Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected or paranoid?


  • Please log in to reply
20 replies to this topic

#1 John Knee

John Knee

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 16 November 2012 - 03:35 PM

System: Windows XP
Anti-Virus and Firewall: Bullguard.

In order to work out what has been happening, I've been hitting CTRL+ALT+DEL in order to open up the Task Manager...

Basically I have recently noticed that one of the file that my system has been opening up is called Updater.Exe`as per:

http://img.photobucket.com/albums/v239/John_Knee/BleepingComputer/Updater.png

The actual file size seems to vary between about 3030kb and 3090kb in size. I did a search on my PC for all files called Updater.exe and got the following:

http://img.photobucket.com/albums/v239/John_Knee/BleepingComputer/Updater2.jpg

Looking in the Internet/ICC folder that one of the files is in, it appears to relate to Tascali which is one of the local telephone companies which offer dial up internet services. I'm sure that it was installed on the computer as default.

Left to its own devices, it disappears after about 10 seconds or so. If I have double clicked on my firewall/virus program to bring it up, it is only a second after it disappears that Bullguard *confirms* that the firewall etc is fully functioning. If I delete updater.exe off early via the Task Manager, then for about another 20-30 seconds, my firewall program reports that the firewall engine is still booting up (can't recall the correct phrase it uses)... Prior paranoia means that I have the network cable pulled out until the firewall programme says everything is functioning.

- -

A second thing is that periodically when I look at my set up, it says some programmes are given access rights... erm, the screenshot below will probably explain things a little clearer.

http://img.photobucket.com/albums/v239/John_Knee/BleepingComputer/Settings.jpg

From basic googling, I read that Teredo can have some security issues associated with it. I delete all services. Periodically though they re-appear. Not sure why. Originally it was only Skype that appeared and I assumed it was to do with Skype updating itself.

- -

In the past week or so, upon booting up and the wallpaper etc appearing, there can be a lack of activity where the System Idle Process can sit at 99% for up to around 10 seconds before the hard drive kicks in again and Task Manager reports CPU activity in loading other stuff.

- -

It could just be nothing and paranoia, but just because you know you are paranoid doesn't mean something isn't out to get you.

I have updated the signiture files and ran full scans on both Bullguard anti-virus and Malwarebytes and both came up clean... If something is happening though, I suspect the issue to be lurking deeper...

so... help....?

P.S. jusched.exe also seems to crop up in my Task Manager list.

Edited by John Knee, 16 November 2012 - 08:33 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:05 AM

Posted 16 November 2012 - 09:17 PM

Hello, there are many Updaterexe files around and about half are infections. It depends on the files path..eg ...If Updater.exe is located in a subfolder of "C:\Program Files", the security rating is 40% dangerous.

We should get some info and scan logs.

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download

TDSSkiller

Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



ADW Cleaner
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



ESET ONLINE


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 John Knee

John Knee
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 17 November 2012 - 06:39 AM

Hello, there are many Updaterexe files around and about half are infections. It depends on the files path..eg ...If Updater.exe is located in a subfolder of "C:\Program Files", the security rating is 40% dangerous.

We should get some info and scan logs.

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:


MiniToolBox by Farbar
Ran by Matt (administrator) on 17-11-2012 at 10:23:08
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : Skruttis Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC Physical Address. . . . . . . . . : 00-18-F3-CD-0C-8BServer: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 cd 0c 8b ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 02 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 03 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 04 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 05 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 06 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 07 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 08 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 09 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 10 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 11 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 12 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 13 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 14 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 15 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 16 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\WINDOWS\system32\bglsp.dll [87376] (BullGuard Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2012 06:17:09 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (11/14/2012 07:02:00 AM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (11/10/2012 11:21:02 PM) (Source: Application Error) (User: )
Description: Faulting application fm.exe, version 13.1.2.2395, faulting module fm.exe, version 13.1.2.2395, fault address 0x01494690.
Processing media-specific event for [fm.exe!ws!]

Error: (11/09/2012 05:32:53 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (11/09/2012 06:55:53 AM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (11/08/2012 08:43:26 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (11/08/2012 06:56:07 AM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (11/07/2012 10:15:30 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (11/07/2012 08:16:35 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (11/05/2012 10:40:02 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]


System errors:
=============
Error: (11/17/2012 10:21:10 AM) (Source: DCOM) (User: )
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Error: (11/17/2012 10:20:35 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (11/17/2012 10:20:30 AM) (Source: DCOM) (User: )
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Error: (11/17/2012 10:20:30 AM) (Source: DCOM) (User: )
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Error: (11/17/2012 10:19:50 AM) (Source: DCOM) (User: )
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Error: (11/17/2012 10:19:50 AM) (Source: DCOM) (User: )
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Error: (11/17/2012 10:19:00 AM) (Source: DCOM) (User: )
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Error: (11/17/2012 09:34:25 AM) (Source: DCOM) (User: )
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Error: (11/17/2012 09:34:25 AM) (Source: DCOM) (User: )
Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Error: (11/17/2012 09:33:57 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (11/14/2012 06:17:09 PM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1

Error: (11/14/2012 07:02:00 AM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1

Error: (11/10/2012 11:21:02 PM) (Source: Application Error)(User: )
Description: fm.exe13.1.2.2395fm.exe13.1.2.239501494690

Error: (11/09/2012 05:32:53 PM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1

Error: (11/09/2012 06:55:53 AM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1

Error: (11/08/2012 08:43:26 PM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1

Error: (11/08/2012 06:56:07 AM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1

Error: (11/07/2012 10:15:30 PM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1

Error: (11/07/2012 08:16:35 PM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1

Error: (11/05/2012 10:40:02 PM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1


=========================== Installed Programs ============================

(Version: 6.9.1)
Ad-Aware Email Scanner for Outlook (Version: 1.0.0)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0)
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (Version: 7.1.0)
Adobe AIR (Version: 3.0.0.4080)
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Stock Photos 1.0 (Version: 1.0.8)
Aspell English Dictionary-0.50-2
Audacity 1.2.6
AudibleManager (Version: 2089884432.1000.2089884374.2090320032)
Audio Converter
AutoUpdate (Version: 1.1)
BitTorrent 5.0.7
BullGuard 8.5 (Version: 8.5)
Bully Scholarship Edition (Version: 1.00.0154)
Canon iP4600 series Printer Driver
Canon iP4600 series User Registration
Canon MP Navigator EX 2.0
CanoScan LiDE 100 Scanner Driver
CD-LabelPrint
Civilization III Complete Edition (Version: 1.00.0000)
Command & Conquer Generals (Version: 0.50.0000)
Command & Conquer The First Decade (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertHelper 2.2
Creative Centrale (Version: 1.16.02)
Creative Removable Disk Manager
Creative Software Update (Version: 1.03.01)
Creative System Information
Creative ZEN V Series (R2) (Version: 1.0)
Creative ZEN X-Fi User's Guide
Creative ZEN X-Fi Video Converter
Creative ZEN X-Fi Video Converter (Version: 1.00.03)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 1.0.1.5)
DivX Version Checker (Version: 7.1.0.9)
DivX Web Player (Version: 1.5.0)
ESET Online Scanner v3
Football Manager 2007
Football Manager 2009 (Version: 9.0.0.0)
Football Manager 2013
Football Manager 2013 Editor
GNU Aspell 0.50-3
GTK+ Runtime 2.10.13 rev a (remove only)
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
Horse Racing Manager
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 5 (Version: 1.5.0.50)
Java™ 6 Update 27 (Version: 6.0.270)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
JGoodies JDiskReport 1.3.2 (Version: 1.3.2 (2009-12-18 11:57:44))
LADSPA_plugins-win-0.4.15
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MediaShow 3.0
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox 16.0.2 (x86 en-GB) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
Mozilla Thunderbird (2.0.0.0) (Version: 2.0.0.0 (en-GB))
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network Print Monitor for Windows 2000/XP/2003
Nostradamus (Version: 1.00.000)
NVIDIA Drivers (Version: 1.3)
PhotoNow! 1.0
Pidgin (Version: 2.2.0)
Portal
Portal 2
Power2Go 4.0
PowerBackup 1.0
PowerCinema 4.0
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
PowerStarter
QuickTime
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.5324)
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.10 (Version: 5.10.116)
SmartFTP Client 2.0 (Version: 2.0.1002)
SmartFTP Client 2.0 Setup Files (remove only) (Version: "2.0")
Spiral Knights
Spotify (Version: 0.3.16)
Steam (Version: 1.0.0.0)
Surgery Simulator Version 1.0
Team Fortress 2
Tiscali 10.0
Tiscali Internet Access (Version: 7.0)
UFO Aftermath (Version: 1.4)
UFO Aftershock (Version: 1.0)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WM Capture
ZENcast Organizer

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 2047.17 MB
Available physical RAM: 1456.96 MB
Total Pagefile: 4964.11 MB
Available Pagefile: 4451.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.98 MB

========================= Partitions: =====================================

2 Drive c: (Windows) (Fixed) (Total:228.49 GB) (Free:67.35 GB) NTFS

========================= Users: ========================================

User accounts for \\SKRUTTIS

Administrator ASPNET Guest
HelpAssistant IUSR_YOUR-A97EC67E86 IWAM_YOUR-A97EC67E86
Matt SUPPORT_388945a0


**** End of log ****



Please Download

TDSSkiller

Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.


