSrv - ok
10:38:25.0451 3628 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
10:38:25.0467 3628 TBS - ok
10:38:25.0514 3628 [ 7A1183FBB802F5ABAD7FA18BC67E0858 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:38:25.0545 3628 Tcpip - ok
10:38:25.0576 3628 [ 7A1183FBB802F5ABAD7FA18BC67E0858 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:38:25.0592 3628 Tcpip6 - ok
10:38:25.0607 3628 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:38:25.0607 3628 tcpipreg - ok
10:38:25.0623 3628 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:38:25.0623 3628 TDPIPE - ok
10:38:25.0623 3628 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:38:25.0623 3628 TDTCP - ok
10:38:25.0639 3628 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:38:25.0639 3628 tdx - ok
10:38:25.0654 3628 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:38:25.0654 3628 TermDD - ok
10:38:25.0685 3628 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll
10:38:25.0701 3628 TermService - ok
10:38:25.0717 3628 [ EB3114330236CF030E8EDF62881BAF67 ] Themes C:\Windows\system32\shsvcs.dll
10:38:25.0717 3628 Themes - ok
10:38:25.0732 3628 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
10:38:25.0732 3628 THREADORDER - ok
10:38:25.0748 3628 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
10:38:25.0748 3628 TrkWks - ok
10:38:25.0779 3628 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:38:25.0779 3628 TrustedInstaller - ok
10:38:25.0779 3628 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:25.0779 3628 tssecsrv - ok
10:38:25.0810 3628 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:38:25.0810 3628 tunmp - ok
10:38:25.0810 3628 [ F6A4FBA7C03AC2EFD00F3301C0C1E067 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:38:25.0810 3628 tunnel - ok
10:38:25.0826 3628 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:38:25.0826 3628 uagp35 - ok
10:38:25.0826 3628 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:38:25.0826 3628 udfs - ok
10:38:25.0841 3628 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:38:25.0841 3628 UI0Detect - ok
10:38:25.0904 3628 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:38:25.0919 3628 uliagpkx - ok
10:38:25.0951 3628 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:38:25.0951 3628 uliahci - ok
10:38:25.0951 3628 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:38:25.0951 3628 UlSata - ok
10:38:25.0966 3628 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:38:25.0966 3628 ulsata2 - ok
10:38:25.0966 3628 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:38:25.0966 3628 umbus - ok
10:38:25.0982 3628 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
10:38:25.0997 3628 upnphost - ok
10:38:25.0997 3628 [ 66627C6008319DEF7909F21FB75A8991 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:25.0997 3628 usbccgp - ok
10:38:25.0997 3628 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:38:25.0997 3628 usbcir - ok
10:38:26.0013 3628 [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:38:26.0013 3628 usbehci - ok
10:38:26.0029 3628 [ 99045369AE3216216573D0775FD7ED56 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:38:26.0044 3628 usbhub - ok
10:38:26.0091 3628 [ 540B622DA0949695C40CDC9D5D497A8B ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:38:26.0107 3628 usbohci - ok
10:38:26.0122 3628 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:38:26.0122 3628 usbprint - ok
10:38:26.0122 3628 USBSTOR - ok
10:38:26.0138 3628 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:38:26.0138 3628 usbuhci - ok
10:38:26.0153 3628 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll
10:38:26.0153 3628 UxSms - ok
10:38:26.0169 3628 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe
10:38:26.0200 3628 vds - ok
10:38:26.0200 3628 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:38:26.0200 3628 vga - ok
10:38:26.0200 3628 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:38:26.0200 3628 VgaSave - ok
10:38:26.0216 3628 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
10:38:26.0216 3628 viaide - ok
10:38:26.0231 3628 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:38:26.0231 3628 volmgr - ok
10:38:26.0278 3628 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:38:26.0278 3628 volmgrx - ok
10:38:26.0309 3628 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:38:26.0309 3628 volsnap - ok
10:38:26.0341 3628 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:38:26.0341 3628 vsmraid - ok
10:38:26.0450 3628 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe
10:38:26.0497 3628 VSS - ok
10:38:26.0512 3628 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll
10:38:26.0512 3628 W32Time - ok
10:38:26.0528 3628 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:38:26.0528 3628 WacomPen - ok
10:38:26.0543 3628 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:38:26.0543 3628 Wanarp - ok
10:38:26.0543 3628 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:38:26.0543 3628 Wanarpv6 - ok
10:38:26.0575 3628 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:38:26.0637 3628 wcncsvc - ok
10:38:26.0653 3628 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:38:26.0653 3628 WcsPlugInService - ok
10:38:26.0668 3628 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
10:38:26.0668 3628 Wd - ok
10:38:26.0777 3628 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:38:26.0824 3628 Wdf01000 - ok
10:38:26.0840 3628 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:38:26.0840 3628 WdiServiceHost - ok
10:38:26.0855 3628 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:38:26.0855 3628 WdiSystemHost - ok
10:38:26.0918 3628 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll
10:38:26.0933 3628 WebClient - ok
10:38:26.0949 3628 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:38:26.0949 3628 Wecsvc - ok
10:38:26.0996 3628 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:38:27.0011 3628 wercplsupport - ok
10:38:27.0027 3628 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
10:38:27.0043 3628 WerSvc - ok
10:38:27.0058 3628 WinDefend - ok
10:38:27.0058 3628 WinHttpAutoProxySvc - ok
10:38:27.0277 3628 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:38:27.0277 3628 Winmgmt - ok
10:38:27.0386 3628 [ AEB6C5200FD5517F06076AF0EE4538E1 ] WinRM C:\Windows\system32\WsmSvc.dll
10:38:27.0464 3628 WinRM - ok
10:38:27.0511 3628 [ 05477E53B7B529435026F705B4235324 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:38:27.0526 3628 Wlansvc - ok
10:38:27.0542 3628 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:38:27.0542 3628 WmiAcpi - ok
10:38:27.0557 3628 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:38:27.0589 3628 wmiApSrv - ok
10:38:27.0604 3628 WMPNetworkSvc - ok
10:38:27.0667 3628 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:38:27.0698 3628 WPCSvc - ok
10:38:27.0745 3628 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:38:27.0745 3628 WPDBusEnum - ok
10:38:27.0791 3628 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:38:27.0791 3628 ws2ifsl - ok
10:38:28.0025 3628 [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc C:\Windows\System32\wscsvc.dll
10:38:28.0041 3628 wscsvc - ok
10:38:28.0041 3628 WSearch - ok
10:38:28.0150 3628 [ 69F2BC7B46E3E15C8EC688F42A65B57F ] wuauserv C:\Windows\system32\wuaueng.dll
10:38:28.0197 3628 wuauserv - ok
10:38:28.0228 3628 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:38:28.0228 3628 wudfsvc - ok
10:38:28.0244 3628 ================ Scan global ===============================
10:38:28.0259 3628 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
10:38:28.0322 3628 [ A9C654098A5CA39618DA9D022A6691B8 ] C:\Windows\system32\winsrv.dll
10:38:28.0353 3628 [ A9C654098A5CA39618DA9D022A6691B8 ] C:\Windows\system32\winsrv.dll
10:38:28.0431 3628 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
10:38:28.0478 3628 [Global] - ok
10:38:28.0478 3628 ================ Scan MBR ==================================
10:38:28.0493 3628 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:38:28.0493 3628 Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:38:28.0525 3628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:38:28.0525 3628 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:38:28.0915 3628 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:38:28.0915 3628 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:38:28.0915 3628 ================ Scan VBR ==================================
10:38:28.0915 3628 [ 726FA726F230D0F94DA87C62D0A52106 ] \Device\Harddisk0\DR0\Partition1
10:38:28.0915 3628 \Device\Harddisk0\DR0\Partition1 - ok
10:38:28.0915 3628 ============================================================
10:38:28.0915 3628 Scan finished
10:38:28.0915 3628 ============================================================
10:38:28.0930 3620 Detected object count: 2
10:38:28.0930 3620 Actual detected object count: 2
10:39:07.0868 3620 \Device\Harddisk0\DR0\# - copied to quarantine
10:39:07.0868 3620 \Device\Harddisk0\DR0 - copied to quarantine
10:39:07.0899 3620 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:39:07.0899 3620 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:39:07.0899 3620 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:39:07.0899 3620 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:39:07.0915 3620 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:39:07.0915 3620 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:39:07.0915 3620 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:39:07.0915 3620 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:39:07.0915 3620 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:39:07.0915 3620 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:39:07.0915 3620 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:39:07.0946 3620 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:39:07.0946 3620 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:39:07.0946 3620 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:39:07.0961 3620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:39:07.0993 3620 \Device\Harddisk0\DR0 - ok
10:39:13.0593 3620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:39:13.0593 3620 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:39:13.0593 3620 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:39:19.0661 3480 Deinitialize success