10:24:36.0875 3396 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:24:36.0906 3396 ============================================================
10:24:36.0906 3396 Current date / time: 2012/11/17 10:24:36.0906
10:24:36.0906 3396 SystemInfo:
10:24:36.0906 3396
10:24:36.0906 3396 OS Version: 5.1.2600 ServicePack: 3.0
10:24:36.0906 3396 Product type: Workstation
10:24:36.0906 3396 ComputerName: SKRUTTIS
10:24:36.0906 3396 UserName: Matt
10:24:36.0906 3396 Windows directory: C:\WINDOWS
10:24:36.0906 3396 System windows directory: C:\WINDOWS
10:24:36.0906 3396 Processor architecture: Intel x86
10:24:36.0906 3396 Number of processors: 2
10:24:36.0906 3396 Page size: 0x1000
10:24:36.0906 3396 Boot type: Normal boot
10:24:36.0906 3396 ============================================================
10:24:37.0718 3396 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:24:37.0718 3396 ============================================================
10:24:37.0718 3396 \Device\Harddisk0\DR0:
10:24:37.0718 3396 MBR partitions:
10:24:37.0718 3396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8CB4BE, BlocksNum 0x1C8F90C3
10:24:37.0718 3396 ============================================================
10:24:37.0781 3396 C: <-> \Device\Harddisk0\DR0\Partition1
10:24:37.0796 3396 ============================================================
10:24:37.0796 3396 Initialize success
10:24:37.0796 3396 ============================================================
10:24:54.0828 3428 ============================================================
10:24:54.0828 3428 Scan started
10:24:54.0828 3428 Mode: Manual; TDLFS;
10:24:54.0828 3428 ============================================================
10:24:54.0921 3428 ================ Scan system memory ========================
10:24:54.0921 3428 System memory - ok
10:24:54.0937 3428 ================ Scan services =============================
10:24:55.0046 3428 Abiosdsk - ok
10:24:55.0062 3428 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:24:55.0062 3428 abp480n5 - ok
10:24:55.0093 3428 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:24:55.0093 3428 ACPI - ok
10:24:55.0109 3428 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:24:55.0109 3428 ACPIEC - ok
10:24:55.0187 3428 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:24:55.0187 3428 Adobe LM Service - ok
10:24:55.0281 3428 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:24:55.0281 3428 AdobeFlashPlayerUpdateSvc - ok
10:24:55.0296 3428 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:24:55.0312 3428 adpu160m - ok
10:24:55.0343 3428 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:24:55.0343 3428 aec - ok
10:24:55.0375 3428 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:24:55.0375 3428 AFD - ok
10:24:55.0421 3428 [ 52B095044E73DF356D814234C3003B74 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
10:24:55.0421 3428 afw - ok
10:24:55.0421 3428 [ 795F71E771ADFF833A8CFAA6537FC7C0 ] AfwCore C:\WINDOWS\system32\Drivers\AfwCore.sys
10:24:55.0421 3428 AfwCore - ok
10:24:55.0437 3428 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
10:24:55.0453 3428 agp440 - ok
10:24:55.0453 3428 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:24:55.0453 3428 agpCPQ - ok
10:24:55.0453 3428 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:24:55.0453 3428 Aha154x - ok
10:24:55.0468 3428 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:24:55.0468 3428 aic78u2 - ok
10:24:55.0468 3428 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:24:55.0468 3428 aic78xx - ok
10:24:55.0500 3428 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:24:55.0500 3428 Alerter - ok
10:24:55.0531 3428 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:24:55.0531 3428 ALG - ok
10:24:55.0546 3428 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
10:24:55.0562 3428 AliIde - ok
10:24:55.0562 3428 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:24:55.0562 3428 alim1541 - ok
10:24:55.0562 3428 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:24:55.0562 3428 amdagp - ok
10:24:55.0593 3428 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
10:24:55.0593 3428 amsint - ok
10:24:55.0625 3428 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:24:55.0640 3428 AppMgmt - ok
10:24:55.0640 3428 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
10:24:55.0640 3428 asc - ok
10:24:55.0640 3428 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:24:55.0640 3428 asc3350p - ok
10:24:55.0656 3428 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:24:55.0656 3428 asc3550 - ok
10:24:55.0750 3428 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:24:55.0828 3428 aspnet_state - ok
10:24:55.0843 3428 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:24:55.0843 3428 AsyncMac - ok
10:24:55.0875 3428 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:24:55.0875 3428 atapi - ok
10:24:55.0875 3428 Atdisk - ok
10:24:55.0890 3428 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:24:55.0906 3428 Atmarpc - ok
10:24:55.0937 3428 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:24:55.0937 3428 AudioSrv - ok
10:24:55.0968 3428 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:24:55.0968 3428 audstub - ok
10:24:56.0000 3428 [ 8C455A0B7BCD2BEC2919A4DA525D53BD ] BdFileSpy C:\WINDOWS\system32\drivers\BdFileSpy.sys
10:24:56.0015 3428 BdFileSpy - ok
10:24:56.0046 3428 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:24:56.0046 3428 Beep - ok
10:24:56.0140 3428 bfastfao - ok
10:24:56.0203 3428 [ 5E0D96F9C50060668DEF60CAC8FC327D ] BgLiveSvc C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
10:24:56.0218 3428 BgLiveSvc - ok
10:24:56.0250 3428 [ AC1E73A6F8ABAB6B4565BCADA72D9A04 ] BgMainSvc C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
10:24:56.0250 3428 BgMainSvc - ok
10:24:56.0296 3428 [ 71F6933BC95B5A154784D549EEB3A6DF ] BGRaSvc C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
10:24:56.0296 3428 BGRaSvc - ok
10:24:56.0343 3428 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:24:56.0421 3428 BITS - ok
10:24:56.0453 3428 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:24:56.0453 3428 Browser - ok
10:24:56.0500 3428 [ 35BBB876111B828D944C0A46C15B6B06 ] BsFileScan C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
10:24:56.0515 3428 BsFileScan - ok
10:24:56.0546 3428 [ 544AF6BE604B22C56E2090B418F63DF1 ] BsFire C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
10:24:56.0562 3428 BsFire - ok
10:24:56.0593 3428 [ A238D8C401B2125C0C834A667677E9BD ] BsMailProxy C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll
10:24:56.0593 3428 BsMailProxy - ok
10:24:56.0625 3428 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
10:24:56.0625 3428 BthEnum - ok
10:24:56.0656 3428 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
10:24:56.0656 3428 BTHMODEM - ok
10:24:56.0687 3428 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
10:24:56.0687 3428 BthPan - ok
10:24:56.0718 3428 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
10:24:56.0718 3428 BTHPORT - ok
10:24:56.0765 3428 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
10:24:56.0765 3428 BthServ - ok
10:24:56.0796 3428 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
10:24:56.0796 3428 BTHUSB - ok
10:24:56.0828 3428 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:24:56.0828 3428 cbidf - ok
10:24:56.0843 3428 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:24:56.0843 3428 cbidf2k - ok
10:24:56.0875 3428 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:24:56.0875 3428 CCDECODE - ok
10:24:56.0890 3428 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:24:56.0890 3428 cd20xrnt - ok
10:24:56.0906 3428 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:24:56.0906 3428 Cdaudio - ok
10:24:56.0921 3428 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:24:56.0921 3428 Cdfs - ok
10:24:56.0937 3428 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:24:56.0937 3428 Cdrom - ok
10:24:56.0937 3428 Changer - ok
10:24:56.0984 3428 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:24:56.0984 3428 CiSvc - ok
10:24:57.0031 3428 [ E706CC0E5E6D500223F0693A8D516AF6 ] CLCapSvc C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
10:24:57.0031 3428 CLCapSvc - ok
10:24:57.0078 3428 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:24:57.0078 3428 ClipSrv - ok
10:24:57.0109 3428 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:24:57.0250 3428 clr_optimization_v2.0.50727_32 - ok
10:24:57.0281 3428 [ B9B56CD51C2B857D76A663F6AE057D5B ] CLSched C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
10:24:57.0296 3428 CLSched - ok
10:24:57.0312 3428 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:24:57.0312 3428 CmdIde - ok
10:24:57.0328 3428 COMSysApp - ok
10:24:57.0343 3428 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:24:57.0343 3428 Cpqarray - ok
10:24:57.0375 3428 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:24:57.0375 3428 CryptSvc - ok
10:24:57.0468 3428 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
10:24:57.0468 3428 CTDevice_Srv - ok
10:24:57.0484 3428 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
10:24:57.0484 3428 CTUPnPSv - ok
10:24:57.0515 3428 [ 2BB11CD367D49098D57A8638ADB5BCF6 ] CyberLink Media Library Service C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
10:24:57.0515 3428 CyberLink Media Library Service - ok
10:24:57.0546 3428 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:24:57.0546 3428 dac2w2k - ok
10:24:57.0578 3428 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:24:57.0578 3428 dac960nt - ok
10:24:57.0625 3428 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:24:57.0625 3428 DcomLaunch - ok
10:24:57.0671 3428 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:24:57.0671 3428 Dhcp - ok
10:24:57.0687 3428 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:24:57.0687 3428 Disk - ok
10:24:57.0687 3428 dmadmin - ok
10:24:57.0750 3428 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:24:57.0781 3428 dmboot - ok
10:24:57.0796 3428 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:24:57.0796 3428 dmio - ok
10:24:57.0812 3428 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:24:57.0828 3428 dmload - ok
10:24:57.0843 3428 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:24:57.0843 3428 dmserver - ok
10:24:57.0859 3428 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:24:57.0859 3428 DMusic - ok
10:24:57.0890 3428 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:24:57.0890 3428 Dnscache - ok
10:24:57.0921 3428 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:24:57.0937 3428 Dot3svc - ok
10:24:57.0937 3428 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:24:57.0953 3428 dpti2o - ok
10:24:57.0968 3428 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:24:57.0968 3428 drmkaud - ok
10:24:58.0000 3428 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:24:58.0015 3428 EapHost - ok
10:24:58.0109 3428 [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
10:24:58.0109 3428 ehRecvr - ok
10:24:58.0140 3428 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
10:24:58.0140 3428 ehSched - ok
10:24:58.0171 3428 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:24:58.0171 3428 ERSvc - ok
10:24:58.0203 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:24:58.0218 3428 Eventlog - ok
10:24:58.0250 3428 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:24:58.0265 3428 EventSystem - ok
10:24:58.0265 3428 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:24:58.0281 3428 Fastfat - ok
10:24:58.0296 3428 [ 3ACBC73531DEDD69837FE73B1623D49C ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
10:24:58.0296 3428 fasttx2k - ok
10:24:58.0328 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:24:58.0328 3428 FastUserSwitchingCompatibility - ok
10:24:58.0375 3428 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
10:24:58.0375 3428 Fax - ok
10:24:58.0406 3428 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:24:58.0406 3428 Fdc - ok
10:24:58.0421 3428 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:24:58.0421 3428 Fips - ok
10:24:58.0437 3428 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:24:58.0437 3428 Flpydisk - ok
10:24:58.0453 3428 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:24:58.0453 3428 FltMgr - ok
10:24:58.0515 3428 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:24:58.0515 3428 FontCache3.0.0.0 - ok
10:24:58.0531 3428 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:24:58.0531 3428 Fs_Rec - ok
10:24:58.0531 3428 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:24:58.0531 3428 Ftdisk - ok
10:24:58.0578 3428 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:24:58.0578 3428 Gpc - ok
10:24:58.0593 3428 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:24:58.0593 3428 HDAudBus - ok
10:24:58.0671 3428 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:24:58.0687 3428 helpsvc - ok
10:24:58.0703 3428 [ 7BD2DE4C85EB4241EED57672B16A7D8D ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
10:24:58.0703 3428 HidBth - ok
10:24:58.0703 3428 HidServ - ok
10:24:58.0718 3428 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:24:58.0718 3428 HidUsb - ok
10:24:58.0750 3428 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:24:58.0750 3428 hkmsvc - ok
10:24:58.0765 3428 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
10:24:58.0765 3428 hpn - ok
10:24:58.0781 3428 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:24:58.0796 3428 HTTP - ok
10:24:58.0828 3428 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:24:58.0843 3428 HTTPFilter - ok
10:24:58.0859 3428 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
10:24:58.0859 3428 i2omgmt - ok
10:24:58.0875 3428 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:24:58.0875 3428 i2omp - ok
10:24:58.0890 3428 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:24:58.0906 3428 i8042prt - ok
10:24:58.0953 3428 [ 85D42B7F0DD406ADF5E3EC7659A279EC ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:24:58.0984 3428 ialm - ok
10:24:59.0015 3428 [ C9F030A5E43AEDFABE0A39DF0A0DCBEB ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:24:59.0015 3428 iaStor - ok
10:24:59.0093 3428 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:24:59.0093 3428 IDriverT - ok
10:24:59.0156 3428 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:24:59.0187 3428 idsvc - ok
10:24:59.0250 3428 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
10:24:59.0250 3428 IISADMIN - ok
10:24:59.0281 3428 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:24:59.0281 3428 Imapi - ok
10:24:59.0296 3428 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:24:59.0312 3428 ImapiService - ok
10:24:59.0343 3428 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:24:59.0343 3428 ini910u - ok
10:24:59.0453 3428 [ 60D7460B07012D364CED11DD9FD83E1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:24:59.0562 3428 IntcAzAudAddService - ok
10:24:59.0609 3428 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:24:59.0609 3428 IntelIde - ok
10:24:59.0640 3428 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:24:59.0640 3428 intelppm - ok
10:24:59.0671 3428 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:24:59.0671 3428 Ip6Fw - ok
10:24:59.0687 3428 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:24:59.0687 3428 IpFilterDriver - ok
10:24:59.0703 3428 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:24:59.0703 3428 IpInIp - ok
10:24:59.0734 3428 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:24:59.0734 3428 IpNat - ok
10:24:59.0734 3428 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:24:59.0734 3428 IPSec - ok
10:24:59.0765 3428 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:24:59.0765 3428 IRENUM - ok
10:24:59.0796 3428 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:24:59.0796 3428 isapnp - ok
10:24:59.0875 3428 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:24:59.0890 3428 JavaQuickStarterService - ok
10:24:59.0890 3428 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:24:59.0906 3428 Kbdclass - ok
10:24:59.0921 3428 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:24:59.0921 3428 kbdhid - ok
10:24:59.0937 3428 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:24:59.0937 3428 kmixer - ok
10:24:59.0953 3428 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:24:59.0968 3428 KSecDD - ok
10:25:00.0000 3428 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:25:00.0000 3428 lanmanserver - ok
10:25:00.0031 3428 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:25:00.0031 3428 lanmanworkstation - ok
10:25:00.0046 3428 Lbd - ok
10:25:00.0046 3428 lbrtfdc - ok
10:25:00.0078 3428 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:25:00.0078 3428 LmHosts - ok
10:25:00.0109 3428 [ FC969E4E53C602884958A5FDFFC53526 ] m5287 C:\WINDOWS\system32\DRIVERS\m5287.sys
10:25:00.0109 3428 m5287 - ok
10:25:00.0140 3428 [ 2424B13987360840B4BF4E5FB5A66D3F ] m5289 C:\WINDOWS\system32\DRIVERS\m5289.sys
10:25:00.0140 3428 m5289 - ok
10:25:00.0156 3428 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
10:25:00.0171 3428 McrdSvc - ok
10:25:00.0187 3428 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:25:00.0187 3428 Messenger - ok
10:25:00.0218 3428 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
10:25:00.0218 3428 MHN - ok
10:25:00.0234 3428 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
10:25:00.0234 3428 MHNDRV - ok
10:25:00.0265 3428 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:25:00.0265 3428 mnmdd - ok
10:25:00.0296 3428 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:25:00.0296 3428 mnmsrvc - ok
10:25:00.0328 3428 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:25:00.0328 3428 Modem - ok
10:25:00.0343 3428 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:25:00.0343 3428 Mouclass - ok
10:25:00.0375 3428 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:25:00.0390 3428 mouhid - ok
10:25:00.0406 3428 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:25:00.0406 3428 MountMgr - ok
10:25:00.0453 3428 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:25:00.0468 3428 MozillaMaintenance - ok
10:25:00.0500 3428 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:25:00.0500 3428 mraid35x - ok
10:25:00.0500 3428 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:25:00.0500 3428 MRxDAV - ok
10:25:00.0546 3428 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:25:00.0562 3428 MRxSmb - ok
10:25:00.0578 3428 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:25:00.0578 3428 MSDTC - ok
10:25:00.0593 3428 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:25:00.0593 3428 Msfs - ok
10:25:00.0609 3428 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
10:25:00.0609 3428 MSFtpsvc - ok
10:25:00.0609 3428 MSIServer - ok
10:25:00.0640 3428 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:25:00.0640 3428 MSKSSRV - ok
10:25:00.0656 3428 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:25:00.0656 3428 MSPCLOCK - ok
10:25:00.0703 3428 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:25:00.0703 3428 MSPQM - ok
10:25:00.0718 3428 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:25:00.0718 3428 mssmbios - ok
10:25:00.0750 3428 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:25:00.0750 3428 MSTEE - ok
10:25:00.0765 3428 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:25:00.0765 3428 MTsensor - ok
10:25:00.0796 3428 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:25:00.0796 3428 Mup - ok
10:25:00.0828 3428 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:25:00.0843 3428 NABTSFEC - ok
10:25:00.0875 3428 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:25:00.0875 3428 napagent - ok
10:25:00.0906 3428 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:25:00.0906 3428 NDIS - ok
10:25:00.0953 3428 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:25:00.0953 3428 NdisIP - ok
10:25:00.0968 3428 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:25:00.0968 3428 NdisTapi - ok
10:25:00.0984 3428 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:25:00.0984 3428 Ndisuio - ok
10:25:01.0000 3428 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:25:01.0000 3428 NdisWan - ok
10:25:01.0031 3428 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:25:01.0031 3428 NDProxy - ok
10:25:01.0062 3428 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:25:01.0062 3428 NetBIOS - ok
10:25:01.0078 3428 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:25:01.0078 3428 NetBT - ok
10:25:01.0109 3428 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:25:01.0109 3428 NetDDE - ok
10:25:01.0109 3428 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:25:01.0109 3428 NetDDEdsdm - ok
10:25:01.0140 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:25:01.0140 3428 Netlogon - ok
10:25:01.0156 3428 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:25:01.0171 3428 Netman - ok
10:25:01.0203 3428 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:25:01.0203 3428 NetTcpPortSharing - ok
10:25:01.0234 3428 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:25:01.0234 3428 Nla - ok
10:25:01.0265 3428 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:25:01.0265 3428 Npfs - ok
10:25:01.0281 3428 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:25:01.0296 3428 Ntfs - ok
10:25:01.0296 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:25:01.0296 3428 NtLmSsp - ok
10:25:01.0343 3428 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:25:01.0343 3428 NtmsSvc - ok
10:25:01.0390 3428 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:25:01.0390 3428 Null - ok
10:25:01.0578 3428 [ BF506D232C5E6F2DAE80F5C11B45C60E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:25:01.0734 3428 nv - ok
10:25:01.0781 3428 [ CE8CCE2B9F96ACA02E5DED4298A7796D ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
10:25:01.0781 3428 nvsvc - ok
10:25:01.0812 3428 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:25:01.0812 3428 NwlnkFlt - ok
10:25:01.0812 3428 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:25:01.0812 3428 NwlnkFwd - ok
10:25:01.0859 3428 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:25:01.0859 3428 ose - ok
10:25:01.0890 3428 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:25:01.0906 3428 Parport - ok
10:25:01.0906 3428 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:25:01.0906 3428 PartMgr - ok
10:25:01.0937 3428 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:25:01.0937 3428 ParVdm - ok
10:25:01.0937 3428 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:25:01.0953 3428 PCI - ok
10:25:01.0953 3428 PCIDump - ok
10:25:01.0968 3428 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:25:01.0968 3428 PCIIde - ok
10:25:02.0000 3428 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:25:02.0000 3428 Pcmcia - ok
10:25:02.0000 3428 PDCOMP - ok
10:25:02.0000 3428 PDFRAME - ok
10:25:02.0000 3428 PDRELI - ok
10:25:02.0015 3428 PDRFRAME - ok
10:25:02.0031 3428 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
10:25:02.0031 3428 perc2 - ok
10:25:02.0031 3428 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:25:02.0031 3428 perc2hib - ok
10:25:02.0062 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:25:02.0062 3428 PlugPlay - ok
10:25:02.0078 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:25:02.0078 3428 PolicyAgent - ok
10:25:02.0109 3428 [ 411923A60E1FC2B136C77E6D50FC69BD ] ppa C:\WINDOWS\system32\DRIVERS\ppa.sys
10:25:02.0109 3428 ppa - ok
10:25:02.0125 3428 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:25:02.0125 3428 PptpMiniport - ok
10:25:02.0125 3428 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:25:02.0140 3428 Processor - ok
10:25:02.0187 3428 [ DE11F5C3E9BDA993B65E1518D46BC438 ] Profos C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys
10:25:02.0187 3428 Profos - ok
10:25:02.0187 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:25:02.0187 3428 ProtectedStorage - ok
10:25:02.0203 3428 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:25:02.0203 3428 PSched - ok
10:25:02.0218 3428 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:25:02.0218 3428 Ptilink - ok
10:25:02.0265 3428 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:25:02.0265 3428 PxHelp20 - ok
10:25:02.0296 3428 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:25:02.0296 3428 ql1080 - ok
10:25:02.0312 3428 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:25:02.0312 3428 Ql10wnt - ok
10:25:02.0328 3428 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:25:02.0328 3428 ql12160 - ok
10:25:02.0343 3428 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:25:02.0343 3428 ql1240 - ok
10:25:02.0359 3428 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:25:02.0359 3428 ql1280 - ok
10:25:02.0390 3428 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:25:02.0390 3428 RasAcd - ok
10:25:02.0421 3428 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:25:02.0421 3428 RasAuto - ok
10:25:02.0453 3428 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:25:02.0453 3428 Rasl2tp - ok
10:25:02.0484 3428 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:25:02.0484 3428 RasMan - ok
10:25:02.0500 3428 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:25:02.0500 3428 RasPppoe - ok
10:25:02.0515 3428 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:25:02.0515 3428 Raspti - ok
10:25:02.0531 3428 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:25:02.0531 3428 Rdbss - ok
10:25:02.0562 3428 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:25:02.0562 3428 RDPCDD - ok
10:25:02.0562 3428 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:25:02.0578 3428 rdpdr - ok
10:25:02.0625 3428 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:25:02.0625 3428 RDPWD - ok
10:25:02.0640 3428 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:25:02.0640 3428 RDSessMgr - ok
10:25:02.0671 3428 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:25:02.0671 3428 redbook - ok
10:25:02.0703 3428 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:25:02.0718 3428 RemoteAccess - ok
10:25:02.0765 3428 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:25:02.0765 3428 RemoteRegistry - ok
10:25:02.0796 3428 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
10:25:02.0796 3428 RFCOMM - ok
10:25:02.0812 3428 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:25:02.0812 3428 RpcLocator - ok
10:25:02.0843 3428 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:25:02.0843 3428 RpcSs - ok
10:25:02.0875 3428 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:25:02.0890 3428 RSVP - ok
10:25:02.0921 3428 [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
10:25:02.0921 3428 RTL8023xp - ok
10:25:02.0937 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:25:02.0937 3428 SamSs - ok
10:25:02.0953 3428 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:25:02.0968 3428 SCardSvr - ok
10:25:03.0000 3428 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:25:03.0000 3428 Schedule - ok
10:25:03.0031 3428 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:25:03.0031 3428 Secdrv - ok
10:25:03.0031 3428 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:25:03.0046 3428 seclogon - ok
10:25:03.0046 3428 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:25:03.0046 3428 SENS - ok
10:25:03.0062 3428 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:25:03.0062 3428 Serenum - ok
10:25:03.0078 3428 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:25:03.0078 3428 Serial - ok
10:25:03.0093 3428 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:25:03.0109 3428 Sfloppy - ok
10:25:03.0156 3428 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:25:03.0156 3428 SharedAccess - ok
10:25:03.0187 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:25:03.0187 3428 ShellHWDetection - ok
10:25:03.0187 3428 Simbad - ok
10:25:03.0203 3428 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:25:03.0218 3428 sisagp - ok
10:25:03.0250 3428 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:25:03.0250 3428 SkypeUpdate - ok
10:25:03.0265 3428 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:25:03.0265 3428 SLIP - ok
10:25:03.0281 3428 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
10:25:03.0281 3428 SMTPSVC - ok
10:25:03.0312 3428 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:25:03.0312 3428 Sparrow - ok
10:25:03.0343 3428 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:25:03.0343 3428 splitter - ok
10:25:03.0375 3428 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:25:03.0375 3428 Spooler - ok
10:25:03.0390 3428 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:25:03.0390 3428 sr - ok
10:25:03.0421 3428 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:25:03.0437 3428 srservice - ok
10:25:03.0468 3428 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:25:03.0468 3428 Srv - ok
10:25:03.0484 3428 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:25:03.0484 3428 SSDPSRV - ok
10:25:03.0500 3428 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:25:03.0515 3428 stisvc - ok
10:25:03.0531 3428 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:25:03.0531 3428 streamip - ok
10:25:03.0546 3428 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:25:03.0562 3428 swenum - ok
10:25:03.0578 3428 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:25:03.0578 3428 swmidi - ok
10:25:03.0593 3428 SwPrv - ok
10:25:03.0625 3428 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
10:25:03.0625 3428 symc810 - ok
10:25:03.0640 3428 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:25:03.0640 3428 symc8xx - ok
10:25:03.0640 3428 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:25:03.0640 3428 sym_hi - ok
10:25:03.0671 3428 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:25:03.0671 3428 sym_u3 - ok
10:25:03.0703 3428 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:25:03.0703 3428 sysaudio - ok
10:25:03.0734 3428 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:25:03.0734 3428 SysmonLog - ok
10:25:03.0765 3428 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:25:03.0781 3428 TapiSrv - ok
10:25:03.0812 3428 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:25:03.0812 3428 Tcpip - ok
10:25:03.0843 3428 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:25:03.0843 3428 TDPIPE - ok
10:25:03.0859 3428 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:25:03.0859 3428 TDTCP - ok
10:25:03.0890 3428 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:25:03.0890 3428 TermDD - ok
10:25:03.0906 3428 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:25:03.0921 3428 TermService - ok
10:25:03.0937 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:25:03.0937 3428 Themes - ok
10:25:03.0968 3428 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:25:03.0968 3428 TlntSvr - ok
10:25:04.0015 3428 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
10:25:04.0015 3428 TosIde - ok
10:25:04.0031 3428 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:25:04.0031 3428 TrkWks - ok
10:25:04.0062 3428 [ B16D66A71DE03285E14E9F165B59EDA4 ] Trufos C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys
10:25:04.0062 3428 Trufos - ok
10:25:04.0078 3428 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:25:04.0093 3428 Udfs - ok
10:25:04.0109 3428 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
10:25:04.0109 3428 ultra - ok
10:25:04.0140 3428 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:25:04.0140 3428 Update - ok
10:25:04.0171 3428 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:25:04.0171 3428 upnphost - ok
10:25:04.0187 3428 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:25:04.0187 3428 UPS - ok
10:25:04.0203 3428 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:25:04.0218 3428 usbaudio - ok
10:25:04.0218 3428 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:25:04.0218 3428 usbccgp - ok
10:25:04.0218 3428 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:25:04.0234 3428 usbehci - ok
10:25:04.0265 3428 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:25:04.0265 3428 usbhub - ok
10:25:04.0281 3428 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:25:04.0281 3428 usbprint - ok
10:25:04.0296 3428 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:25:04.0296 3428 usbscan - ok
10:25:04.0328 3428 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:25:04.0328 3428 USBSTOR - ok
10:25:04.0343 3428 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:25:04.0343 3428 usbuhci - ok
10:25:04.0343 3428 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
10:25:04.0359 3428 usbvideo - ok
10:25:04.0359 3428 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:25:04.0359 3428 VgaSave - ok
10:25:04.0406 3428 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:25:04.0406 3428 viaagp - ok
10:25:04.0421 3428 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
10:25:04.0421 3428 ViaIde - ok
10:25:04.0437 3428 [ 65864ABA65EEE06EA586009301834E43 ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys
10:25:04.0437 3428 viamraid - ok
10:25:04.0453 3428 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:25:04.0468 3428 VolSnap - ok
10:25:04.0500 3428 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:25:04.0500 3428 VSS - ok
10:25:04.0531 3428 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:25:04.0531 3428 W32Time - ok
10:25:04.0546 3428 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
10:25:04.0546 3428 W3SVC - ok
10:25:04.0562 3428 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:25:04.0562 3428 Wanarp - ok
10:25:04.0562 3428 WDICA - ok
10:25:04.0593 3428 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:25:04.0593 3428 wdmaud - ok
10:25:04.0609 3428 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:25:04.0609 3428 WebClient - ok
10:25:04.0671 3428 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:25:04.0671 3428 winmgmt - ok
10:25:04.0750 3428 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
10:25:04.0781 3428 WMConnectCDS - ok
10:25:04.0796 3428 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:25:04.0796 3428 WmdmPmSN - ok
10:25:04.0843 3428 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:25:04.0859 3428 Wmi - ok
10:25:04.0875 3428 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:25:04.0875 3428 WmiApSrv - ok
10:25:04.0921 3428 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
10:25:04.0921 3428 WpdUsb - ok
10:25:04.0953 3428 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:25:04.0953 3428 WS2IFSL - ok
10:25:05.0000 3428 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:25:05.0000 3428 wscsvc - ok
10:25:05.0031 3428 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:25:05.0031 3428 WSTCODEC - ok
10:25:05.0046 3428 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:25:05.0046 3428 wuauserv - ok
10:25:05.0078 3428 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:25:05.0093 3428 WudfPf - ok
10:25:05.0093 3428 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:25:05.0109 3428 WudfRd - ok
10:25:05.0140 3428 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:25:05.0156 3428 WudfSvc - ok
10:25:05.0187 3428 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:25:05.0203 3428 WZCSVC - ok
10:25:05.0234 3428 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:25:05.0250 3428 xmlprov - ok
10:25:05.0265 3428 ================ Scan global ===============================
10:25:05.0281 3428 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:25:05.0328 3428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:25:05.0343 3428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:25:05.0375 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:25:05.0390 3428 [Global] - ok
10:25:05.0390 3428 ================ Scan MBR ==================================
10:25:05.0406 3428 [ 564FD35314278444C09289C7D23E0635 ] \Device\Harddisk0\DR0
10:25:05.0812 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:25:05.0812 3428 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:25:05.0812 3428 ================ Scan VBR ==================================
10:25:05.0812 3428 [ 97484E0FF60B719E0777120DBE9CC6B6 ] \Device\Harddisk0\DR0\Partition1
10:25:05.0828 3428 \Device\Harddisk0\DR0\Partition1 - ok
10:25:05.0828 3428 ============================================================
10:25:05.0828 3428 Scan finished
10:25:05.0828 3428 ============================================================
10:25:05.0828 3416 Detected object count: 1
10:25:05.0828 3416 Actual detected object count: 1
10:25:33.0156 3416 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:25:33.0156 3416 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

I skipped the clean up option with the expectation you'd probably tell me to rerun the programme and delete

#4 John Knee

John Knee
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 17 November 2012 - 06:41 AM

ADW Cleaner
Please download AdwCleaner by Xplode onto your desktop.



# AdwCleaner v2.007 - Logfile created 11/17/2012 at 10:26:57
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Matt - SKRUTTIS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Matt\Desktop\Anti-Viral Download Programmes\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-GB)

Profile name : default
File : C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\elcyxmk5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1290 octets] - [17/11/2012 10:17:18]
AdwCleaner[S2].txt - [815 octets] - [17/11/2012 10:26:57]

########## EOF - C:\AdwCleaner[S2].txt - [874 octets] ##########

I'd like us to scan your machine with ESET OnlineScan


C:\Documents and Settings\Matt\Local Settings\Temp\jar_cache5239810682546900620.tmp a variant of Java/Exploit.Agent.NDH trojan deleted - quarantined

Edited by John Knee, 17 November 2012 - 09:13 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:05 AM

Posted 17 November 2012 - 09:05 PM

OK ..Yes Cure or Delete on TDSS rerun.
10:25:33.0156 3416 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

I skipped the clean up option with the expectation you'd probably tell me to rerun the programme and delete



Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u9-windows-i586.exe (or jre-7u9-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Please, now a different roootkit look.
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 John Knee

John Knee
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 17 November 2012 - 09:19 PM

A second item has now appeared:

Posted Image

Delete both?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:05 AM

Posted 17 November 2012 - 09:25 PM

Can you Quarantine the first and Cure or Delete the second.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 John Knee

John Knee
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 17 November 2012 - 09:33 PM