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-07 10:43:45
-----------------------------
10:43:45.969 OS Version: Windows x64 6.0.6001 Service Pack 1
10:43:45.969 Number of processors: 2 586 0x170A
10:43:45.969 ComputerName: SKIPPY UserName:
10:43:46.874 Initialize success
10:44:25.944 AVAST engine defs: 12100701
10:44:36.381 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004c
10:44:36.381 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
10:44:36.396 Disk 0 MBR read successfully
10:44:36.396 Disk 0 MBR scan
10:44:36.396 Disk 0 Windows VISTA default MBR code
10:44:36.396 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
10:44:36.412 Disk 0 scanning C:\Windows\system32\drivers
10:44:40.593 Service scanning
10:44:50.374 Modules scanning
10:44:50.374 Disk 0 trace - called modules:
10:44:50.390 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor.sys
10:44:50.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80084b5460]
10:44:50.390 3 CLASSPNP.SYS[fffffa6001204b3a] -> nt!IofCallDriver -> [0xfffffa80081f5c20]
10:44:50.889 5 acpi.sys[fffffa60008fbff6] -> nt!IofCallDriver -> \Device\0000004c[0xfffffa80081f4060]
10:44:52.059 AVAST engine scan C:\Windows
10:44:53.151 AVAST engine scan C:\Windows\system32
10:45:54.771 AVAST engine scan C:\Windows\system32\drivers
10:46:03.491 AVAST engine scan C:\Users\Administrator
10:46:30.510 AVAST engine scan C:\ProgramData
10:46:36.610 Scan finished successfully
10:47:23.691 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Documents\MBR.dat"
10:47:23.691 The log file has been saved successfully to "C:\Users\Administrator\Documents\aswMBR.txt"


eset:

C:\TDSSKiller_Quarantine\07.10.2012_10.37.48\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.10.2012_10.37.48\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.10.2012_10.37.48\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.10.2012_10.37.48\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.10.2012_10.37.48\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.10.2012_10.37.48\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.10.2012_10.37.48\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.10.2012_10.37.48\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 07 October 2012 - 10:10 AM

Please run TDSSkiller again and select DELETE for this entry

10:39:13.0593 3620 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 AlmightyFork

AlmightyFork
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 07 October 2012 - 11:03 AM

TDSSkiller:

11:26:10.0815 3684 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:26:11.0096 3684 ============================================================
11:26:11.0096 3684 Current date / time: 2012/10/07 11:26:11.0096
11:26:11.0096 3684 SystemInfo:
11:26:11.0096 3684
11:26:11.0096 3684 OS Version: 6.0.6001 ServicePack: 1.0
11:26:11.0096 3684 Product type: Workstation
11:26:11.0096 3684 ComputerName: SKIPPY
11:26:11.0096 3684 UserName: Administrator
11:26:11.0096 3684 Windows directory: C:\Windows
11:26:11.0096 3684 System windows directory: C:\Windows
11:26:11.0096 3684 Running under WOW64
11:26:11.0096 3684 Processor architecture: Intel x64
11:26:11.0096 3684 Number of processors: 2
11:26:11.0096 3684 Page size: 0x1000
11:26:11.0096 3684 Boot type: Normal boot
11:26:11.0096 3684 ============================================================
11:26:11.0486 3684 BG loaded
11:26:11.0689 3684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:26:11.0689 3684 ============================================================
11:26:11.0689 3684 \Device\Harddisk0\DR0:
11:26:11.0689 3684 MBR partitions:
11:26:11.0689 3684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
11:26:11.0689 3684 ============================================================
11:26:11.0720 3684 C: <-> \Device\Harddisk0\DR0\Partition1
11:26:11.0720 3684 ============================================================
11:26:11.0720 3684 Initialize success
11:26:11.0720 3684 ============================================================
11:26:18.0615 2900 ============================================================
11:26:18.0615 2900 Scan started
11:26:18.0615 2900 Mode: Manual; TDLFS;
11:26:18.0615 2900 ============================================================
11:26:19.0473 2900 ================ Scan system memory ========================
11:26:19.0473 2900 System memory - ok
11:26:19.0473 2900 ================ Scan services =============================
11:26:19.0723 2900 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:26:19.0723 2900 ACPI - ok
11:26:19.0723 2900 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:26:19.0723 2900 adp94xx - ok
11:26:19.0739 2900 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:26:19.0739 2900 adpahci - ok
11:26:19.0754 2900 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:26:19.0754 2900 adpu160m - ok
11:26:19.0754 2900 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:26:19.0770 2900 adpu320 - ok
11:26:19.0785 2900 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:26:19.0785 2900 AeLookupSvc - ok
11:26:19.0801 2900 [ DB37041AB857ABC7E179E856D8E1582C ] AFD C:\Windows\system32\drivers\afd.sys
11:26:19.0801 2900 AFD - ok
11:26:19.0817 2900 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:26:19.0832 2900 agp440 - ok
11:26:19.0832 2900 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:26:19.0832 2900 aic78xx - ok
11:26:19.0832 2900 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
11:26:19.0832 2900 ALG - ok
11:26:19.0848 2900 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
11:26:19.0848 2900 aliide - ok
11:26:19.0848 2900 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
11:26:19.0848 2900 amdide - ok
11:26:19.0848 2900 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:26:19.0848 2900 AmdK8 - ok
11:26:19.0879 2900 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
11:26:19.0879 2900 Appinfo - ok
11:26:19.0895 2900 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
11:26:19.0895 2900 arc - ok
11:26:19.0895 2900 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:26:19.0910 2900 arcsas - ok
11:26:19.0910 2900 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:26:19.0910 2900 AsyncMac - ok
11:26:19.0926 2900 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
11:26:19.0926 2900 atapi - ok
11:26:19.0957 2900 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:26:19.0957 2900 AudioEndpointBuilder - ok
11:26:19.0957 2900 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:26:19.0957 2900 AudioSrv - ok
11:26:19.0988 2900 [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE C:\Windows\System32\bfe.dll
11:26:19.0988 2900 BFE - ok
11:26:20.0019 2900 [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS C:\Windows\System32\qmgr.dll
11:26:20.0035 2900 BITS - ok
11:26:20.0035 2900 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:26:20.0035 2900 blbdrive - ok
11:26:20.0035 2900 [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:26:20.0051 2900 bowser - ok
11:26:20.0051 2900 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:26:20.0051 2900 BrFiltLo - ok
11:26:20.0051 2900 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:26:20.0051 2900 BrFiltUp - ok
11:26:20.0082 2900 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
11:26:20.0082 2900 Browser - ok
11:26:20.0082 2900 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
11:26:20.0082 2900 Brserid - ok
11:26:20.0082 2900 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:26:20.0097 2900 BrSerWdm - ok
11:26:20.0097 2900 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:26:20.0097 2900 BrUsbMdm - ok
11:26:20.0097 2900 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
11:26:20.0097 2900 BrUsbSer - ok
11:26:20.0097 2900 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:26:20.0113 2900 BTHMODEM - ok
11:26:20.0113 2900 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:26:20.0113 2900 cdfs - ok
11:26:20.0113 2900 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:26:20.0113 2900 cdrom - ok
11:26:20.0129 2900 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll
11:26:20.0129 2900 CertPropSvc - ok
11:26:20.0129 2900 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
11:26:20.0129 2900 circlass - ok
11:26:20.0144 2900 [ CAEDA2572B7042B11062F327F099251D ] CLFS C:\Windows\system32\CLFS.sys
11:26:20.0160 2900 CLFS - ok
11:26:20.0238 2900 [ A4AF4201BD519971F8F34724F3CA9DBB ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:26:20.0238 2900 clr_optimization_v2.0.50727_32 - ok
11:26:20.0331 2900 [ 0EE3F378DFF6A8F0A122B5BFB6F2D9E5 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:26:20.0331 2900 clr_optimization_v2.0.50727_64 - ok
11:26:20.0331 2900 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:26:20.0331 2900 cmdide - ok
11:26:20.0331 2900 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:26:20.0331 2900 Compbatt - ok
11:26:20.0347 2900 COMSysApp - ok
11:26:20.0347 2900 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:26:20.0347 2900 crcdisk - ok
11:26:20.0378 2900 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:26:20.0378 2900 CryptSvc - ok
11:26:20.0441 2900 [ FF27BE0BA7B3C48D5C99AFCB56D436C2 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:26:20.0441 2900 DcomLaunch - ok
11:26:20.0456 2900 [ BD4ACC56E477AD7419CBE90FCEEB621B ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:26:20.0456 2900 DfsC - ok
11:26:20.0534 2900 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe
11:26:20.0565 2900 DFSR - ok
11:26:20.0612 2900 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:26:20.0612 2900 Dhcp - ok
11:26:20.0612 2900 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys
11:26:20.0628 2900 disk - ok
11:26:20.0643 2900 [ 93CE26DBED3182634F18DD2FE10E41BE ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:26:20.0643 2900 Dnscache - ok
11:26:20.0643 2900 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll
11:26:20.0643 2900 dot3svc - ok
11:26:20.0659 2900 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
11:26:20.0675 2900 DPS - ok
11:26:20.0706 2900 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:26:20.0706 2900 drmkaud - ok
11:26:20.0737 2900 [ 645B6C9DAD903EDDE4703CB76929B7DC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:26:20.0737 2900 DXGKrnl - ok
11:26:20.0737 2900 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