02:13:33.0116 3208 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:13:35.0116 3208 ============================================================
02:13:35.0116 3208 Current date / time: 2012/11/18 02:13:35.0116
02:13:35.0116 3208 SystemInfo:
02:13:35.0116 3208
02:13:35.0116 3208 OS Version: 5.1.2600 ServicePack: 3.0
02:13:35.0116 3208 Product type: Workstation
02:13:35.0116 3208 ComputerName: SKRUTTIS
02:13:35.0147 3208 UserName: Matt
02:13:35.0147 3208 Windows directory: C:\WINDOWS
02:13:35.0147 3208 System windows directory: C:\WINDOWS
02:13:35.0147 3208 Processor architecture: Intel x86
02:13:35.0147 3208 Number of processors: 2
02:13:35.0147 3208 Page size: 0x1000
02:13:35.0147 3208 Boot type: Normal boot
02:13:35.0147 3208 ============================================================
02:13:39.0835 3208 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:13:39.0850 3208 ============================================================
02:13:39.0850 3208 \Device\Harddisk0\DR0:
02:13:39.0850 3208 MBR partitions:
02:13:39.0850 3208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8CB4BE, BlocksNum 0x1C8F90C3
02:13:39.0850 3208 ============================================================
02:13:39.0913 3208 C: <-> \Device\Harddisk0\DR0\Partition1
02:13:39.0928 3208 ============================================================
02:13:39.0928 3208 Initialize success
02:13:39.0928 3208 ============================================================
02:13:52.0850 0828 ============================================================
02:13:52.0866 0828 Scan started
02:13:52.0866 0828 Mode: Manual; TDLFS;
02:13:52.0866 0828 ============================================================
02:13:54.0069 0828 ================ Scan system memory ========================
02:13:54.0085 0828 System memory - ok
02:13:54.0085 0828 ================ Scan services =============================
02:13:54.0210 0828 Abiosdsk - ok
02:13:54.0257 0828 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
02:13:54.0272 0828 abp480n5 - ok
02:13:54.0303 0828 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:13:54.0366 0828 ACPI - ok
02:13:54.0382 0828 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:13:54.0397 0828 ACPIEC - ok
02:13:54.0475 0828 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
02:13:54.0491 0828 Adobe LM Service - ok
02:13:54.0569 0828 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:13:54.0569 0828 AdobeFlashPlayerUpdateSvc - ok
02:13:54.0600 0828 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
02:13:54.0632 0828 adpu160m - ok
02:13:54.0678 0828 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:13:54.0710 0828 aec - ok
02:13:54.0757 0828 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:13:54.0819 0828 AFD - ok
02:13:54.0850 0828 [ 52B095044E73DF356D814234C3003B74 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
02:13:54.0866 0828 afw - ok
02:13:54.0882 0828 [ 795F71E771ADFF833A8CFAA6537FC7C0 ] AfwCore C:\WINDOWS\system32\Drivers\AfwCore.sys
02:13:54.0913 0828 AfwCore - ok
02:13:54.0944 0828 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
02:13:54.0975 0828 agp440 - ok
02:13:54.0975 0828 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
02:13:54.0991 0828 agpCPQ - ok
02:13:55.0022 0828 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
02:13:55.0038 0828 Aha154x - ok
02:13:55.0038 0828 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
02:13:55.0053 0828 aic78u2 - ok
02:13:55.0053 0828 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
02:13:55.0069 0828 aic78xx - ok
02:13:55.0116 0828 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:13:55.0147 0828 Alerter - ok
02:13:55.0178 0828 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
02:13:55.0225 0828 ALG - ok
02:13:55.0225 0828 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
02:13:55.0241 0828 AliIde - ok
02:13:55.0241 0828 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
02:13:55.0257 0828 alim1541 - ok
02:13:55.0272 0828 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
02:13:55.0288 0828 amdagp - ok
02:13:55.0288 0828 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
02:13:55.0303 0828 amsint - ok
02:13:55.0335 0828 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:13:55.0350 0828 AppMgmt - ok
02:13:55.0350 0828 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
02:13:55.0366 0828 asc - ok
02:13:55.0397 0828 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
02:13:55.0397 0828 asc3350p - ok
02:13:55.0413 0828 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
02:13:55.0428 0828 asc3550 - ok
02:13:55.0538 0828 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:13:55.0600 0828 aspnet_state - ok
02:13:55.0632 0828 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:13:55.0694 0828 AsyncMac - ok
02:13:55.0710 0828 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:13:55.0710 0828 atapi - ok
02:13:55.0725 0828 Atdisk - ok
02:13:55.0741 0828 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:13:55.0788 0828 Atmarpc - ok
02:13:55.0803 0828 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:13:55.0819 0828 AudioSrv - ok
02:13:55.0850 0828 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:13:55.0882 0828 audstub - ok
02:13:55.0913 0828 [ 8C455A0B7BCD2BEC2919A4DA525D53BD ] BdFileSpy C:\WINDOWS\system32\drivers\BdFileSpy.sys
02:13:55.0944 0828 BdFileSpy - ok
02:13:55.0975 0828 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:13:56.0038 0828 Beep - ok
02:13:56.0147 0828 bfastfao - ok
02:13:56.0225 0828 [ 5E0D96F9C50060668DEF60CAC8FC327D ] BgLiveSvc C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
02:13:56.0257 0828 BgLiveSvc - ok
02:13:56.0303 0828 [ AC1E73A6F8ABAB6B4565BCADA72D9A04 ] BgMainSvc C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
02:13:56.0319 0828 BgMainSvc - ok
02:13:56.0350 0828 [ 71F6933BC95B5A154784D549EEB3A6DF ] BGRaSvc C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
02:13:56.0397 0828 BGRaSvc - ok
02:13:56.0428 0828 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
02:13:56.0491 0828 BITS - ok
02:13:56.0538 0828 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
02:13:56.0553 0828 Browser - ok
02:13:56.0600 0828 [ 35BBB876111B828D944C0A46C15B6B06 ] BsFileScan C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
02:13:56.0632 0828 BsFileScan - ok
02:13:56.0678 0828 [ 544AF6BE604B22C56E2090B418F63DF1 ] BsFire C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
02:13:56.0741 0828 BsFire - ok
02:13:56.0772 0828 [ A238D8C401B2125C0C834A667677E9BD ] BsMailProxy C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll
02:13:56.0819 0828 BsMailProxy - ok
02:13:56.0850 0828 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
02:13:56.0866 0828 BthEnum - ok
02:13:56.0866 0828 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
02:13:56.0897 0828 BTHMODEM - ok
02:13:56.0913 0828 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
02:13:56.0944 0828 BthPan - ok
02:13:56.0975 0828 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
02:13:56.0991 0828 BTHPORT - ok
02:13:57.0038 0828 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
02:13:57.0053 0828 BthServ - ok
02:13:57.0085 0828 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
02:13:57.0100 0828 BTHUSB - ok
02:13:57.0132 0828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
02:13:57.0147 0828 cbidf - ok
02:13:57.0147 0828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:13:57.0147 0828 cbidf2k - ok
02:13:57.0194 0828 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:13:57.0210 0828 CCDECODE - ok
02:13:57.0210 0828 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
02:13:57.0225 0828 cd20xrnt - ok
02:13:57.0257 0828 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:13:57.0335 0828 Cdaudio - ok
02:13:57.0350 0828 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:13:57.0366 0828 Cdfs - ok
02:13:57.0397 0828 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:13:57.0428 0828 Cdrom - ok
02:13:57.0428 0828 Changer - ok
02:13:57.0475 0828 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:13:57.0507 0828 CiSvc - ok
02:13:57.0569 0828 [ E706CC0E5E6D500223F0693A8D516AF6 ] CLCapSvc C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
02:13:57.0600 0828 CLCapSvc - ok
02:13:57.0632 0828 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:13:57.0678 0828 ClipSrv - ok
02:13:57.0710 0828 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:13:57.0897 0828 clr_optimization_v2.0.50727_32 - ok
02:13:57.0928 0828 [ B9B56CD51C2B857D76A663F6AE057D5B ] CLSched C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
02:13:57.0960 0828 CLSched - ok
02:13:57.0991 0828 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
02:13:58.0007 0828 CmdIde - ok
02:13:58.0022 0828 COMSysApp - ok
02:13:58.0132 0828 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
02:13:58.0147 0828 Cpqarray - ok
02:13:58.0225 0828 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:13:58.0241 0828 CryptSvc - ok
02:13:58.0350 0828 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
02:13:58.0366 0828 CTDevice_Srv - ok
02:13:58.0397 0828 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
02:13:58.0428 0828 CTUPnPSv - ok
02:13:58.0460 0828 [ 2BB11CD367D49098D57A8638ADB5BCF6 ] CyberLink Media Library Service C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
02:13:58.0475 0828 CyberLink Media Library Service - ok
02:13:58.0507 0828 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
02:13:58.0553 0828 dac2w2k - ok
02:13:58.0585 0828 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
02:13:58.0600 0828 dac960nt - ok
02:13:58.0632 0828 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:13:58.0632 0828 DcomLaunch - ok
02:13:58.0678 0828 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:13:58.0757 0828 Dhcp - ok
02:13:58.0772 0828 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:13:58.0788 0828 Disk - ok
02:13:58.0803 0828 dmadmin - ok
02:13:58.0835 0828 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:13:58.0897 0828 dmboot - ok
02:13:58.0913 0828 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:13:58.0928 0828 dmio - ok
02:13:58.0960 0828 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:13:58.0960 0828 dmload - ok
02:13:58.0991 0828 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:13:59.0069 0828 dmserver - ok
02:13:59.0085 0828 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:13:59.0100 0828 DMusic - ok
02:13:59.0132 0828 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:13:59.0178 0828 Dnscache - ok
02:13:59.0210 0828 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:13:59.0241 0828 Dot3svc - ok
02:13:59.0257 0828 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
02:13:59.0288 0828 dpti2o - ok
02:13:59.0303 0828 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:13:59.0319 0828 drmkaud - ok
02:13:59.0335 0828 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:13:59.0350 0828 EapHost - ok
02:13:59.0413 0828 [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
02:13:59.0428 0828 ehRecvr - ok
02:13:59.0460 0828 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
02:13:59.0491 0828 ehSched - ok
02:13:59.0522 0828 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:13:59.0553 0828 ERSvc - ok
02:13:59.0585 0828 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
02:13:59.0632 0828 Eventlog - ok
02:13:59.0663 0828 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
02:13:59.0710 0828 EventSystem - ok
02:13:59.0741 0828 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:13:59.0741 0828 Fastfat - ok
02:13:59.0772 0828 [ 3ACBC73531DEDD69837FE73B1623D49C ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
02:13:59.0803 0828 fasttx2k - ok
02:13:59.0819 0828 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:13:59.0850 0828 FastUserSwitchingCompatibility - ok
02:13:59.0882 0828 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
02:13:59.0928 0828 Fax - ok
02:13:59.0928 0828 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
02:13:59.0944 0828 Fdc - ok
02:13:59.0960 0828 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:13:59.0975 0828 Fips - ok
02:13:59.0991 0828 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:14:00.0007 0828 Flpydisk - ok
02:14:00.0022 0828 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:14:00.0038 0828 FltMgr - ok
02:14:00.0085 0828 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:14:00.0100 0828 FontCache3.0.0.0 - ok
02:14:00.0116 0828 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:14:00.0147 0828 Fs_Rec - ok
02:14:00.0163 0828 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:14:00.0194 0828 Ftdisk - ok
02:14:00.0241 0828 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:14:00.0257 0828 Gpc - ok
02:14:00.0288 0828 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:14:00.0319 0828 HDAudBus - ok
02:14:00.0397 0828 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:14:00.0413 0828 helpsvc - ok
02:14:00.0428 0828 [ 7BD2DE4C85EB4241EED57672B16A7D8D ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
02:14:00.0444 0828 HidBth - ok
02:14:00.0444 0828 HidServ - ok
02:14:00.0475 0828 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:14:00.0507 0828 HidUsb - ok
02:14:00.0522 0828 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:14:00.0538 0828 hkmsvc - ok
02:14:00.0569 0828 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
02:14:00.0585 0828 hpn - ok
02:14:00.0616 0828 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:14:00.0663 0828 HTTP - ok
02:14:00.0694 0828 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:14:00.0741 0828 HTTPFilter - ok
02:14:00.0741 0828 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
02:14:00.0757 0828 i2omgmt - ok
02:14:00.0788 0828 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
02:14:00.0803 0828 i2omp - ok
02:14:00.0819 0828 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:14:00.0866 0828 i8042prt - ok
02:14:00.0913 0828 [ 85D42B7F0DD406ADF5E3EC7659A279EC ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
02:14:00.0975 0828 ialm - ok
02:14:01.0007 0828 [ C9F030A5E43AEDFABE0A39DF0A0DCBEB ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
02:14:01.0053 0828 iaStor - ok
02:14:01.0147 0828 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:14:01.0210 0828 IDriverT - ok
02:14:01.0288 0828 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:14:01.0444 0828 idsvc - ok
02:14:01.0507 0828 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:14:01.0507 0828 IISADMIN - ok
02:14:01.0538 0828 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:14:01.0553 0828 Imapi - ok
02:14:01.0585 0828 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
02:14:01.0647 0828 ImapiService - ok
02:14:01.0678 0828 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
02:14:01.0694 0828 ini910u - ok
02:14:01.0850 0828 [ 60D7460B07012D364CED11DD9FD83E1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:14:01.0928 0828 IntcAzAudAddService - ok
02:14:01.0960 0828 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
02:14:01.0975 0828 IntelIde - ok
02:14:02.0007 0828 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:14:02.0022 0828 intelppm - ok
02:14:02.0038 0828 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:14:02.0053 0828 Ip6Fw - ok
02:14:02.0085 0828 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:14:02.0116 0828 IpFilterDriver - ok
02:14:02.0132 0828 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:14:02.0147 0828 IpInIp - ok
02:14:02.0178 0828 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:14:02.0225 0828 IpNat - ok
02:14:02.0257 0828 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:14:02.0319 0828 IPSec - ok
02:14:02.0350 0828 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:14:02.0366 0828 IRENUM - ok
02:14:02.0382 0828 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:14:02.0397 0828 isapnp - ok
02:14:02.0507 0828 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
02:14:02.0553 0828 JavaQuickStarterService - ok
02:14:02.0553 0828 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:14:02.0569 0828 Kbdclass - ok
02:14:02.0600 0828 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:14:02.0616 0828 kbdhid - ok
02:14:02.0632 0828 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:14:02.0632 0828 kmixer - ok
02:14:02.0678 0828 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:14:02.0725 0828 KSecDD - ok
02:14:02.0772 0828 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:14:02.0803 0828 lanmanserver - ok
02:14:02.0835 0828 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:14:02.0866 0828 lanmanworkstation - ok
02:14:02.0866 0828 Lbd - ok
02:14:02.0882 0828 lbrtfdc - ok
02:14:02.0913 0828 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:14:02.0913 0828 LmHosts - ok
02:14:02.0944 0828 [ FC969E4E53C602884958A5FDFFC53526 ] m5287 C:\WINDOWS\system32\DRIVERS\m5287.sys
02:14:02.0960 0828 m5287 - ok
02:14:02.0991 0828 [ 2424B13987360840B4BF4E5FB5A66D3F ] m5289 C:\WINDOWS\system32\DRIVERS\m5289.sys
02:14:03.0007 0828 m5289 - ok
02:14:03.0038 0828 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
02:14:03.0069 0828 McrdSvc - ok
02:14:03.0085 0828 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:14:03.0100 0828 Messenger - ok
02:14:03.0116 0828 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
02:14:03.0147 0828 MHN - ok
02:14:03.0147 0828 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
02:14:03.0163 0828 MHNDRV - ok
02:14:03.0194 0828 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:14:03.0210 0828 mnmdd - ok
02:14:03.0241 0828 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:14:03.0319 0828 mnmsrvc - ok
02:14:03.0350 0828 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:14:03.0366 0828 Modem - ok
02:14:03.0382 0828 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:14:03.0382 0828 Mouclass - ok
02:14:03.0428 0828 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:14:03.0444 0828 mouhid - ok
02:14:03.0475 0828 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:14:03.0491 0828 MountMgr - ok
02:14:03.0569 0828 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:14:03.0616 0828 MozillaMaintenance - ok
02:14:03.0647 0828 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
02:14:03.0663 0828 mraid35x - ok
02:14:03.0694 0828 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:14:03.0741 0828 MRxDAV - ok
02:14:03.0772 0828 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:14:03.0913 0828 MRxSmb - ok
02:14:03.0928 0828 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:14:03.0975 0828 MSDTC - ok
02:14:03.0975 0828 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:14:03.0991 0828 Msfs - ok
02:14:04.0007 0828 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:14:04.0007 0828 MSFtpsvc - ok
02:14:04.0007 0828 MSIServer - ok
02:14:04.0053 0828 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:14:04.0053 0828 MSKSSRV - ok
02:14:04.0085 0828 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:14:04.0085 0828 MSPCLOCK - ok
02:14:04.0116 0828 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:14:04.0116 0828 MSPQM - ok
02:14:04.0163 0828 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:14:04.0163 0828 mssmbios - ok
02:14:04.0210 0828 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:14:04.0225 0828 MSTEE - ok
02:14:04.0257 0828 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
02:14:04.0272 0828 MTsensor - ok
02:14:04.0303 0828 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:14:04.0335 0828 Mup - ok
02:14:04.0350 0828 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:14:04.0366 0828 NABTSFEC - ok
02:14:04.0413 0828 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:14:04.0428 0828 napagent - ok
02:14:04.0460 0828 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:14:04.0507 0828 NDIS - ok
02:14:04.0538 0828 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:14:04.0553 0828 NdisIP - ok
02:14:04.0569 0828 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:14:04.0600 0828 NdisTapi - ok
02:14:04.0600 0828 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:14:04.0632 0828 Ndisuio - ok
02:14:04.0632 0828 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:14:04.0663 0828 NdisWan - ok
02:14:04.0678 0828 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:14:04.0710 0828 NDProxy - ok
02:14:04.0741 0828 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:14:04.0757 0828 NetBIOS - ok
02:14:04.0772 0828 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:14:04.0835 0828 NetBT - ok
02:14:04.0866 0828 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
02:14:04.0991 0828 NetDDE - ok
02:14:04.0991 0828 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:14:04.0991 0828 NetDDEdsdm - ok
02:14:05.0022 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:14:05.0038 0828 Netlogon - ok
02:14:05.0069 0828 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
02:14:05.0116 0828 Netman - ok
02:14:05.0163 0828 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:14:05.0210 0828 NetTcpPortSharing - ok
02:14:05.0241 0828 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
02:14:05.0241 0828 Nla - ok
02:14:05.0272 0828 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:14:05.0288 0828 Npfs - ok
02:14:05.0303 0828 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:14:05.0319 0828 Ntfs - ok
02:14:05.0335 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:14:05.0335 0828 NtLmSsp - ok
02:14:05.0413 0828 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:14:05.0428 0828 NtmsSvc - ok
02:14:05.0460 0828 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:14:05.0507 0828 Null - ok
02:14:05.0569 0828 [ C407467C9C43B15E8725978E114C4D65 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:14:06.0319 0828 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: C407467C9C43B15E8725978E114C4D65, Fake md5: BF506D232C5E6F2DAE80F5C11B45C60E
02:14:06.0335 0828 nv ( ForgedFile.Multi.Generic ) - warning
02:14:06.0335 0828 nv - detected ForgedFile.Multi.Generic (1)
02:14:06.0382 0828 [ CE8CCE2B9F96ACA02E5DED4298A7796D ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
02:14:06.0428 0828 nvsvc - ok
02:14:06.0428 0828 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:14:06.0475 0828 NwlnkFlt - ok
02:14:06.0507 0828 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:14:06.0538 0828 NwlnkFwd - ok
02:14:06.0585 0828 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:14:06.0678 0828 ose - ok
02:14:06.0710 0828 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:14:06.0757 0828 Parport - ok
02:14:06.0757 0828 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:14:06.0788 0828 PartMgr - ok
02:14:06.0819 0828 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:14:06.0835 0828 ParVdm - ok
02:14:06.0835 0828 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:14:06.0866 0828 PCI - ok
02:14:06.0866 0828 PCIDump - ok
02:14:06.0882 0828 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:14:06.0882 0828 PCIIde - ok
02:14:06.0928 0828 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:14:06.0960 0828 Pcmcia - ok
02:14:06.0975 0828 PDCOMP - ok
02:14:06.0975 0828 PDFRAME - ok
02:14:06.0975 0828 PDRELI - ok
02:14:06.0991 0828 PDRFRAME - ok
02:14:07.0007 0828 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
02:14:07.0022 0828 perc2 - ok
02:14:07.0038 0828 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
02:14:07.0053 0828 perc2hib - ok
02:14:07.0069 0828 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
02:14:07.0085 0828 PlugPlay - ok
02:14:07.0085 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:14:07.0085 0828 PolicyAgent - ok
02:14:07.0116 0828 [ 411923A60E1FC2B136C77E6D50FC69BD ] ppa C:\WINDOWS\system32\DRIVERS\ppa.sys
02:14:07.0132 0828 ppa - ok
02:14:07.0178 0828 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:14:07.0178 0828 PptpMiniport - ok
02:14:07.0210 0828 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
02:14:07.0225 0828 Processor - ok
02:14:07.0272 0828 [ DE11F5C3E9BDA993B65E1518D46BC438 ] Profos C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys
02:14:07.0288 0828 Profos - ok
02:14:07.0319 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:14:07.0319 0828 ProtectedStorage - ok
02:14:07.0319 0828 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:14:07.0335 0828 PSched - ok
02:14:07.0350 0828 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:14:07.0366 0828 Ptilink - ok
02:14:07.0382 0828 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:14:07.0413 0828 PxHelp20 - ok
02:14:07.0428 0828 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
02:14:07.0444 0828 ql1080 - ok
02:14:07.0475 0828 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
02:14:07.0491 0828 Ql10wnt - ok
02:14:07.0507 0828 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
02:14:07.0522 0828 ql12160 - ok
02:14:07.0522 0828 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
02:14:07.0538 0828 ql1240 - ok
02:14:07.0553 0828 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
02:14:07.0569 0828 ql1280 - ok
02:14:07.0600 0828 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:14:07.0616 0828 RasAcd - ok
02:14:07.0663 0828 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:14:07.0678 0828 RasAuto - ok
02:14:07.0710 0828 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:14:07.0741 0828 Rasl2tp - ok
02:14:07.0788 0828 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:14:07.0819 0828 RasMan - ok
02:14:07.0819 0828 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:14:07.0835 0828 RasPppoe - ok
02:14:07.0850 0828 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:14:07.0882 0828 Raspti - ok
02:14:07.0913 0828 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:14:07.0944 0828 Rdbss - ok
02:14:07.0975 0828 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:14:07.0975 0828 RDPCDD - ok
02:14:07.0991 0828 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:14:08.0038 0828 rdpdr - ok
02:14:08.0085 0828 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:14:08.0100 0828 RDPWD - ok
02:14:08.0132 0828 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:14:08.0225 0828 RDSessMgr - ok
02:14:08.0257 0828 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:14:08.0303 0828 redbook - ok
02:14:08.0350 0828 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:14:08.0350 0828 RemoteAccess - ok
02:14:08.0382 0828 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:14:08.0397 0828 RemoteRegistry - ok
02:14:08.0444 0828 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
02:14:08.0460 0828 RFCOMM - ok
02:14:08.0475 0828 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:14:08.0491 0828 RpcLocator - ok
02:14:08.0522 0828 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
02:14:08.0522 0828 RpcSs - ok
02:14:08.0569 0828 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:14:08.0632 0828 RSVP - ok
02:14:08.0678 0828 [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
02:14:08.0710 0828 RTL8023xp - ok
02:14:08.0725 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
02:14:08.0725 0828 SamSs - ok
02:14:08.0757 0828 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:14:08.0850 0828 SCardSvr - ok
02:14:08.0882 0828 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:14:08.0913 0828 Schedule - ok
02:14:08.0944 0828 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:14:08.0960 0828 Secdrv - ok
02:14:08.0960 0828 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:14:08.0975 0828 seclogon - ok
02:14:08.0991 0828 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
02:14:08.0991 0828 SENS - ok
02:14:09.0022 0828 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:14:09.0038 0828 Serenum - ok
02:14:09.0038 0828 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:14:09.0085 0828 Serial - ok
02:14:09.0116 0828 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:14:09.0116 0828 Sfloppy - ok
02:14:09.0178 0828 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:14:09.0194 0828 SharedAccess - ok
02:14:09.0225 0828 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:14:09.0225 0828 ShellHWDetection - ok
02:14:09.0241 0828 Simbad - ok
02:14:09.0257 0828 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
02:14:09.0303 0828 sisagp - ok
02:14:09.0350 0828 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
02:14:09.0428 0828 SkypeUpdate - ok
02:14:09.0460 0828 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:14:09.0460 0828 SLIP - ok
02:14:09.0491 0828 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:14:09.0491 0828 SMTPSVC - ok
02:14:09.0522 0828 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
02:14:09.0538 0828 Sparrow - ok
02:14:09.0553 0828 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:14:09.0569 0828 splitter - ok
02:14:09.0600 0828 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:14:09.0616 0828 Spooler - ok
02:14:09.0663 0828 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:14:09.0694 0828 sr - ok
02:14:09.0741 0828 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
02:14:09.0835 0828 srservice - ok
02:14:09.0850 0828 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:14:09.0882 0828 Srv - ok
02:14:09.0913 0828 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:14:09.0928 0828 SSDPSRV - ok
02:14:09.0944 0828 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:14:09.0975 0828 stisvc - ok
02:14:09.0991 0828 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:14:10.0007 0828 streamip - ok
02:14:10.0022 0828 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:14:10.0038 0828 swenum - ok
02:14:10.0069 0828 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:14:10.0085 0828 swmidi - ok
02:14:10.0100 0828 SwPrv - ok
02:14:10.0116 0828 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
02:14:10.0132 0828 symc810 - ok
02:14:10.0178 0828 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
02:14:10.0194 0828 symc8xx - ok
02:14:10.0210 0828 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
02:14:10.0225 0828 sym_hi - ok
02:14:10.0241 0828 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
02:14:10.0257 0828 sym_u3 - ok
02:14:10.0288 0828 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:14:10.0303 0828 sysaudio - ok
02:14:10.0350 0828 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:14:10.0413 0828 SysmonLog - ok
02:14:10.0460 0828 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:14:10.0491 0828 TapiSrv - ok
02:14:10.0522 0828 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:14:10.0569 0828 Tcpip - ok
02:14:10.0585 0828 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:14:10.0632 0828 TDPIPE - ok
02:14:10.0663 0828 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:14:10.0678 0828 TDTCP - ok
02:14:10.0710 0828 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:14:10.0741 0828 TermDD - ok
02:14:10.0772 0828 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
02:14:10.0850 0828 TermService - ok
02:14:10.0866 0828 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
02:14:10.0866 0828 Themes - ok
02:14:10.0897 0828 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:14:10.0928 0828 TlntSvr - ok
02:14:10.0975 0828 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
02:14:10.0991 0828 TosIde - ok
02:14:11.0053 0828 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:14:11.0085 0828 TrkWks - ok
02:14:11.0116 0828 [ B16D66A71DE03285E14E9F165B59EDA4 ] Trufos C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys
02:14:11.0132 0828 Trufos - ok
02:14:11.0147 0828 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:14:11.0178 0828 Udfs - ok
02:14:11.0194 0828 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
02:14:11.0210 0828 ultra - ok
02:14:11.0241 0828 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:14:11.0288 0828 Update - ok
02:14:11.0303 0828 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:14:11.0335 0828 upnphost - ok
02:14:11.0350 0828 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
02:14:11.0366 0828 UPS - ok
02:14:11.0397 0828 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
02:14:11.0413 0828 usbaudio - ok
02:14:11.0428 0828 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:14:11.0444 0828 usbccgp - ok
02:14:11.0444 0828 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:14:11.0460 0828 usbehci - ok
02:14:11.0475 0828 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:14:11.0491 0828 usbhub - ok
02:14:11.0507 0828 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:14:11.0522 0828 usbprint - ok
02:14:11.0553 0828 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:14:11.0569 0828 usbscan - ok
02:14:11.0600 0828 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:14:11.0616 0828 USBSTOR - ok
02:14:11.0632 0828 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:14:11.0647 0828 usbuhci - ok
02:14:11.0678 0828 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
02:14:11.0725 0828 usbvideo - ok
02:14:11.0741 0828 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:14:11.0772 0828 VgaSave - ok
02:14:11.0819 0828 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
02:14:11.0835 0828 viaagp - ok
02:14:11.0866 0828 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
02:14:11.0913 0828 ViaIde - ok
02:14:11.0928 0828 [ 65864ABA65EEE06EA586009301834E43 ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys
02:14:11.0960 0828 viamraid - ok
02:14:11.0975 0828 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:14:12.0038 0828 VolSnap - ok
02:14:12.0069 0828 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
02:14:12.0132 0828 VSS - ok
02:14:12.0147 0828 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
02:14:12.0178 0828 W32Time - ok
02:14:12.0194 0828 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:14:12.0194 0828 W3SVC - ok
02:14:12.0210 0828 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:14:12.0225 0828 Wanarp - ok
02:14:12.0225 0828 WDICA - ok
02:14:12.0241 0828 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:14:12.0257 0828 wdmaud - ok
02:14:12.0303 0828 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:14:12.0303 0828 WebClient - ok
02:14:12.0366 0828 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:14:12.0382 0828 winmgmt - ok
02:14:12.0444 0828 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
02:14:12.0553 0828 WMConnectCDS - ok
02:14:12.0585 0828 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:14:12.0647 0828 WmdmPmSN - ok
02:14:12.0694 0828 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:14:12.0710 0828 Wmi - ok
02:14:12.0757 0828 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:14:12.0819 0828 WmiApSrv - ok
02:14:12.0835 0828 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
02:14:12.0850 0828 WpdUsb - ok
02:14:12.0897 0828 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:14:12.0913 0828 WS2IFSL - ok
02:14:12.0944 0828 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:14:12.0960 0828 wscsvc - ok
02:14:12.0991 0828 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:14:13.0007 0828 WSTCODEC - ok
02:14:13.0022 0828 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:14:13.0038 0828 wuauserv - ok
02:14:13.0069 0828 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:14:13.0085 0828 WudfPf - ok
02:14:13.0116 0828 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:14:13.0163 0828 WudfRd - ok
02:14:13.0194 0828 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:14:13.0225 0828 WudfSvc - ok
02:14:13.0257 0828 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:14:13.0303 0828 WZCSVC - ok
02:14:13.0335 0828 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:14:13.0366 0828 xmlprov - ok
02:14:13.0382 0828 ================ Scan global ===============================
02:14:13.0397 0828 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:14:13.0428 0828 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:14:13.0491 0828 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:14:13.0507 0828 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:14:13.0507 0828 [Global] - ok
02:14:13.0507 0828 ================ Scan MBR ==================================
02:14:13.0522 0828 [ 564FD35314278444C09289C7D23E0635 ] \Device\Harddisk0\DR0
02:14:13.0991 0828 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:14:13.0991 0828 \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:14:13.0991 0828 ================ Scan VBR ==================================
02:14:14.0007 0828 [ 97484E0FF60B719E0777120DBE9CC6B6 ] \Device\Harddisk0\DR0\Partition1
02:14:14.0022 0828 \Device\Harddisk0\DR0\Partition1 - ok
02:14:14.0022 0828 ============================================================
02:14:14.0022 0828 Scan finished
02:14:14.0022 0828 ============================================================
02:14:14.0022 3768 Detected object count: 2
02:14:14.0022 3768 Actual detected object count: 2
02:27:05.0116 3768 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - copied to quarantine
02:27:06.0788 3768 nv ( ForgedFile.Multi.Generic ) - User select action: Quarantine
02:27:06.0835 3768 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
02:27:06.0835 3768 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
02:27:06.0960 3768 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
02:27:07.0038 3768 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
02:27:24.0335 3768 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
02:27:24.0366 3768 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
02:27:24.0460 3768 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
02:27:24.0522 3768 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
02:27:24.0553 3768 \Device\Harddisk0\DR0\TDLFS - deleted
02:27:24.0553 3768 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete


Oh, and when it was cleaning up, my anti-virus went a bit mental and 'detected' various viruses and quarentined:

Posted Image

I assume this was supposed to happen?

Oh, that report was post "clean and delete"... Should I run the programme again to check?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:05 AM

Posted 17 November 2012 - 09:47 PM

Ok.. we opened it up and we are getting it all..
Yes,run TDSS again
Did you run aswMBR?

The Zusy infection found is an injector so I think we should scan further..



Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 John Knee

John Knee
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 17 November 2012 - 09:57 PM

I re-run TDSS and it detected the "Forged" file as per the one we quarentined above. I selected the quarentine option again...

I haven't run awsMBR yet... I wanted to make sure I selected the right option in terms of delete and quarentine on TDSS... I can run it now or should I run SuperAntiSpyware first?




02:13:33.0116 3208 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:13:35.0116 3208 ============================================================
02:13:35.0116 3208 Current date / time: 2012/11/18 02:13:35.0116
02:13:35.0116 3208 SystemInfo:
02:13:35.0116 3208
02:13:35.0116 3208 OS Version: 5.1.2600 ServicePack: 3.0
02:13:35.0116 3208 Product type: Workstation
02:13:35.0116 3208 ComputerName: SKRUTTIS
02:13:35.0147 3208 UserName: Matt
02:13:35.0147 3208 Windows directory: C:\WINDOWS
02:13:35.0147 3208 System windows directory: C:\WINDOWS
02:13:35.0147 3208 Processor architecture: Intel x86
02:13:35.0147 3208 Number of processors: 2
02:13:35.0147 3208 Page size: 0x1000
02:13:35.0147 3208 Boot type: Normal boot
02:13:35.0147 3208 ============================================================
02:13:39.0835 3208 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:13:39.0850 3208 ============================================================
02:13:39.0850 3208 \Device\Harddisk0\DR0:
02:13:39.0850 3208 MBR partitions:
02:13:39.0850 3208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8CB4BE, BlocksNum 0x1C8F90C3
02:13:39.0850 3208 ============================================================
02:13:39.0913 3208 C: <-> \Device\Harddisk0\DR0\Partition1
02:13:39.0928 3208 ============================================================
02:13:39.0928 3208 Initialize success
02:13:39.0928 3208 ============================================================
02:13:52.0850 0828 ============================================================
02:13:52.0866 0828 Scan started
02:13:52.0866 0828 Mode: Manual; TDLFS;
02:13:52.0866 0828 ============================================================
02:13:54.0069 0828 ================ Scan system memory ========================
02:13:54.0085 0828 System memory - ok
02:13:54.0085 0828 ================ Scan services =============================
02:13:54.0210 0828 Abiosdsk - ok
02:13:54.0257 0828 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
02:13:54.0272 0828 abp480n5 - ok
02:13:54.0303 0828 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:13:54.0366 0828 ACPI - ok
02:13:54.0382 0828 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:13:54.0397 0828 ACPIEC - ok
02:13:54.0475 0828 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
02:13:54.0491 0828 Adobe LM Service - ok
02:13:54.0569 0828 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:13:54.0569 0828 AdobeFlashPlayerUpdateSvc - ok
02:13:54.0600 0828 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
02:13:54.0632 0828 adpu160m - ok
02:13:54.0678 0828 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:13:54.0710 0828 aec - ok
02:13:54.0757 0828 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:13:54.0819 0828 AFD - ok
02:13:54.0850 0828 [ 52B095044E73DF356D814234C3003B74 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
02:13:54.0866 0828 afw - ok
02:13:54.0882 0828 [ 795F71E771ADFF833A8CFAA6537FC7C0 ] AfwCore C:\WINDOWS\system32\Drivers\AfwCore.sys
02:13:54.0913 0828 AfwCore - ok
02:13:54.0944 0828 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
02:13:54.0975 0828 agp440 - ok
02:13:54.0975 0828 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
02:13:54.0991 0828 agpCPQ - ok
02:13:55.0022 0828 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
02:13:55.0038 0828 Aha154x - ok
02:13:55.0038 0828 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
02:13:55.0053 0828 aic78u2 - ok
02:13:55.0053 0828 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
02:13:55.0069 0828 aic78xx - ok
02:13:55.0116 0828 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:13:55.0147 0828 Alerter - ok
02:13:55.0178 0828 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
02:13:55.0225 0828 ALG - ok
02:13:55.0225 0828 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
02:13:55.0241 0828 AliIde - ok
02:13:55.0241 0828 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
02:13:55.0257 0828 alim1541 - ok
02:13:55.0272 0828 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
02:13:55.0288 0828 amdagp - ok
02:13:55.0288 0828 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
02:13:55.0303 0828 amsint - ok
02:13:55.0335 0828 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:13:55.0350 0828 AppMgmt - ok
02:13:55.0350 0828 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
02:13:55.0366 0828 asc - ok
02:13:55.0397 0828 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
02:13:55.0397 0828 asc3350p - ok
02:13:55.0413 0828 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
02:13:55.0428 0828 asc3550 - ok
02:13:55.0538 0828 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:13:55.0600 0828 aspnet_state - ok
02:13:55.0632 0828 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:13:55.0694 0828 AsyncMac - ok
02:13:55.0710 0828 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:13:55.0710 0828 atapi - ok
02:13:55.0725 0828 Atdisk - ok
02:13:55.0741 0828 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:13:55.0788 0828 Atmarpc - ok
02:13:55.0803 0828 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:13:55.0819 0828 AudioSrv - ok
02:13:55.0850 0828 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:13:55.0882 0828 audstub - ok
02:13:55.0913 0828 [ 8C455A0B7BCD2BEC2919A4DA525D53BD ] BdFileSpy C:\WINDOWS\system32\drivers\BdFileSpy.sys
02:13:55.0944 0828 BdFileSpy - ok
02:13:55.0975 0828 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:13:56.0038 0828 Beep - ok
02:13:56.0147 0828 bfastfao - ok
02:13:56.0225 0828 [ 5E0D96F9C50060668DEF60CAC8FC327D ] BgLiveSvc C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
02:13:56.0257 0828 BgLiveSvc - ok
02:13:56.0303 0828 [ AC1E73A6F8ABAB6B4565BCADA72D9A04 ] BgMainSvc C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
02:13:56.0319 0828 BgMainSvc - ok
02:13:56.0350 0828 [ 71F6933BC95B5A154784D549EEB3A6DF ] BGRaSvc C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
02:13:56.0397 0828 BGRaSvc - ok
02:13:56.0428 0828 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
02:13:56.0491 0828 BITS - ok
02:13:56.0538 0828 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
02:13:56.0553 0828 Browser - ok
02:13:56.0600 0828 [ 35BBB876111B828D944C0A46C15B6B06 ] BsFileScan C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
02:13:56.0632 0828 BsFileScan - ok
02:13:56.0678 0828 [ 544AF6BE604B22C56E2090B418F63DF1 ] BsFire C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
02:13:56.0741 0828 BsFire - ok
02:13:56.0772 0828 [ A238D8C401B2125C0C834A667677E9BD ] BsMailProxy C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll
02:13:56.0819 0828 BsMailProxy - ok
02:13:56.0850 0828 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
02:13:56.0866 0828 BthEnum - ok
02:13:56.0866 0828 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
02:13:56.0897 0828 BTHMODEM - ok
02:13:56.0913 0828 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
02:13:56.0944 0828 BthPan - ok
02:13:56.0975 0828 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
02:13:56.0991 0828 BTHPORT - ok
02:13:57.0038 0828 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
02:13:57.0053 0828 BthServ - ok
02:13:57.0085 0828 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
02:13:57.0100 0828 BTHUSB - ok
02:13:57.0132 0828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
02:13:57.0147 0828 cbidf - ok
02:13:57.0147 0828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:13:57.0147 0828 cbidf2k - ok
02:13:57.0194 0828 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:13:57.0210 0828 CCDECODE - ok
02:13:57.0210 0828 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
02:13:57.0225 0828 cd20xrnt - ok
02:13:57.0257 0828 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:13:57.0335 0828 Cdaudio - ok
02:13:57.0350 0828 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:13:57.0366 0828 Cdfs - ok
02:13:57.0397 0828 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:13:57.0428 0828 Cdrom - ok
02:13:57.0428 0828 Changer - ok
02:13:57.0475 0828 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:13:57.0507 0828 CiSvc - ok
02:13:57.0569 0828 [ E706CC0E5E6D500223F0693A8D516AF6 ] CLCapSvc C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
02:13:57.0600 0828 CLCapSvc - ok
02:13:57.0632 0828 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:13:57.0678 0828 ClipSrv - ok
02:13:57.0710 0828 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:13:57.0897 0828 clr_optimization_v2.0.50727_32 - ok
02:13:57.0928 0828 [ B9B56CD51C2B857D76A663F6AE057D5B ] CLSched C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
02:13:57.0960 0828 CLSched - ok
02:13:57.0991 0828 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
02:13:58.0007 0828 CmdIde - ok
02:13:58.0022 0828 COMSysApp - ok
02:13:58.0132 0828 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
02:13:58.0147 0828 Cpqarray - ok
02:13:58.0225 0828 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:13:58.0241 0828 CryptSvc - ok
02:13:58.0350 0828 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
02:13:58.0366 0828 CTDevice_Srv - ok
02:13:58.0397 0828 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
02:13:58.0428 0828 CTUPnPSv - ok
02:13:58.0460 0828 [ 2BB11CD367D49098D57A8638ADB5BCF6 ] CyberLink Media Library Service C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
02:13:58.0475 0828 CyberLink Media Library Service - ok
02:13:58.0507 0828 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
02:13:58.0553 0828 dac2w2k - ok
02:13:58.0585 0828 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
02:13:58.0600 0828 dac960nt - ok
02:13:58.0632 0828 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:13:58.0632 0828 DcomLaunch - ok
02:13:58.0678 0828 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:13:58.0757 0828 Dhcp - ok
02:13:58.0772 0828 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:13:58.0788 0828 Disk - ok
02:13:58.0803 0828 dmadmin - ok
02:13:58.0835 0828 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:13:58.0897 0828 dmboot - ok
02:13:58.0913 0828 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:13:58.0928 0828 dmio - ok
02:13:58.0960 0828 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:13:58.0960 0828 dmload - ok
02:13:58.0991 0828 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:13:59.0069 0828 dmserver - ok
02:13:59.0085 0828 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:13:59.0100 0828 DMusic - ok
02:13:59.0132 0828 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:13:59.0178 0828 Dnscache - ok
02:13:59.0210 0828 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:13:59.0241 0828 Dot3svc - ok
02:13:59.0257 0828 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
02:13:59.0288 0828 dpti2o - ok
02:13:59.0303 0828 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:13:59.0319 0828 drmkaud - ok
02:13:59.0335 0828 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:13:59.0350 0828 EapHost - ok
02:13:59.0413 0828 [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
02:13:59.0428 0828 ehRecvr - ok
02:13:59.0460 0828 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
02:13:59.0491 0828 ehSched - ok
02:13:59.0522 0828 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:13:59.0553 0828 ERSvc - ok
02:13:59.0585 0828 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
02:13:59.0632 0828 Eventlog - ok
02:13:59.0663 0828 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
02:13:59.0710 0828 EventSystem - ok
02:13:59.0741 0828 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:13:59.0741 0828 Fastfat - ok
02:13:59.0772 0828 [ 3ACBC73531DEDD69837FE73B1623D49C ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
02:13:59.0803 0828 fasttx2k - ok
02:13:59.0819 0828 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:13:59.0850 0828 FastUserSwitchingCompatibility - ok
02:13:59.0882 0828 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
02:13:59.0928 0828 Fax - ok
02:13:59.0928 0828 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
02:13:59.0944 0828 Fdc - ok
02:13:59.0960 0828 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:13:59.0975 0828 Fips - ok
02:13:59.0991 0828 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:14:00.0007 0828 Flpydisk - ok
02:14:00.0022 0828 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:14:00.0038 0828 FltMgr - ok
02:14:00.0085 0828 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:14:00.0100 0828 FontCache3.0.0.0 - ok
02:14:00.0116 0828 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:14:00.0147 0828 Fs_Rec - ok
02:14:00.0163 0828 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:14:00.0194 0828 Ftdisk - ok
02:14:00.0241 0828 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:14:00.0257 0828 Gpc - ok
02:14:00.0288 0828 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:14:00.0319 0828 HDAudBus - ok
02:14:00.0397 0828 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:14:00.0413 0828 helpsvc - ok
02:14:00.0428 0828 [ 7BD2DE4C85EB4241EED57672B16A7D8D ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
02:14:00.0444 0828 HidBth - ok
02:14:00.0444 0828 HidServ - ok
02:14:00.0475 0828 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:14:00.0507 0828 HidUsb - ok
02:14:00.0522 0828 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:14:00.0538 0828 hkmsvc - ok
02:14:00.0569 0828 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
02:14:00.0585 0828 hpn - ok
02:14:00.0616 0828 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:14:00.0663 0828 HTTP - ok
02:14:00.0694 0828 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:14:00.0741 0828 HTTPFilter - ok
02:14:00.0741 0828 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
02:14:00.0757 0828 i2omgmt - ok
02:14:00.0788 0828 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
02:14:00.0803 0828 i2omp - ok
02:14:00.0819 0828 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:14:00.0866 0828 i8042prt - ok
02:14:00.0913 0828 [ 85D42B7F0DD406ADF5E3EC7659A279EC ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
02:14:00.0975 0828 ialm - ok
02:14:01.0007 0828 [ C9F030A5E43AEDFABE0A39DF0A0DCBEB ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
02:14:01.0053 0828 iaStor - ok
02:14:01.0147 0828 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:14:01.0210 0828 IDriverT - ok
02:14:01.0288 0828 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:14:01.0444 0828 idsvc - ok
02:14:01.0507 0828 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:14:01.0507 0828 IISADMIN - ok
02:14:01.0538 0828 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:14:01.0553 0828 Imapi - ok
02:14:01.0585 0828 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
02:14:01.0647 0828 ImapiService - ok
02:14:01.0678 0828 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
02:14:01.0694 0828 ini910u - ok
02:14:01.0850 0828 [ 60D7460B07012D364CED11DD9FD83E1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:14:01.0928 0828 IntcAzAudAddService - ok
02:14:01.0960 0828 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
02:14:01.0975 0828 IntelIde - ok
02:14:02.0007 0828 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:14:02.0022 0828 intelppm - ok
02:14:02.0038 0828 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:14:02.0053 0828 Ip6Fw - ok
02:14:02.0085 0828 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:14:02.0116 0828 IpFilterDriver - ok
02:14:02.0132 0828 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:14:02.0147 0828 IpInIp - ok
02:14:02.0178 0828 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:14:02.0225 0828 IpNat - ok
02:14:02.0257 0828 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:14:02.0319 0828 IPSec - ok
02:14:02.0350 0828 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:14:02.0366 0828 IRENUM - ok
02:14:02.0382 0828 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:14:02.0397 0828 isapnp - ok
02:14:02.0507 0828 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
02:14:02.0553 0828 JavaQuickStarterService - ok
02:14:02.0553 0828 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:14:02.0569 0828 Kbdclass - ok
02:14:02.0600 0828 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:14:02.0616 0828 kbdhid - ok
02:14:02.0632 0828 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:14:02.0632 0828 kmixer - ok
02:14:02.0678 0828 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:14:02.0725 0828 KSecDD - ok
02:14:02.0772 0828 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:14:02.0803 0828 lanmanserver - ok
02:14:02.0835 0828 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:14:02.0866 0828 lanmanworkstation - ok
02:14:02.0866 0828 Lbd - ok
02:14:02.0882 0828 lbrtfdc - ok
02:14:02.0913 0828 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:14:02.0913 0828 LmHosts - ok
02:14:02.0944 0828 [ FC969E4E53C602884958A5FDFFC53526 ] m5287 C:\WINDOWS\system32\DRIVERS\m5287.sys
02:14:02.0960 0828 m5287 - ok
02:14:02.0991 0828 [ 2424B13987360840B4BF4E5FB5A66D3F ] m5289 C:\WINDOWS\system32\DRIVERS\m5289.sys
02:14:03.0007 0828 m5289 - ok
02:14:03.0038 0828 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
02:14:03.0069 0828 McrdSvc - ok
02:14:03.0085 0828 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:14:03.0100 0828 Messenger - ok
02:14:03.0116 0828 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
02:14:03.0147 0828 MHN - ok
02:14:03.0147 0828 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
02:14:03.0163 0828 MHNDRV - ok
02:14:03.0194 0828 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:14:03.0210 0828 mnmdd - ok
02:14:03.0241 0828 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:14:03.0319 0828 mnmsrvc - ok
02:14:03.0350 0828 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:14:03.0366 0828 Modem - ok
02:14:03.0382 0828 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:14:03.0382 0828 Mouclass - ok
02:14:03.0428 0828 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:14:03.0444 0828 mouhid - ok
02:14:03.0475 0828 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:14:03.0491 0828 MountMgr - ok
02:14:03.0569 0828 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:14:03.0616 0828 MozillaMaintenance - ok
02:14:03.0647 0828 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
02:14:03.0663 0828 mraid35x - ok
02:14:03.0694 0828 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:14:03.0741 0828 MRxDAV - ok
02:14:03.0772 0828 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:14:03.0913 0828 MRxSmb - ok
02:14:03.0928 0828 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:14:03.0975 0828 MSDTC - ok
02:14:03.0975 0828 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:14:03.0991 0828 Msfs - ok
02:14:04.0007 0828 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:14:04.0007 0828 MSFtpsvc - ok
02:14:04.0007 0828 MSIServer - ok
02:14:04.0053 0828 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:14:04.0053 0828 MSKSSRV - ok
02:14:04.0085 0828 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:14:04.0085 0828 MSPCLOCK - ok
02:14:04.0116 0828 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:14:04.0116 0828 MSPQM - ok
02:14:04.0163 0828 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:14:04.0163 0828 mssmbios - ok
02:14:04.0210 0828 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:14:04.0225 0828 MSTEE - ok
02:14:04.0257 0828 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
02:14:04.0272 0828 MTsensor - ok
02:14:04.0303 0828 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:14:04.0335 0828 Mup - ok
02:14:04.0350 0828 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:14:04.0366 0828 NABTSFEC - ok
02:14:04.0413 0828 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:14:04.0428 0828 napagent - ok
02:14:04.0460 0828 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:14:04.0507 0828 NDIS - ok
02:14:04.0538 0828 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:14:04.0553 0828 NdisIP - ok
02:14:04.0569 0828 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:14:04.0600 0828 NdisTapi - ok
02:14:04.0600 0828 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:14:04.0632 0828 Ndisuio - ok
02:14:04.0632 0828 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:14:04.0663 0828 NdisWan - ok
02:14:04.0678 0828 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:14:04.0710 0828 NDProxy - ok
02:14:04.0741 0828 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:14:04.0757 0828 NetBIOS - ok
02:14:04.0772 0828 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:14:04.0835 0828 NetBT - ok
02:14:04.0866 0828 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
02:14:04.0991 0828 NetDDE - ok
02:14:04.0991 0828 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:14:04.0991 0828 NetDDEdsdm - ok
02:14:05.0022 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:14:05.0038 0828 Netlogon - ok
02:14:05.0069 0828 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
02:14:05.0116 0828 Netman - ok
02:14:05.0163 0828 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:14:05.0210 0828 NetTcpPortSharing - ok
02:14:05.0241 0828 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
02:14:05.0241 0828 Nla - ok
02:14:05.0272 0828 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:14:05.0288 0828 Npfs - ok
02:14:05.0303 0828 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:14:05.0319 0828 Ntfs - ok
02:14:05.0335 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:14:05.0335 0828 NtLmSsp - ok
02:14:05.0413 0828 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:14:05.0428 0828 NtmsSvc - ok
02:14:05.0460 0828 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:14:05.0507 0828 Null - ok
02:14:05.0569 0828 [ C407467C9C43B15E8725978E114C4D65 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:14:06.0319 0828 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: C407467C9C43B15E8725978E114C4D65, Fake md5: BF506D232C5E6F2DAE80F5C11B45C60E
02:14:06.0335 0828 nv ( ForgedFile.Multi.Generic ) - warning
02:14:06.0335 0828 nv - detected ForgedFile.Multi.Generic (1)
02:14:06.0382 0828 [ CE8CCE2B9F96ACA02E5DED4298A7796D ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
02:14:06.0428 0828 nvsvc - ok
02:14:06.0428 0828 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:14:06.0475 0828 NwlnkFlt - ok
02:14:06.0507 0828 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:14:06.0538 0828 NwlnkFwd - ok
02:14:06.0585 0828 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:14:06.0678 0828 ose - ok
02:14:06.0710 0828 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:14:06.0757 0828 Parport - ok
02:14:06.0757 0828 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:14:06.0788 0828 PartMgr - ok
02:14:06.0819 0828 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:14:06.0835 0828 ParVdm - ok
02:14:06.0835 0828 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:14:06.0866 0828 PCI - ok
02:14:06.0866 0828 PCIDump - ok
02:14:06.0882 0828 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:14:06.0882 0828 PCIIde - ok
02:14:06.0928 0828 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:14:06.0960 0828 Pcmcia - ok
02:14:06.0975 0828 PDCOMP - ok
02:14:06.0975 0828 PDFRAME - ok
02:14:06.0975 0828 PDRELI - ok
02:14:06.0991 0828 PDRFRAME - ok
02:14:07.0007 0828 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
02:14:07.0022 0828 perc2 - ok
02:14:07.0038 0828 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
02:14:07.0053 0828 perc2hib - ok