11:26:20.0753 2900 E1G60 - ok
11:26:20.0753 2900 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
11:26:20.0753 2900 EapHost - ok
11:26:20.0768 2900 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys
11:26:20.0768 2900 Ecache - ok
11:26:20.0815 2900 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:26:20.0815 2900 ehRecvr - ok
11:26:20.0831 2900 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
11:26:20.0831 2900 ehSched - ok
11:26:20.0846 2900 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
11:26:20.0846 2900 ehstart - ok
11:26:20.0846 2900 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:26:20.0846 2900 elxstor - ok
11:26:20.0862 2900 [ 31272DD1F13EE5031AF1E3EA054FD92C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:26:20.0862 2900 EMDMgmt - ok
11:26:20.0877 2900 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:26:20.0877 2900 ErrDev - ok
11:26:20.0893 2900 [ D8338E6B3C23AD36096A6FDABD039283 ] EventSystem C:\Windows\system32\es.dll
11:26:20.0893 2900 EventSystem - ok
11:26:20.0909 2900 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys
11:26:20.0909 2900 exfat - ok
11:26:20.0909 2900 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:26:20.0909 2900 fastfat - ok
11:26:20.0909 2900 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:26:20.0924 2900 fdc - ok
11:26:20.0924 2900 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
11:26:20.0924 2900 fdPHost - ok
11:26:20.0940 2900 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
11:26:20.0940 2900 FDResPub - ok
11:26:20.0940 2900 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:26:20.0940 2900 FileInfo - ok
11:26:20.0940 2900 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:26:20.0940 2900 Filetrace - ok
11:26:20.0955 2900 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:26:20.0955 2900 flpydisk - ok
11:26:20.0971 2900 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:26:20.0971 2900 FltMgr - ok
11:26:20.0987 2900 [ 3A8059E00C155283323CF57F998A73E0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:26:21.0002 2900 FontCache3.0.0.0 - ok
11:26:21.0002 2900 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:26:21.0002 2900 Fs_Rec - ok
11:26:21.0002 2900 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:26:21.0002 2900 gagp30kx - ok
11:26:21.0033 2900 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll
11:26:21.0033 2900 gpsvc - ok
11:26:21.0049 2900 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:26:21.0049 2900 HdAudAddService - ok
11:26:21.0065 2900 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:26:21.0065 2900 HDAudBus - ok
11:26:21.0065 2900 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:26:21.0065 2900 HidBth - ok
11:26:21.0065 2900 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:26:21.0065 2900 HidIr - ok
11:26:21.0080 2900 [ 0AA154538544E988429DA2D5AA803A6C ] hidserv C:\Windows\system32\hidserv.dll
11:26:21.0080 2900 hidserv - ok
11:26:21.0080 2900 [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:26:21.0080 2900 HidUsb - ok
11:26:21.0111 2900 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
11:26:21.0111 2900 hkmsvc - ok
11:26:21.0127 2900 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
11:26:21.0127 2900 HpCISSs - ok
11:26:21.0127 2900 [ 7C39506BC3BE2B77B7671BB320FDB736 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:26:21.0127 2900 HTTP - ok
11:26:21.0143 2900 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
11:26:21.0143 2900 i2omp - ok
11:26:21.0143 2900 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:26:21.0143 2900 i8042prt - ok
11:26:21.0158 2900 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
11:26:21.0174 2900 iaStorV - ok
11:26:21.0221 2900 [ F8E071CD7B92E81A2C64D860347EDA1E ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:26:21.0221 2900 idsvc - ok
11:26:21.0221 2900 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:26:21.0221 2900 iirsp - ok
11:26:21.0252 2900 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll
11:26:21.0252 2900 IKEEXT - ok
11:26:21.0267 2900 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
11:26:21.0267 2900 intelide - ok
11:26:21.0283 2900 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:26:21.0283 2900 intelppm - ok
11:26:21.0299 2900 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:26:21.0299 2900 IPBusEnum - ok
11:26:21.0299 2900 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:26:21.0314 2900 IpFilterDriver - ok
11:26:21.0314 2900 [ 82EFC3D6D161DD874F1203C5F60F623C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:26:21.0314 2900 iphlpsvc - ok
11:26:21.0314 2900 IpInIp - ok
11:26:21.0330 2900 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
11:26:21.0330 2900 IPMIDRV - ok
11:26:21.0330 2900 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
11:26:21.0330 2900 IPNAT - ok
11:26:21.0330 2900 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:26:21.0330 2900 IRENUM - ok
11:26:21.0345 2900 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:26:21.0345 2900 isapnp - ok
11:26:21.0361 2900 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:26:21.0361 2900 iScsiPrt - ok
11:26:21.0377 2900 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
11:26:21.0377 2900 iteatapi - ok
11:26:21.0392 2900 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
11:26:21.0392 2900 iteraid - ok
11:26:21.0392 2900 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:26:21.0392 2900 kbdclass - ok
11:26:21.0392 2900 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:26:21.0392 2900 kbdhid - ok
11:26:21.0408 2900 [ 1B461E9F6DB0EF829B4369F47A24BBEC ] KeyIso C:\Windows\system32\lsass.exe
11:26:21.0408 2900 KeyIso - ok
11:26:21.0423 2900 [ A6F636C447CF3DEF5F50018F0C0E1AAE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:26:21.0423 2900 KSecDD - ok
11:26:21.0439 2900 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:26:21.0439 2900 ksthunk - ok
11:26:21.0486 2900 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
11:26:21.0486 2900 KtmRm - ok
11:26:21.0501 2900 [ 6F212EDD7AAE8BD905C9E8824A34F8AE ] LanmanServer C:\Windows\system32\srvsvc.dll
11:26:21.0517 2900 LanmanServer - ok
11:26:21.0533 2900 [ D81690276C9E06A50D398CD1AE3C89AB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:26:21.0548 2900 LanmanWorkstation - ok
11:26:21.0548 2900 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:26:21.0548 2900 lltdio - ok
11:26:21.0564 2900 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:26:21.0564 2900 lltdsvc - ok
11:26:21.0564 2900 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:26:21.0579 2900 lmhosts - ok
11:26:21.0579 2900 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:26:21.0579 2900 LSI_FC - ok
11:26:21.0579 2900 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:26:21.0595 2900 LSI_SAS - ok
11:26:21.0595 2900 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:26:21.0595 2900 LSI_SCSI - ok
11:26:21.0595 2900 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
11:26:21.0595 2900 luafv - ok
11:26:21.0626 2900 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:26:21.0626 2900 Mcx2Svc - ok
11:26:21.0642 2900 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
11:26:21.0642 2900 megasas - ok
11:26:21.0673 2900 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
11:26:21.0673 2900 MegaSR - ok
11:26:21.0704 2900 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
11:26:21.0704 2900 MMCSS - ok
11:26:21.0704 2900 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
11:26:21.0704 2900 Modem - ok
11:26:21.0720 2900 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:26:21.0720 2900 monitor - ok
11:26:21.0720 2900 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:26:21.0720 2900 mouclass - ok
11:26:21.0735 2900 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:26:21.0735 2900 mouhid - ok