02:14:07.0069 0828 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
02:14:07.0085 0828 PlugPlay - ok
02:14:07.0085 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:14:07.0085 0828 PolicyAgent - ok
02:14:07.0116 0828 [ 411923A60E1FC2B136C77E6D50FC69BD ] ppa C:\WINDOWS\system32\DRIVERS\ppa.sys
02:14:07.0132 0828 ppa - ok
02:14:07.0178 0828 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:14:07.0178 0828 PptpMiniport - ok
02:14:07.0210 0828 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
02:14:07.0225 0828 Processor - ok
02:14:07.0272 0828 [ DE11F5C3E9BDA993B65E1518D46BC438 ] Profos C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys
02:14:07.0288 0828 Profos - ok
02:14:07.0319 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:14:07.0319 0828 ProtectedStorage - ok
02:14:07.0319 0828 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:14:07.0335 0828 PSched - ok
02:14:07.0350 0828 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:14:07.0366 0828 Ptilink - ok
02:14:07.0382 0828 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:14:07.0413 0828 PxHelp20 - ok
02:14:07.0428 0828 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
02:14:07.0444 0828 ql1080 - ok
02:14:07.0475 0828 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
02:14:07.0491 0828 Ql10wnt - ok
02:14:07.0507 0828 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
02:14:07.0522 0828 ql12160 - ok
02:14:07.0522 0828 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
02:14:07.0538 0828 ql1240 - ok
02:14:07.0553 0828 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
02:14:07.0569 0828 ql1280 - ok
02:14:07.0600 0828 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:14:07.0616 0828 RasAcd - ok
02:14:07.0663 0828 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:14:07.0678 0828 RasAuto - ok
02:14:07.0710 0828 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:14:07.0741 0828 Rasl2tp - ok
02:14:07.0788 0828 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:14:07.0819 0828 RasMan - ok
02:14:07.0819 0828 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:14:07.0835 0828 RasPppoe - ok
02:14:07.0850 0828 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:14:07.0882 0828 Raspti - ok
02:14:07.0913 0828 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:14:07.0944 0828 Rdbss - ok
02:14:07.0975 0828 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:14:07.0975 0828 RDPCDD - ok
02:14:07.0991 0828 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:14:08.0038 0828 rdpdr - ok
02:14:08.0085 0828 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:14:08.0100 0828 RDPWD - ok
02:14:08.0132 0828 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:14:08.0225 0828 RDSessMgr - ok
02:14:08.0257 0828 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:14:08.0303 0828 redbook - ok
02:14:08.0350 0828 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:14:08.0350 0828 RemoteAccess - ok
02:14:08.0382 0828 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:14:08.0397 0828 RemoteRegistry - ok
02:14:08.0444 0828 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
02:14:08.0460 0828 RFCOMM - ok
02:14:08.0475 0828 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:14:08.0491 0828 RpcLocator - ok
02:14:08.0522 0828 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
02:14:08.0522 0828 RpcSs - ok
02:14:08.0569 0828 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:14:08.0632 0828 RSVP - ok
02:14:08.0678 0828 [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
02:14:08.0710 0828 RTL8023xp - ok
02:14:08.0725 0828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
02:14:08.0725 0828 SamSs - ok
02:14:08.0757 0828 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:14:08.0850 0828 SCardSvr - ok
02:14:08.0882 0828 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:14:08.0913 0828 Schedule - ok
02:14:08.0944 0828 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:14:08.0960 0828 Secdrv - ok
02:14:08.0960 0828 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:14:08.0975 0828 seclogon - ok
02:14:08.0991 0828 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
02:14:08.0991 0828 SENS - ok
02:14:09.0022 0828 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:14:09.0038 0828 Serenum - ok
02:14:09.0038 0828 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:14:09.0085 0828 Serial - ok
02:14:09.0116 0828 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:14:09.0116 0828 Sfloppy - ok
02:14:09.0178 0828 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:14:09.0194 0828 SharedAccess - ok
02:14:09.0225 0828 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:14:09.0225 0828 ShellHWDetection - ok
02:14:09.0241 0828 Simbad - ok
02:14:09.0257 0828 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
02:14:09.0303 0828 sisagp - ok
02:14:09.0350 0828 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
02:14:09.0428 0828 SkypeUpdate - ok
02:14:09.0460 0828 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:14:09.0460 0828 SLIP - ok
02:14:09.0491 0828 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:14:09.0491 0828 SMTPSVC - ok
02:14:09.0522 0828 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
02:14:09.0538 0828 Sparrow - ok
02:14:09.0553 0828 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:14:09.0569 0828 splitter - ok
02:14:09.0600 0828 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:14:09.0616 0828 Spooler - ok
02:14:09.0663 0828 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:14:09.0694 0828 sr - ok
02:14:09.0741 0828 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
02:14:09.0835 0828 srservice - ok
02:14:09.0850 0828 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:14:09.0882 0828 Srv - ok
02:14:09.0913 0828 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:14:09.0928 0828 SSDPSRV - ok
02:14:09.0944 0828 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:14:09.0975 0828 stisvc - ok
02:14:09.0991 0828 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:14:10.0007 0828 streamip - ok
02:14:10.0022 0828 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:14:10.0038 0828 swenum - ok
02:14:10.0069 0828 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:14:10.0085 0828 swmidi - ok
02:14:10.0100 0828 SwPrv - ok
02:14:10.0116 0828 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
02:14:10.0132 0828 symc810 - ok
02:14:10.0178 0828 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
02:14:10.0194 0828 symc8xx - ok
02:14:10.0210 0828 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
02:14:10.0225 0828 sym_hi - ok
02:14:10.0241 0828 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
02:14:10.0257 0828 sym_u3 - ok
02:14:10.0288 0828 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:14:10.0303 0828 sysaudio - ok
02:14:10.0350 0828 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:14:10.0413 0828 SysmonLog - ok
02:14:10.0460 0828 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:14:10.0491 0828 TapiSrv - ok
02:14:10.0522 0828 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:14:10.0569 0828 Tcpip - ok
02:14:10.0585 0828 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:14:10.0632 0828 TDPIPE - ok
02:14:10.0663 0828 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:14:10.0678 0828 TDTCP - ok
02:14:10.0710 0828 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:14:10.0741 0828 TermDD - ok
02:14:10.0772 0828 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
02:14:10.0850 0828 TermService - ok
02:14:10.0866 0828 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
02:14:10.0866 0828 Themes - ok
02:14:10.0897 0828 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:14:10.0928 0828 TlntSvr - ok
02:14:10.0975 0828 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
02:14:10.0991 0828 TosIde - ok
02:14:11.0053 0828 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:14:11.0085 0828 TrkWks - ok
02:14:11.0116 0828 [ B16D66A71DE03285E14E9F165B59EDA4 ] Trufos C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys
02:14:11.0132 0828 Trufos - ok
02:14:11.0147 0828 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:14:11.0178 0828 Udfs - ok
02:14:11.0194 0828 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
02:14:11.0210 0828 ultra - ok
02:14:11.0241 0828 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:14:11.0288 0828 Update - ok
02:14:11.0303 0828 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:14:11.0335 0828 upnphost - ok
02:14:11.0350 0828 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
02:14:11.0366 0828 UPS - ok
02:14:11.0397 0828 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
02:14:11.0413 0828 usbaudio - ok
02:14:11.0428 0828 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:14:11.0444 0828 usbccgp - ok
02:14:11.0444 0828 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:14:11.0460 0828 usbehci - ok
02:14:11.0475 0828 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:14:11.0491 0828 usbhub - ok
02:14:11.0507 0828 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:14:11.0522 0828 usbprint - ok
02:14:11.0553 0828 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:14:11.0569 0828 usbscan - ok
02:14:11.0600 0828 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:14:11.0616 0828 USBSTOR - ok
02:14:11.0632 0828 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:14:11.0647 0828 usbuhci - ok
02:14:11.0678 0828 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
02:14:11.0725 0828 usbvideo - ok
02:14:11.0741 0828 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:14:11.0772 0828 VgaSave - ok
02:14:11.0819 0828 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
02:14:11.0835 0828 viaagp - ok
02:14:11.0866 0828 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
02:14:11.0913 0828 ViaIde - ok
02:14:11.0928 0828 [ 65864ABA65EEE06EA586009301834E43 ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys
02:14:11.0960 0828 viamraid - ok
02:14:11.0975 0828 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:14:12.0038 0828 VolSnap - ok
02:14:12.0069 0828 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
02:14:12.0132 0828 VSS - ok
02:14:12.0147 0828 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
02:14:12.0178 0828 W32Time - ok
02:14:12.0194 0828 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:14:12.0194 0828 W3SVC - ok
02:14:12.0210 0828 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:14:12.0225 0828 Wanarp - ok
02:14:12.0225 0828 WDICA - ok
02:14:12.0241 0828 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:14:12.0257 0828 wdmaud - ok
02:14:12.0303 0828 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:14:12.0303 0828 WebClient - ok
02:14:12.0366 0828 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:14:12.0382 0828 winmgmt - ok
02:14:12.0444 0828 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
02:14:12.0553 0828 WMConnectCDS - ok
02:14:12.0585 0828 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:14:12.0647 0828 WmdmPmSN - ok
02:14:12.0694 0828 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:14:12.0710 0828 Wmi - ok
02:14:12.0757 0828 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:14:12.0819 0828 WmiApSrv - ok
02:14:12.0835 0828 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
02:14:12.0850 0828 WpdUsb - ok
02:14:12.0897 0828 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:14:12.0913 0828 WS2IFSL - ok
02:14:12.0944 0828 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:14:12.0960 0828 wscsvc - ok
02:14:12.0991 0828 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:14:13.0007 0828 WSTCODEC - ok
02:14:13.0022 0828 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:14:13.0038 0828 wuauserv - ok
02:14:13.0069 0828 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:14:13.0085 0828 WudfPf - ok
02:14:13.0116 0828 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:14:13.0163 0828 WudfRd - ok
02:14:13.0194 0828 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:14:13.0225 0828 WudfSvc - ok
02:14:13.0257 0828 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:14:13.0303 0828 WZCSVC - ok
02:14:13.0335 0828 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:14:13.0366 0828 xmlprov - ok
02:14:13.0382 0828 ================ Scan global ===============================
02:14:13.0397 0828 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:14:13.0428 0828 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:14:13.0491 0828 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:14:13.0507 0828 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:14:13.0507 0828 [Global] - ok
02:14:13.0507 0828 ================ Scan MBR ==================================
02:14:13.0522 0828 [ 564FD35314278444C09289C7D23E0635 ] \Device\Harddisk0\DR0
02:14:13.0991 0828 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:14:13.0991 0828 \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:14:13.0991 0828 ================ Scan VBR ==================================
02:14:14.0007 0828 [ 97484E0FF60B719E0777120DBE9CC6B6 ] \Device\Harddisk0\DR0\Partition1
02:14:14.0022 0828 \Device\Harddisk0\DR0\Partition1 - ok
02:14:14.0022 0828 ============================================================
02:14:14.0022 0828 Scan finished
02:14:14.0022 0828 ============================================================
02:14:14.0022 3768 Detected object count: 2
02:14:14.0022 3768 Actual detected object count: 2
02:27:05.0116 3768 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - copied to quarantine
02:27:06.0788 3768 nv ( ForgedFile.Multi.Generic ) - User select action: Quarantine
02:27:06.0835 3768 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
02:27:06.0835 3768 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
02:27:06.0960 3768 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
02:27:07.0038 3768 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
02:27:24.0335 3768 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
02:27:24.0366 3768 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
02:27:24.0460 3768 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
02:27:24.0522 3768 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
02:27:24.0553 3768 \Device\Harddisk0\DR0\TDLFS - deleted
02:27:24.0553 3768 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
02:49:33.0585 0988 ============================================================
02:49:33.0585 0988 Scan started
02:49:33.0585 0988 Mode: Manual; TDLFS;
02:49:33.0585 0988 ============================================================
02:49:34.0710 0988 ================ Scan system memory ========================
02:49:34.0710 0988 System memory - ok
02:49:34.0710 0988 ================ Scan services =============================
02:49:34.0819 0988 Abiosdsk - ok
02:49:34.0850 0988 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
02:49:34.0866 0988 abp480n5 - ok
02:49:34.0897 0988 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:49:34.0944 0988 ACPI - ok
02:49:34.0960 0988 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:49:34.0991 0988 ACPIEC - ok
02:49:35.0085 0988 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
02:49:35.0132 0988 Adobe LM Service - ok
02:49:35.0194 0988 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:49:35.0257 0988 AdobeFlashPlayerUpdateSvc - ok
02:49:35.0288 0988 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
02:49:35.0303 0988 adpu160m - ok
02:49:35.0350 0988 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:49:35.0382 0988 aec - ok
02:49:35.0444 0988 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:49:35.0538 0988 AFD - ok
02:49:35.0569 0988 [ 52B095044E73DF356D814234C3003B74 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
02:49:35.0600 0988 afw - ok
02:49:35.0600 0988 [ 795F71E771ADFF833A8CFAA6537FC7C0 ] AfwCore C:\WINDOWS\system32\Drivers\AfwCore.sys
02:49:35.0632 0988 AfwCore - ok
02:49:35.0678 0988 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
02:49:35.0694 0988 agp440 - ok
02:49:35.0694 0988 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
02:49:35.0725 0988 agpCPQ - ok
02:49:35.0741 0988 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
02:49:35.0772 0988 Aha154x - ok
02:49:35.0772 0988 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
02:49:35.0788 0988 aic78u2 - ok
02:49:35.0803 0988 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
02:49:35.0819 0988 aic78xx - ok
02:49:35.0850 0988 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:49:35.0866 0988 Alerter - ok
02:49:35.0897 0988 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
02:49:35.0913 0988 ALG - ok
02:49:35.0960 0988 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
02:49:35.0975 0988 AliIde - ok
02:49:35.0991 0988 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
02:49:36.0022 0988 alim1541 - ok
02:49:36.0038 0988 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
02:49:36.0069 0988 amdagp - ok
02:49:36.0085 0988 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
02:49:36.0100 0988 amsint - ok
02:49:36.0147 0988 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:49:36.0178 0988 AppMgmt - ok
02:49:36.0194 0988 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
02:49:36.0210 0988 asc - ok
02:49:36.0225 0988 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
02:49:36.0241 0988 asc3350p - ok
02:49:36.0241 0988 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
02:49:36.0257 0988 asc3550 - ok
02:49:36.0382 0988 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:49:36.0413 0988 aspnet_state - ok
02:49:36.0444 0988 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:49:36.0475 0988 AsyncMac - ok
02:49:36.0491 0988 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:49:36.0507 0988 atapi - ok
02:49:36.0522 0988 Atdisk - ok
02:49:36.0538 0988 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:49:36.0616 0988 Atmarpc - ok
02:49:36.0632 0988 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:49:36.0647 0988 AudioSrv - ok
02:49:36.0678 0988 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:49:36.0694 0988 audstub - ok
02:49:36.0741 0988 [ 8C455A0B7BCD2BEC2919A4DA525D53BD ] BdFileSpy C:\WINDOWS\system32\drivers\BdFileSpy.sys
02:49:36.0757 0988 BdFileSpy - ok
02:49:36.0803 0988 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:49:36.0819 0988 Beep - ok
02:49:36.0882 0988 bfastfao - ok
02:49:36.0960 0988 [ 5E0D96F9C50060668DEF60CAC8FC327D ] BgLiveSvc C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
02:49:37.0069 0988 BgLiveSvc - ok
02:49:37.0116 0988 [ AC1E73A6F8ABAB6B4565BCADA72D9A04 ] BgMainSvc C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
02:49:37.0147 0988 BgMainSvc - ok
02:49:37.0194 0988 [ 71F6933BC95B5A154784D549EEB3A6DF ] BGRaSvc C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
02:49:37.0241 0988 BGRaSvc - ok
02:49:37.0272 0988 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
02:49:37.0335 0988 BITS - ok
02:49:37.0382 0988 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
02:49:37.0397 0988 Browser - ok
02:49:37.0444 0988 [ 35BBB876111B828D944C0A46C15B6B06 ] BsFileScan C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
02:49:37.0444 0988 BsFileScan - ok
02:49:37.0475 0988 [ 544AF6BE604B22C56E2090B418F63DF1 ] BsFire C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
02:49:37.0522 0988 BsFire - ok
02:49:37.0553 0988 [ A238D8C401B2125C0C834A667677E9BD ] BsMailProxy C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll
02:49:37.0585 0988 BsMailProxy - ok
02:49:37.0616 0988 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
02:49:37.0632 0988 BthEnum - ok
02:49:37.0647 0988 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
02:49:37.0694 0988 BTHMODEM - ok
02:49:37.0725 0988 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
02:49:37.0741 0988 BthPan - ok
02:49:37.0772 0988 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
02:49:37.0803 0988 BTHPORT - ok
02:49:37.0835 0988 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
02:49:37.0850 0988 BthServ - ok
02:49:37.0882 0988 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
02:49:37.0913 0988 BTHUSB - ok
02:49:37.0944 0988 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
02:49:37.0975 0988 cbidf - ok
02:49:38.0007 0988 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:49:38.0007 0988 cbidf2k - ok
02:49:38.0038 0988 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:49:38.0053 0988 CCDECODE - ok
02:49:38.0100 0988 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
02:49:38.0147 0988 cd20xrnt - ok
02:49:38.0163 0988 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:49:38.0178 0988 Cdaudio - ok
02:49:38.0194 0988 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:49:38.0225 0988 Cdfs - ok
02:49:38.0225 0988 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:49:38.0257 0988 Cdrom - ok
02:49:38.0257 0988 Changer - ok
02:49:38.0319 0988 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:49:38.0335 0988 CiSvc - ok
02:49:38.0397 0988 [ E706CC0E5E6D500223F0693A8D516AF6 ] CLCapSvc C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
02:49:38.0444 0988 CLCapSvc - ok
02:49:38.0475 0988 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:49:38.0507 0988 ClipSrv - ok
02:49:38.0538 0988 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:49:38.0585 0988 clr_optimization_v2.0.50727_32 - ok
02:49:38.0585 0988 [ B9B56CD51C2B857D76A663F6AE057D5B ] CLSched C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
02:49:38.0647 0988 CLSched - ok
02:49:38.0678 0988 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
02:49:38.0694 0988 CmdIde - ok
02:49:38.0694 0988 COMSysApp - ok
02:49:38.0710 0988 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
02:49:38.0725 0988 Cpqarray - ok
02:49:38.0741 0988 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:49:38.0757 0988 CryptSvc - ok
02:49:38.0819 0988 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
02:49:38.0850 0988 CTDevice_Srv - ok
02:49:38.0882 0988 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
02:49:38.0913 0988 CTUPnPSv - ok
02:49:38.0975 0988 [ 2BB11CD367D49098D57A8638ADB5BCF6 ] CyberLink Media Library Service C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
02:49:39.0007 0988 CyberLink Media Library Service - ok
02:49:39.0053 0988 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
02:49:39.0100 0988 dac2w2k - ok
02:49:39.0116 0988 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
02:49:39.0132 0988 dac960nt - ok
02:49:39.0163 0988 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:49:39.0178 0988 DcomLaunch - ok
02:49:39.0210 0988 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:49:39.0241 0988 Dhcp - ok
02:49:39.0241 0988 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:49:39.0257 0988 Disk - ok
02:49:39.0272 0988 dmadmin - ok
02:49:39.0303 0988 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:49:39.0350 0988 dmboot - ok
02:49:39.0366 0988 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:49:39.0382 0988 dmio - ok
02:49:39.0413 0988 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:49:39.0428 0988 dmload - ok
02:49:39.0460 0988 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:49:39.0475 0988 dmserver - ok
02:49:39.0491 0988 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:49:39.0507 0988 DMusic - ok
02:49:39.0538 0988 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:49:39.0553 0988 Dnscache - ok
02:49:39.0600 0988 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:49:39.0632 0988 Dot3svc - ok
02:49:39.0647 0988 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
02:49:39.0663 0988 dpti2o - ok
02:49:39.0694 0988 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:49:39.0694 0988 drmkaud - ok
02:49:39.0725 0988 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:49:39.0741 0988 EapHost - ok
02:49:39.0788 0988 [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
02:49:39.0819 0988 ehRecvr - ok
02:49:39.0850 0988 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
02:49:39.0882 0988 ehSched - ok
02:49:39.0913 0988 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:49:39.0928 0988 ERSvc - ok
02:49:39.0975 0988 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
02:49:40.0022 0988 Eventlog - ok
02:49:40.0053 0988 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
02:49:40.0116 0988 EventSystem - ok
02:49:40.0132 0988 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:49:40.0163 0988 Fastfat - ok
02:49:40.0194 0988 [ 3ACBC73531DEDD69837FE73B1623D49C ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