11:26:21.0735 2900 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
11:26:21.0735 2900 MountMgr - ok
11:26:21.0798 2900 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:26:21.0798 2900 MozillaMaintenance - ok
11:26:21.0798 2900 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
11:26:21.0813 2900 mpio - ok
11:26:21.0813 2900 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:26:21.0813 2900 mpsdrv - ok
11:26:21.0829 2900 [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc C:\Windows\system32\mpssvc.dll
11:26:21.0829 2900 MpsSvc - ok
11:26:21.0845 2900 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
11:26:21.0845 2900 Mraid35x - ok
11:26:21.0845 2900 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:26:21.0845 2900 MRxDAV - ok
11:26:21.0860 2900 [ 8E01ED1D845B0DAC094A9BE50D426187 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:26:21.0860 2900 mrxsmb - ok
11:26:21.0860 2900 [ 7ACA70376A4ECA01A8E02957E55D2710 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:26:21.0860 2900 mrxsmb10 - ok
11:26:21.0876 2900 [ 168DA84EBF8AFBC6E8F8EE229CC6DC9F ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:26:21.0876 2900 mrxsmb20 - ok
11:26:21.0876 2900 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
11:26:21.0876 2900 msahci - ok
11:26:21.0891 2900 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:26:21.0891 2900 msdsm - ok
11:26:21.0891 2900 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
11:26:21.0891 2900 MSDTC - ok
11:26:21.0907 2900 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:26:21.0907 2900 Msfs - ok
11:26:21.0907 2900 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:26:21.0907 2900 msisadrv - ok
11:26:21.0938 2900 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:26:21.0938 2900 MSiSCSI - ok
11:26:21.0938 2900 msiserver - ok
11:26:21.0954 2900 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:26:21.0954 2900 MSKSSRV - ok
11:26:21.0954 2900 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:26:21.0954 2900 MSPCLOCK - ok
11:26:21.0969 2900 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:26:21.0969 2900 MSPQM - ok
11:26:21.0969 2900 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:26:21.0969 2900 MsRPC - ok
11:26:21.0985 2900 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:26:21.0985 2900 mssmbios - ok
11:26:21.0985 2900 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:26:21.0985 2900 MSTEE - ok
11:26:21.0985 2900 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys
11:26:22.0001 2900 Mup - ok
11:26:22.0016 2900 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll
11:26:22.0016 2900 napagent - ok
11:26:22.0032 2900 [ 7C81124EA83CCA576558371C6AC0896D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:26:22.0032 2900 NativeWifiP - ok
11:26:22.0063 2900 [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS C:\Windows\system32\drivers\ndis.sys
11:26:22.0079 2900 NDIS - ok
11:26:22.0079 2900 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:26:22.0079 2900 NdisTapi - ok
11:26:22.0079 2900 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:26:22.0094 2900 Ndisuio - ok
11:26:22.0094 2900 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:26:22.0094 2900 NdisWan - ok
11:26:22.0094 2900 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:26:22.0094 2900 NDProxy - ok
11:26:22.0110 2900 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:26:22.0110 2900 NetBIOS - ok
11:26:22.0110 2900 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
11:26:22.0110 2900 netbt - ok
11:26:22.0125 2900 [ 1B461E9F6DB0EF829B4369F47A24BBEC ] Netlogon C:\Windows\system32\lsass.exe
11:26:22.0125 2900 Netlogon - ok
11:26:22.0141 2900 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
11:26:22.0141 2900 Netman - ok
11:26:22.0157 2900 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
11:26:22.0157 2900 netprofm - ok
11:26:22.0188 2900 [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:26:22.0188 2900 NetTcpPortSharing - ok
11:26:22.0188 2900 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:26:22.0188 2900 nfrd960 - ok
11:26:22.0203 2900 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
11:26:22.0203 2900 NlaSvc - ok
11:26:22.0203 2900 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:26:22.0219 2900 Npfs - ok
11:26:22.0219 2900 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
11:26:22.0219 2900 nsi - ok
11:26:22.0219 2900 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:26:22.0219 2900 nsiproxy - ok
11:26:22.0250 2900 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:26:22.0266 2900 Ntfs - ok
11:26:22.0266 2900 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
11:26:22.0266 2900 Null - ok
11:26:22.0313 2900 [ 9733F305FA84AAF84E7FB09C0B345ADB ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x64.sys
11:26:22.0328 2900 NVENETFD - ok
11:26:22.0547 2900 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:26:22.0734 2900 nvlddmkm - ok
11:26:22.0749 2900 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:26:22.0749 2900 nvraid - ok
11:26:22.0749 2900 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:26:22.0749 2900 nvstor - ok
11:26:22.0781 2900 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
11:26:22.0781 2900 nvsvc - ok
11:26:22.0827 2900 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:26:22.0827 2900 nvUpdatusService - ok
11:26:22.0859 2900 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:26:22.0859 2900 nv_agp - ok
11:26:22.0859 2900 NwlnkFlt - ok
11:26:22.0874 2900 NwlnkFwd - ok
11:26:22.0890 2900 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:26:22.0890 2900 ohci1394 - ok
11:26:22.0937 2900 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll
11:26:22.0937 2900 p2pimsvc - ok
11:26:22.0952 2900 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll
11:26:22.0968 2900 p2psvc - ok
11:26:22.0999 2900 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:26:22.0999 2900 Parport - ok
11:26:22.0999 2900 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:26:22.0999 2900 partmgr - ok
11:26:23.0015 2900 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
11:26:23.0015 2900 PcaSvc - ok
11:26:23.0015 2900 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys
11:26:23.0015 2900 pci - ok
11:26:23.0030 2900 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
11:26:23.0030 2900 pciide - ok
11:26:23.0030 2900 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:26:23.0046 2900 pcmcia - ok
11:26:23.0061 2900 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:26:23.0061 2900 PEAUTH - ok
11:26:23.0233 2900 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:26:23.0233 2900 PerfHost - ok
11:26:23.0295 2900 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
11:26:23.0311 2900 pla - ok
11:26:23.0327 2900 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:26:23.0342 2900 PlugPlay - ok
11:26:23.0358 2900 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
11:26:23.0358 2900 PNRPAutoReg - ok
11:26:23.0389 2900 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll
11:26:23.0389 2900 PNRPsvc - ok
11:26:23.0420 2900 [ 93EDFB7BE39DC47645069B4890B2CE7E ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:26:23.0420 2900 PolicyAgent - ok
11:26:23.0436 2900 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:26:23.0436 2900 PptpMiniport - ok
11:26:23.0451 2900 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
11:26:23.0451 2900 Processor - ok
11:26:23.0467 2900 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll
11:26:23.0467 2900 ProfSvc - ok
11:26:23.0483 2900 [ 1B461E9F6DB0EF829B4369F47A24BBEC ] ProtectedStorage C:\Windows\system32\lsass.exe
11:26:23.0483 2900 ProtectedStorage - ok
11:26:23.0483 2900 [ CE3AECB2BF2C377380EE028864841F4E ] PSched C:\Windows\system32\DRIVERS\pacer.sys
11:26:23.0483 2900 PSched - ok
11:26:23.0529 2900 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:26:23.0529 2900 ql2300 - ok
11:26:23.0545 2900 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:26:23.0545 2900 ql40xx - ok
11:26:23.0576 2900 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
11:26:23.0576 2900 QWAVE - ok
11:26:23.0592 2900 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:26:23.0592 2900 QWAVEdrv - ok
11:26:23.0592 2900 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:26:23.0592 2900 RasAcd - ok
11:26:23.0607 2900 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
11:26:23.0607 2900 RasAuto - ok
11:26:23.0623 2900 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:26:23.0623 2900 Rasl2tp - ok
11:26:23.0639 2900 [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan C:\Windows\System32\rasmans.dll
11:26:23.0639 2900 RasMan - ok
11:26:23.0639 2900 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:26:23.0639 2900 RasPppoe - ok
11:26:23.0654 2900 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:26:23.0654 2900 RasSstp - ok
11:26:23.0670 2900 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:26:23.0670 2900 rdbss - ok
11:26:23.0670 2900 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:26:23.0670 2900 RDPCDD - ok
11:26:23.0685 2900 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
11:26:23.0701 2900 rdpdr - ok
11:26:23.0701 2900 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:26:23.0701 2900 RDPENCDD - ok
11:26:23.0701 2900 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:26:23.0717 2900 RDPWD - ok
11:26:23.0732 2900 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:26:23.0732 2900 RemoteAccess - ok
11:26:23.0748 2900 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:26:23.0748 2900 RemoteRegistry - ok
11:26:23.0763 2900 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
11:26:23.0763 2900 RpcLocator - ok
11:26:23.0779 2900 [ FF27BE0BA7B3C48D5C99AFCB56D436C2 ] RpcSs C:\Windows\system32\rpcss.dll
11:26:23.0779 2900 RpcSs - ok
11:26:23.0779 2900 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:26:23.0795 2900 rspndr - ok
11:26:23.0795 2900 [ 1B461E9F6DB0EF829B4369F47A24BBEC ] SamSs C:\Windows\system32\lsass.exe
11:26:23.0795 2900 SamSs - ok
11:26:23.0795 2900 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:26:23.0795 2900 sbp2port - ok
11:26:23.0810 2900 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:26:23.0810 2900 SCardSvr - ok
11:26:23.0826 2900 [ C74C6C01353D87AAFE1193B426D667B0 ] Schedule C:\Windows\system32\schedsvc.dll
11:26:23.0841 2900 Schedule - ok
11:26:23.0857 2900 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:26:23.0857 2900 SCPolicySvc - ok
11:26:23.0873 2900 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:26:23.0873 2900 SDRSVC - ok
11:26:23.0873 2900 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:26:23.0873 2900 secdrv - ok
11:26:23.0873 2900 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
11:26:23.0873 2900 seclogon - ok
11:26:23.0888 2900 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
11:26:23.0888 2900 SENS - ok
11:26:23.0904 2900 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:26:23.0904 2900 Serenum - ok
11:26:23.0935 2900 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:26:23.0935 2900 Serial - ok
11:26:23.0935 2900 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:26:23.0935 2900 sermouse - ok
11:26:23.0951 2900 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
11:26:23.0951 2900 SessionEnv - ok
11:26:23.0966 2900 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:26:23.0966 2900 sffdisk - ok
11:26:23.0966 2900 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:26:23.0966 2900 sffp_mmc - ok
11:26:23.0966 2900 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:26:23.0966 2900 sffp_sd - ok
11:26:23.0982 2900 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:26:23.0982 2900 sfloppy - ok
11:26:23.0997 2900 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:26:23.0997 2900 SharedAccess - ok
11:26:24.0013 2900 [ EB3114330236CF030E8EDF62881BAF67 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:26:24.0029 2900 ShellHWDetection - ok
11:26:24.0029 2900 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
11:26:24.0029 2900 SiSRaid2 - ok
11:26:24.0029 2900 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:26:24.0029 2900 SiSRaid4 - ok
11:26:24.0075 2900 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe
11:26:24.0107 2900 slsvc - ok
11:26:24.0107 2900 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
11:26:24.0122 2900 SLUINotify - ok
11:26:24.0122 2900 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:26:24.0122 2900 Smb - ok
11:26:24.0138 2900 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:26:24.0138 2900 SNMPTRAP - ok
11:26:24.0138 2900 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys
11:26:24.0138 2900 spldr - ok
11:26:24.0138 2900 [ E6519A9E756D74DC51C697BA62162F51 ] Spooler C:\Windows\System32\spoolsv.exe
11:26:24.0153 2900 Spooler - ok
11:26:24.0169 2900 [ B02F20D0D581496B826E21F8572C62B0 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:26:24.0169 2900 srv - ok
11:26:24.0169 2900 [ 68DCD148225F40EF1CDF6CFC115CB6FE ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:26:24.0169 2900 srv2 - ok
11:26:24.0185 2900 [ 4D0858B640CDBCBA671C5439A8EF45CB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:26:24.0185 2900 srvnet - ok
11:26:24.0200 2900 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:26:24.0200 2900 SSDPSRV - ok
11:26:24.0216 2900 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:26:24.0216 2900 SstpSvc - ok
11:26:24.0294 2900 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:26:24.0294 2900 Stereo Service - ok
11:26:24.0325 2900 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll
11:26:24.0325 2900 stisvc - ok
11:26:24.0325 2900 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:26:24.0341 2900 swenum - ok
11:26:24.0356 2900 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll
11:26:24.0356 2900 swprv - ok
11:26:24.0356 2900 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
11:26:24.0356 2900 Symc8xx - ok
11:26:24.0372 2900 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
11:26:24.0372 2900 Sym_hi - ok
11:26:24.0372 2900 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
11:26:24.0372 2900 Sym_u3 - ok
11:26:24.0387 2900 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll
11:26:24.0403 2900 SysMain - ok
11:26:24.0403 2900 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:26:24.0403 2900 TabletInputService - ok
11:26:24.0419 2900 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll
11:26:24.0419 2900 TapiSrv - ok
11:26:24.0450 2900 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
11:26:24.0450 2900 TBS - ok
11:26:24.0481 2900 [ 7A1183FBB802F5ABAD7FA18BC67E0858 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:26:24.0481 2900 Tcpip - ok
11:26:24.0512 2900 [ 7A1183FBB802F5ABAD7FA18BC67E0858 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
11:26:24.0512 2900 Tcpip6 - ok
11:26:24.0528 2900 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:26:24.0528 2900 tcpipreg - ok
11:26:24.0559 2900 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:26:24.0559 2900 TDPIPE - ok
11:26:24.0575 2900 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:26:24.0575 2900 TDTCP - ok
11:26:24.0575 2900 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:26:24.0575 2900 tdx - ok
11:26:24.0575 2900 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:26:24.0575 2900 TermDD - ok
11:26:24.0590 2900 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll
11:26:24.0606 2900 TermService - ok
11:26:24.0621 2900 [ EB3114330236CF030E8EDF62881BAF67 ] Themes C:\Windows\system32\shsvcs.dll
11:26:24.0621 2900 Themes - ok
11:26:24.0637 2900 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
11:26:24.0637 2900 THREADORDER - ok
11:26:24.0653 2900 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
11:26:24.0653 2900 TrkWks - ok
11:26:24.0684 2900 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:26:24.0684 2900 TrustedInstaller - ok
11:26:24.0699 2900 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:26:24.0699 2900 tssecsrv - ok
11:26:24.0715 2900 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
11:26:24.0715 2900 tunmp - ok
11:26:24.0715 2900 [ F6A4FBA7C03AC2EFD00F3301C0C1E067 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:26:24.0715 2900 tunnel - ok
11:26:24.0731 2900 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:26:24.0731 2900 uagp35 - ok
11:26:24.0731 2900 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:26:24.0746 2900 udfs - ok
11:26:24.0746 2900 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:26:24.0746 2900 UI0Detect - ok
11:26:24.0746 2900 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:26:24.0762 2900 uliagpkx - ok
11:26:24.0777 2900 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
11:26:24.0777 2900 uliahci - ok
11:26:24.0777 2900 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
11:26:24.0777 2900 UlSata - ok
11:26:24.0793 2900 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
11:26:24.0793 2900 ulsata2 - ok
11:26:24.0793 2900 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:26:24.0793 2900 umbus - ok
11:26:24.0809 2900 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
11:26:24.0809 2900 upnphost - ok
11:26:24.0824 2900 [ 66627C6008319DEF7909F21FB75A8991 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:26:24.0824 2900 usbccgp - ok
11:26:24.0824 2900 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:26:24.0824 2900 usbcir - ok
11:26:24.0840 2900 [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:26:24.0840 2900 usbehci - ok
11:26:24.0840 2900 [ 99045369AE3216216573D0775FD7ED56 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:26:24.0855 2900 usbhub - ok
11:26:24.0871 2900 [ 540B622DA0949695C40CDC9D5D497A8B ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:26:24.0871 2900 usbohci - ok
11:26:24.0887 2900 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:26:24.0887 2900 usbprint - ok
11:26:24.0887 2900 USBSTOR - ok
11:26:24.0887 2900 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:26:24.0887 2900 usbuhci - ok
11:26:24.0902 2900 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll
11:26:24.0902 2900 UxSms - ok
11:26:24.0918 2900 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe
11:26:24.0918 2900 vds - ok
11:26:24.0918 2900 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:26:24.0918 2900 vga - ok
11:26:24.0933 2900 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:26:24.0933 2900 VgaSave - ok
11:26:24.0933 2900 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
11:26:24.0933 2900 viaide - ok
11:26:24.0949 2900 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:26:24.0949 2900 volmgr - ok
11:26:24.0965 2900 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:26:24.0965 2900 volmgrx - ok
11:26:24.0980 2900 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:26:24.0980 2900 volsnap - ok
11:26:24.0980 2900 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:26:24.0980 2900 vsmraid - ok
11:26:25.0027 2900 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe
11:26:25.0043 2900 VSS - ok
11:26:25.0043 2900 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll
11:26:25.0043 2900 W32Time - ok
11:26:25.0058 2900 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:26:25.0058 2900 WacomPen - ok
11:26:25.0074 2900 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
11:26:25.0074 2900 Wanarp - ok
11:26:25.0074 2900 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:26:25.0074 2900 Wanarpv6 - ok
11:26:25.0089 2900 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:26:25.0105 2900 wcncsvc - ok
11:26:25.0105 2900 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:26:25.0105 2900 WcsPlugInService - ok
11:26:25.0105 2900 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
11:26:25.0105 2900 Wd - ok
11:26:25.0121 2900 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:26:25.0136 2900 Wdf01000 - ok
11:26:25.0136 2900 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:26:25.0136 2900 WdiServiceHost - ok
11:26:25.0152 2900 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:26:25.0152 2900 WdiSystemHost - ok
11:26:25.0152 2900 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll
11:26:25.0152 2900 WebClient - ok
11:26:25.0167 2900 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:26:25.0167 2900 Wecsvc - ok
11:26:25.0183 2900 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:26:25.0183 2900 wercplsupport - ok
11:26:25.0199 2900 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
11:26:25.0199 2900 WerSvc - ok
11:26:25.0199 2900 WinDefend - ok
11:26:25.0199 2900 WinHttpAutoProxySvc - ok
11:26:25.0292 2900 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:26:25.0292 2900 Winmgmt - ok
11:26:25.0339 2900 [ AEB6C5200FD5517F06076AF0EE4538E1 ] WinRM C:\Windows\system32\WsmSvc.dll
11:26:25.0355 2900 WinRM - ok
11:26:25.0386 2900 [ 05477E53B7B529435026F705B4235324 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:26:25.0386 2900 Wlansvc - ok
11:26:25.0401 2900 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:26:25.0401 2900 WmiAcpi - ok
11:26:25.0433 2900 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:26:25.0433 2900 wmiApSrv - ok
11:26:25.0433 2900 WMPNetworkSvc - ok
11:26:25.0448 2900 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:26:25.0464 2900 WPCSvc - ok
11:26:25.0479 2900 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:26:25.0479 2900 WPDBusEnum - ok
11:26:25.0495 2900 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:26:25.0495 2900 ws2ifsl - ok
11:26:25.0495 2900 [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc C:\Windows\System32\wscsvc.dll
11:26:25.0495 2900 wscsvc - ok
11:26:25.0511 2900 WSearch - ok
11:26:25.0542 2900 [ 69F2BC7B46E3E15C8EC688F42A65B57F ] wuauserv C:\Windows\system32\wuaueng.dll
11:26:25.0573 2900 wuauserv - ok
11:26:25.0620 2900 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:26:25.0620 2900 wudfsvc - ok
11:26:25.0635 2900 ================ Scan global ===============================
11:26:25.0667 2900 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
11:26:25.0682 2900 [ A9C654098A5CA39618DA9D022A6691B8 ] C:\Windows\system32\winsrv.dll
11:26:25.0682 2900 [ A9C654098A5CA39618DA9D022A6691B8 ] C:\Windows\system32\winsrv.dll
11:26:25.0713 2900 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
11:26:25.0713 2900 [Global] - ok
11:26:25.0713 2900 ================ Scan MBR ==================================
11:26:25.0729 2900 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:26:26.0213 2900 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:26:26.0213 2900 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:26:26.0213 2900 ================ Scan VBR ==================================
11:26:26.0213 2900 [ 726FA726F230D0F94DA87C62D0A52106 ] \Device\Harddisk0\DR0\Partition1
11:26:26.0213 2900 \Device\Harddisk0\DR0\Partition1 - ok
11:26:26.0213 2900 ============================================================
11:26:26.0213 2900 Scan finished
11:26:26.0213 2900 ============================================================
11:26:26.0291 3416 Detected object count: 1
11:26:26.0291 3416 Actual detected object count: 1
11:26:55.0306 3416 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:26:55.0368 3416 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:26:55.0462 3416 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:26:55.0462 3416 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:26:55.0477 3416 \Device\Harddisk0\DR0\TDLFS - deleted
11:26:55.0477 3416 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.03

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Administrator :: SKIPPY [administrator]

Protection: Enabled

10/7/2012 11:29:15 AM
mbam-log-2012-10-07 (11-29-15).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296680
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


minitoolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 07-10-2012 at 11:44:02
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Skippy
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-24-8C-9E-5B-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::61c3:6d9c:3264:14cb%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, October 07, 2012 11:41:43 AM
Lease Expires . . . . . . . . . . : Monday, October 08, 2012 11:41:43 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.pa.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:20c8:3e73:3f57:fe99(Preferred)
Link-local IPv6 Address . . . . . : fe80::20c8:3e73:3f57:fe99%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 2607:f8b0:4006:801::1002
173.194.43.38
173.194.43.46
173.194.43.35
173.194.43.40
173.194.43.39
173.194.43.33
173.194.43.37
173.194.43.41
173.194.43.32
173.194.43.36
173.194.43.34



Pinging google.com [74.125.226.226] with 32 bytes of data:

Reply from 74.125.226.226: bytes=32 time=30ms TTL=53

Reply from 74.125.226.226: bytes=32 time=31ms TTL=53



Ping statistics for 74.125.226.226:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 31ms, Average = 30ms

Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=67ms TTL=48

Reply from 98.138.253.109: bytes=32 time=86ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 67ms, Maximum = 86ms, Average = 76ms

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 3ms, Average = 2ms

===========================================================================
Interface List
10 ...00 24 8c 9e 5b e7 ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.hsd1.pa.comcast.net.
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 276
192.168.1.102 255.255.255.255 On-link 192.168.1.102 276
192.168.1.255 255.255.255.255 On-link 192.168.1.102 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 18 ::/0 On-link
1 306 ::1/128 On-link
12 18 2001::/32 On-link
12 266 2001:0:4137:9e76:20c8:3e73:3f57:fe99/128
On-link
10 276 fe80::/64 On-link
12 266 fe80::/64 On-link
12 266 fe80::20c8:3e73:3f57:fe99/128
On-link
10 276 fe80::61c3:6d9c:3264:14cb/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/07/2012 11:43:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2012 11:26:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error: (10/07/2012 10:47:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error: (10/07/2012 10:41:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2012 10:36:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2012 10:33:26 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918d1f, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x000214af,
process id 0xbf0, application start time 0xsvchost.exe0.

Error: (10/07/2012 10:33:12 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918d1f, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x000214af,
process id 0x73c, application start time 0xsvchost.exe0.

Error: (10/07/2012 10:32:59 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918d1f, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x000214af,
process id 0x7a8, application start time 0xsvchost.exe0.

Error: (10/07/2012 10:32:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/07/2012 10:32:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (10/07/2012 11:41:44 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/07/2012 10:41:54 AM) (Source: Service Control Manager) (User: )
Description: AFD

Error: (10/07/2012 10:40:16 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/07/2012 10:35:13 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/07/2012 11:45:55 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/07/2012 11:42:19 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================
Error: (10/07/2012 11:43:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2012 11:26:08 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifestC:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe

Error: (10/07/2012 10:47:42 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifestC:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe

Error: (10/07/2012 10:41:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2012 10:36:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2012 10:33:26 AM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918d1fmsvcrt.dll7.0.6001.180004791a727c0000005000214afbf001cda498b607ec8f

Error: (10/07/2012 10:33:12 AM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918d1fmsvcrt.dll7.0.6001.180004791a727c0000005000214af73c01cda498adfc23df

Error: (10/07/2012 10:32:59 AM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918d1fmsvcrt.dll7.0.6001.180004791a727c0000005000214af7a801cda498a427d02f

Error: (10/07/2012 10:32:40 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

Error: (10/07/2012 10:32:40 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreamingIePlugin.dll


=========================== Installed Programs ============================

NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA 3D Vision Driver 306.23 (Version: 306.23)
NVIDIA Control Panel 306.23 (Version: 306.23)
NVIDIA Graphics Driver 306.23 (Version: 306.23)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)

========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 8189.63 MB
Available physical RAM: 6818.88 MB
Total Pagefile: 16430.33 MB
Available Pagefile: 15087.57 MB
Total Virtual: 4095.88 MB
Available Virtual: 3994.94 MB

========================= Partitions: =====================================

2 Drive c: (Main Drive) (Fixed) (Total:465.76 GB) (Free:436.88 GB) NTFS

========================= Users: ========================================

User accounts for \\SKIPPY

Administrator Guest UpdatusUser

========================= Restore Points ==================================

07-10-2012 13:01:15 Windows Update

**** End of log ****


Farbar service scanner:

Farbar Service Scanner Version: 19-09-2012
Ran by Administrator (administrator) on 07-10-2012 at 11:45:49
Running from "C:\Users\Administrator\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2008-01-20 22:48] - [2008-01-20 22:48] - 0408064 ____A (Microsoft Corporation) DB37041AB857ABC7E179E856D8E1582C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2008-01-20 22:51] - [2008-01-20 22:51] - 1421368 ____A (Microsoft Corporation) 7A1183FBB802F5ABAD7FA18BC67E0858

C:\Windows\System32\dnsrslvr.dll
[2008-01-20 22:48] - [2008-01-20 22:48] - 0117760 ____A (Microsoft Corporation) 93CE26DBED3182634F18DD2FE10E41BE

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll
[2008-01-20 22:48] - [2008-01-20 22:48] - 0354304 ____A (Microsoft Corporation) D8338E6B3C23AD36096A6FDABD039283

C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2008-01-20 22:51] - [2008-01-20 22:51] - 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2



**** End of log ****

adware cleaner:

# AdwCleaner v2.004 - Logfile created 10/07/2012 at 11:46:51
# Updated 06/10/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
# User : Administrator - SKIPPY
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\le7lnuoq.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1070 octets] - [07/10/2012 11:46:51]

########## EOF - C:\AdwCleaner[S1].txt - [1130 octets] ##########


Junkware removal tool:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.0 (10.07.2012)
OS: Windows ™ Vista Home Premium x64
Ran by Administrator on Sun 10/07/2012 at 11:59:52.41
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sun 10/07/2012 at 12:00:07.13
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 07 October 2012 - 11:06 AM

Run malwarebytes scan again and post the clean log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 AlmightyFork

AlmightyFork
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 07 October 2012 - 11:32 AM

malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.03

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Administrator :: SKIPPY [administrator]

Protection: Enabled

10/7/2012 12:18:54 PM
mbam-log-2012-10-07 (12-18-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296135
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RKILL:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/07/2012 12:29:09 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Administrator\Desktop\rkill\rkill-10-07-2012-12-29-10.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/07/2012 12:29:14 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)


autoruns:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
"Task Scheduler" "" "" ""
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g6032e.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NVENETFD" "NVIDIA MCP Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvm60x64.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 306.23 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 07 October 2012 - 11:33 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 AlmightyFork

AlmightyFork
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 07 October 2012 - 11:41 AM

Thank you. Much appreciated.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 07 October 2012 - 11:43 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users