02:49:40.0225 0988 fasttx2k - ok
02:49:40.0272 0988 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:49:40.0288 0988 FastUserSwitchingCompatibility - ok
02:49:40.0397 0988 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
02:49:40.0460 0988 Fax - ok
02:49:40.0475 0988 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
02:49:40.0507 0988 Fdc - ok
02:49:40.0522 0988 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:49:40.0538 0988 Fips - ok
02:49:40.0553 0988 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:49:40.0569 0988 Flpydisk - ok
02:49:40.0585 0988 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:49:40.0600 0988 FltMgr - ok
02:49:40.0663 0988 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:49:40.0678 0988 FontCache3.0.0.0 - ok
02:49:40.0694 0988 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:49:40.0710 0988 Fs_Rec - ok
02:49:40.0741 0988 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:49:40.0772 0988 Ftdisk - ok
02:49:40.0803 0988 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:49:40.0819 0988 Gpc - ok
02:49:40.0866 0988 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:49:40.0882 0988 HDAudBus - ok
02:49:40.0960 0988 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:49:41.0022 0988 helpsvc - ok
02:49:41.0053 0988 [ 7BD2DE4C85EB4241EED57672B16A7D8D ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
02:49:41.0116 0988 HidBth - ok
02:49:41.0116 0988 HidServ - ok
02:49:41.0147 0988 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:49:41.0163 0988 HidUsb - ok
02:49:41.0194 0988 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:49:41.0210 0988 hkmsvc - ok
02:49:41.0241 0988 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
02:49:41.0272 0988 hpn - ok
02:49:41.0350 0988 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:49:41.0397 0988 HTTP - ok
02:49:41.0444 0988 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:49:41.0491 0988 HTTPFilter - ok
02:49:41.0491 0988 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
02:49:41.0522 0988 i2omgmt - ok
02:49:41.0553 0988 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
02:49:41.0585 0988 i2omp - ok
02:49:41.0600 0988 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:49:41.0632 0988 i8042prt - ok
02:49:41.0678 0988 [ 85D42B7F0DD406ADF5E3EC7659A279EC ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
02:49:41.0788 0988 ialm - ok
02:49:41.0835 0988 [ C9F030A5E43AEDFABE0A39DF0A0DCBEB ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
02:49:41.0866 0988 iaStor - ok
02:49:41.0944 0988 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:49:42.0007 0988 IDriverT - ok
02:49:42.0085 0988 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:49:42.0178 0988 idsvc - ok
02:49:42.0241 0988 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:49:42.0257 0988 IISADMIN - ok
02:49:42.0288 0988 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:49:42.0303 0988 Imapi - ok
02:49:42.0335 0988 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
02:49:42.0366 0988 ImapiService - ok
02:49:42.0397 0988 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
02:49:42.0413 0988 ini910u - ok
02:49:42.0538 0988 [ 60D7460B07012D364CED11DD9FD83E1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:49:42.0725 0988 IntcAzAudAddService - ok
02:49:42.0741 0988 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
02:49:42.0757 0988 IntelIde - ok
02:49:42.0788 0988 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:49:42.0819 0988 intelppm - ok
02:49:42.0835 0988 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:49:42.0866 0988 Ip6Fw - ok
02:49:42.0882 0988 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:49:42.0913 0988 IpFilterDriver - ok
02:49:42.0960 0988 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:49:43.0007 0988 IpInIp - ok
02:49:43.0038 0988 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:49:43.0053 0988 IpNat - ok
02:49:43.0100 0988 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:49:43.0147 0988 IPSec - ok
02:49:43.0163 0988 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:49:43.0178 0988 IRENUM - ok
02:49:43.0210 0988 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:49:43.0241 0988 isapnp - ok
02:49:43.0319 0988 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
02:49:43.0382 0988 JavaQuickStarterService - ok
02:49:43.0382 0988 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:49:43.0397 0988 Kbdclass - ok
02:49:43.0444 0988 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:49:43.0460 0988 kbdhid - ok
02:49:43.0491 0988 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:49:43.0507 0988 kmixer - ok
02:49:43.0538 0988 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:49:43.0553 0988 KSecDD - ok
02:49:43.0585 0988 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:49:43.0616 0988 lanmanserver - ok
02:49:43.0647 0988 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:49:43.0678 0988 lanmanworkstation - ok
02:49:43.0678 0988 Lbd - ok
02:49:43.0678 0988 lbrtfdc - ok
02:49:43.0710 0988 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:49:43.0725 0988 LmHosts - ok
02:49:43.0757 0988 [ FC969E4E53C602884958A5FDFFC53526 ] m5287 C:\WINDOWS\system32\DRIVERS\m5287.sys
02:49:43.0772 0988 m5287 - ok
02:49:43.0788 0988 [ 2424B13987360840B4BF4E5FB5A66D3F ] m5289 C:\WINDOWS\system32\DRIVERS\m5289.sys
02:49:43.0803 0988 m5289 - ok
02:49:43.0835 0988 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
02:49:43.0866 0988 McrdSvc - ok
02:49:43.0882 0988 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:49:43.0897 0988 Messenger - ok
02:49:43.0928 0988 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
02:49:43.0960 0988 MHN - ok
02:49:43.0991 0988 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
02:49:44.0007 0988 MHNDRV - ok
02:49:44.0038 0988 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:49:44.0053 0988 mnmdd - ok
02:49:44.0085 0988 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:49:44.0100 0988 mnmsrvc - ok
02:49:44.0132 0988 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:49:44.0163 0988 Modem - ok
02:49:44.0178 0988 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:49:44.0194 0988 Mouclass - ok
02:49:44.0241 0988 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:49:44.0272 0988 mouhid - ok
02:49:44.0288 0988 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:49:44.0319 0988 MountMgr - ok
02:49:44.0382 0988 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:49:44.0600 0988 MozillaMaintenance - ok
02:49:44.0647 0988 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
02:49:44.0663 0988 mraid35x - ok
02:49:44.0694 0988 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:49:44.0710 0988 MRxDAV - ok
02:49:44.0757 0988 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:49:44.0803 0988 MRxSmb - ok
02:49:44.0819 0988 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:49:44.0835 0988 MSDTC - ok
02:49:44.0835 0988 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:49:44.0850 0988 Msfs - ok
02:49:44.0866 0988 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:49:44.0866 0988 MSFtpsvc - ok
02:49:44.0882 0988 MSIServer - ok
02:49:44.0913 0988 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:49:44.0944 0988 MSKSSRV - ok
02:49:44.0960 0988 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:49:44.0991 0988 MSPCLOCK - ok
02:49:44.0991 0988 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:49:45.0022 0988 MSPQM - ok
02:49:45.0053 0988 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:49:45.0085 0988 mssmbios - ok
02:49:45.0116 0988 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:49:45.0132 0988 MSTEE - ok
02:49:45.0163 0988 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
02:49:45.0178 0988 MTsensor - ok
02:49:45.0210 0988 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:49:45.0225 0988 Mup - ok
02:49:45.0257 0988 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:49:45.0272 0988 NABTSFEC - ok
02:49:45.0335 0988 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:49:45.0350 0988 napagent - ok
02:49:45.0397 0988 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:49:45.0428 0988 NDIS - ok
02:49:45.0460 0988 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:49:45.0475 0988 NdisIP - ok
02:49:45.0491 0988 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:49:45.0507 0988 NdisTapi - ok
02:49:45.0507 0988 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:49:45.0538 0988 Ndisuio - ok
02:49:45.0538 0988 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:49:45.0569 0988 NdisWan - ok
02:49:45.0585 0988 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:49:45.0600 0988 NDProxy - ok
02:49:45.0632 0988 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:49:45.0647 0988 NetBIOS - ok
02:49:45.0663 0988 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:49:45.0694 0988 NetBT - ok
02:49:45.0725 0988 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
02:49:45.0757 0988 NetDDE - ok
02:49:45.0757 0988 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:49:45.0757 0988 NetDDEdsdm - ok
02:49:45.0788 0988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:49:45.0788 0988 Netlogon - ok
02:49:45.0819 0988 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
02:49:45.0835 0988 Netman - ok
02:49:45.0866 0988 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:49:45.0897 0988 NetTcpPortSharing - ok
02:49:45.0944 0988 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
02:49:45.0944 0988 Nla - ok
02:49:45.0991 0988 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:49:46.0022 0988 Npfs - ok
02:49:46.0038 0988 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:49:46.0132 0988 Ntfs - ok
02:49:46.0132 0988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:49:46.0132 0988 NtLmSsp - ok
02:49:46.0178 0988 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:49:46.0210 0988 NtmsSvc - ok
02:49:46.0257 0988 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:49:46.0257 0988 Null - ok
02:49:46.0335 0988 [ C407467C9C43B15E8725978E114C4D65 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:49:46.0366 0988 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: C407467C9C43B15E8725978E114C4D65, Fake md5: BF506D232C5E6F2DAE80F5C11B45C60E
02:49:46.0397 0988 nv ( ForgedFile.Multi.Generic ) - warning
02:49:46.0397 0988 nv - detected ForgedFile.Multi.Generic (1)
02:49:46.0413 0988 [ CE8CCE2B9F96ACA02E5DED4298A7796D ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
02:49:46.0444 0988 nvsvc - ok
02:49:46.0475 0988 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:49:46.0491 0988 NwlnkFlt - ok
02:49:46.0507 0988 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:49:46.0522 0988 NwlnkFwd - ok
02:49:46.0569 0988 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:49:46.0600 0988 ose - ok
02:49:46.0632 0988 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:49:46.0647 0988 Parport - ok
02:49:46.0663 0988 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:49:46.0678 0988 PartMgr - ok
02:49:46.0710 0988 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:49:46.0725 0988 ParVdm - ok
02:49:46.0725 0988 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:49:46.0757 0988 PCI - ok
02:49:46.0757 0988 PCIDump - ok
02:49:46.0772 0988 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:49:46.0803 0988 PCIIde - ok
02:49:46.0835 0988 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:49:46.0866 0988 Pcmcia - ok
02:49:46.0866 0988 PDCOMP - ok
02:49:46.0866 0988 PDFRAME - ok
02:49:46.0866 0988 PDRELI - ok
02:49:46.0882 0988 PDRFRAME - ok
02:49:46.0897 0988 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
02:49:46.0913 0988 perc2 - ok
02:49:46.0944 0988 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
02:49:46.0960 0988 perc2hib - ok
02:49:47.0007 0988 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
02:49:47.0007 0988 PlugPlay - ok
02:49:47.0022 0988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:49:47.0022 0988 PolicyAgent - ok
02:49:47.0069 0988 [ 411923A60E1FC2B136C77E6D50FC69BD ] ppa C:\WINDOWS\system32\DRIVERS\ppa.sys
02:49:47.0100 0988 ppa - ok
02:49:47.0132 0988 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:49:47.0147 0988 PptpMiniport - ok
02:49:47.0147 0988 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
02:49:47.0163 0988 Processor - ok
02:49:47.0210 0988 [ DE11F5C3E9BDA993B65E1518D46BC438 ] Profos C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys
02:49:47.0225 0988 Profos - ok
02:49:47.0241 0988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:49:47.0241 0988 ProtectedStorage - ok
02:49:47.0241 0988 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:49:47.0257 0988 PSched - ok
02:49:47.0288 0988 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:49:47.0288 0988 Ptilink - ok
02:49:47.0335 0988 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:49:47.0350 0988 PxHelp20 - ok
02:49:47.0366 0988 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
02:49:47.0382 0988 ql1080 - ok
02:49:47.0397 0988 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
02:49:47.0413 0988 Ql10wnt - ok
02:49:47.0444 0988 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
02:49:47.0460 0988 ql12160 - ok
02:49:47.0475 0988 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
02:49:47.0491 0988 ql1240 - ok
02:49:47.0507 0988 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
02:49:47.0522 0988 ql1280 - ok
02:49:47.0553 0988 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:49:47.0569 0988 RasAcd - ok
02:49:47.0600 0988 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:49:47.0632 0988 RasAuto - ok
02:49:47.0647 0988 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:49:47.0663 0988 Rasl2tp - ok
02:49:47.0694 0988 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:49:47.0725 0988 RasMan - ok
02:49:47.0725 0988 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:49:47.0741 0988 RasPppoe - ok
02:49:47.0757 0988 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:49:47.0772 0988 Raspti - ok
02:49:47.0803 0988 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:49:47.0835 0988 Rdbss - ok
02:49:47.0866 0988 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:49:47.0866 0988 RDPCDD - ok
02:49:47.0882 0988 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:49:47.0928 0988 rdpdr - ok
02:49:47.0991 0988 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:49:48.0007 0988 RDPWD - ok
02:49:48.0069 0988 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:49:48.0116 0988 RDSessMgr - ok
02:49:48.0132 0988 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:49:48.0147 0988 redbook - ok
02:49:48.0178 0988 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:49:48.0194 0988 RemoteAccess - ok
02:49:48.0225 0988 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:49:48.0241 0988 RemoteRegistry - ok
02:49:48.0272 0988 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
02:49:48.0288 0988 RFCOMM - ok
02:49:48.0319 0988 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:49:48.0335 0988 RpcLocator - ok
02:49:48.0366 0988 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
02:49:48.0366 0988 RpcSs - ok
02:49:48.0397 0988 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:49:48.0428 0988 RSVP - ok
02:49:48.0475 0988 [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
02:49:48.0491 0988 RTL8023xp - ok
02:49:48.0507 0988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
02:49:48.0507 0988 SamSs - ok
02:49:48.0538 0988 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:49:48.0553 0988 SCardSvr - ok
02:49:48.0600 0988 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:49:48.0616 0988 Schedule - ok
02:49:48.0663 0988 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:49:48.0678 0988 Secdrv - ok
02:49:48.0678 0988 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:49:48.0694 0988 seclogon - ok
02:49:48.0694 0988 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
02:49:48.0710 0988 SENS - ok
02:49:48.0741 0988 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:49:48.0757 0988 Serenum - ok
02:49:48.0772 0988 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:49:48.0788 0988 Serial - ok
02:49:48.0803 0988 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:49:48.0819 0988 Sfloppy - ok
02:49:48.0850 0988 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:49:48.0882 0988 SharedAccess - ok
02:49:48.0897 0988 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:49:48.0897 0988 ShellHWDetection - ok
02:49:48.0913 0988 Simbad - ok
02:49:48.0944 0988 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
02:49:48.0975 0988 sisagp - ok
02:49:49.0022 0988 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
02:49:49.0116 0988 SkypeUpdate - ok
02:49:49.0132 0988 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:49:49.0132 0988 SLIP - ok
02:49:49.0163 0988 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:49:49.0163 0988 SMTPSVC - ok
02:49:49.0194 0988 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
02:49:49.0210 0988 Sparrow - ok
02:49:49.0241 0988 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:49:49.0257 0988 splitter - ok
02:49:49.0288 0988 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:49:49.0303 0988 Spooler - ok
02:49:49.0350 0988 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:49:49.0366 0988 sr - ok
02:49:49.0413 0988 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
02:49:49.0444 0988 srservice - ok
02:49:49.0460 0988 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:49:49.0491 0988 Srv - ok
02:49:49.0507 0988 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:49:49.0522 0988 SSDPSRV - ok
02:49:49.0553 0988 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:49:49.0569 0988 stisvc - ok
02:49:49.0600 0988 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:49:49.0616 0988 streamip - ok
02:49:49.0632 0988 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:49:49.0647 0988 swenum - ok
02:49:49.0678 0988 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:49:49.0694 0988 swmidi - ok
02:49:49.0694 0988 SwPrv - ok
02:49:49.0725 0988 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
02:49:49.0741 0988 symc810 - ok
02:49:49.0757 0988 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
02:49:49.0788 0988 symc8xx - ok
02:49:49.0788 0988 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
02:49:49.0819 0988 sym_hi - ok
02:49:49.0835 0988 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
02:49:49.0850 0988 sym_u3 - ok
02:49:49.0882 0988 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:49:49.0897 0988 sysaudio - ok
02:49:49.0960 0988 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:49:50.0007 0988 SysmonLog - ok
02:49:50.0069 0988 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:49:50.0116 0988 TapiSrv - ok
02:49:50.0147 0988 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:49:50.0178 0988 Tcpip - ok
02:49:50.0210 0988 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:49:50.0225 0988 TDPIPE - ok
02:49:50.0241 0988 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:49:50.0257 0988 TDTCP - ok
02:49:50.0288 0988 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:49:50.0303 0988 TermDD - ok
02:49:50.0335 0988 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
02:49:50.0366 0988 TermService - ok
02:49:50.0382 0988 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
02:49:50.0382 0988 Themes - ok
02:49:50.0428 0988 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:49:50.0444 0988 TlntSvr - ok
02:49:50.0475 0988 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
02:49:50.0491 0988 TosIde - ok
02:49:50.0522 0988 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:49:50.0553 0988 TrkWks - ok
02:49:50.0585 0988 [ B16D66A71DE03285E14E9F165B59EDA4 ] Trufos C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys
02:49:50.0600 0988 Trufos - ok
02:49:50.0632 0988 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:49:50.0647 0988 Udfs - ok
02:49:50.0678 0988 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
02:49:50.0694 0988 ultra - ok
02:49:50.0741 0988 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:49:50.0772 0988 Update - ok
02:49:50.0803 0988 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:49:50.0835 0988 upnphost - ok
02:49:50.0850 0988 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
02:49:50.0866 0988 UPS - ok
02:49:50.0897 0988 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
02:49:50.0928 0988 usbaudio - ok
02:49:50.0944 0988 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:49:50.0960 0988 usbccgp - ok
02:49:50.0975 0988 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:49:50.0991 0988 usbehci - ok
02:49:51.0022 0988 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:49:51.0038 0988 usbhub - ok
02:49:51.0069 0988 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:49:51.0100 0988 usbprint - ok
02:49:51.0132 0988 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:49:51.0147 0988 usbscan - ok
02:49:51.0194 0988 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:49:51.0194 0988 USBSTOR - ok
02:49:51.0210 0988 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:49:51.0225 0988 usbuhci - ok
02:49:51.0241 0988 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
02:49:51.0257 0988 usbvideo - ok
02:49:51.0257 0988 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:49:51.0288 0988 VgaSave - ok
02:49:51.0319 0988 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
02:49:51.0335 0988 viaagp - ok
02:49:51.0382 0988 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
02:49:51.0382 0988 ViaIde - ok
02:49:51.0397 0988 [ 65864ABA65EEE06EA586009301834E43 ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys
02:49:51.0428 0988 viamraid - ok
02:49:51.0444 0988 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:49:51.0475 0988 VolSnap - ok
02:49:51.0507 0988 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
02:49:51.0538 0988 VSS - ok
02:49:51.0569 0988 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
02:49:51.0585 0988 W32Time - ok
02:49:51.0600 0988 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
02:49:51.0600 0988 W3SVC - ok
02:49:51.0616 0988 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:49:51.0632 0988 Wanarp - ok
02:49:51.0647 0988 WDICA - ok
02:49:51.0647 0988 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:49:51.0678 0988 wdmaud - ok
02:49:51.0694 0988 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:49:51.0710 0988 WebClient - ok
02:49:51.0772 0988 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:49:51.0788 0988 winmgmt - ok
02:49:51.0850 0988 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
02:49:51.0975 0988 WMConnectCDS - ok
02:49:52.0007 0988 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:49:52.0053 0988 WmdmPmSN - ok
02:49:52.0116 0988 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:49:52.0132 0988 Wmi - ok
02:49:52.0178 0988 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:49:52.0210 0988 WmiApSrv - ok
02:49:52.0225 0988 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
02:49:52.0241 0988 WpdUsb - ok
02:49:52.0272 0988 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:49:52.0288 0988 WS2IFSL - ok
02:49:52.0335 0988 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:49:52.0350 0988 wscsvc - ok
02:49:52.0397 0988 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:49:52.0413 0988 WSTCODEC - ok
02:49:52.0428 0988 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:49:52.0444 0988 wuauserv - ok
02:49:52.0475 0988 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:49:52.0491 0988 WudfPf - ok
02:49:52.0507 0988 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:49:52.0538 0988 WudfRd - ok
02:49:52.0569 0988 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:49:52.0585 0988 WudfSvc - ok
02:49:52.0632 0988 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:49:52.0678 0988 WZCSVC - ok
02:49:52.0694 0988 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:49:52.0725 0988 xmlprov - ok
02:49:52.0725 0988 ================ Scan global ===============================
02:49:52.0757 0988 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:49:52.0788 0988 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:49:52.0819 0988 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:49:52.0835 0988 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:49:52.0835 0988 [Global] - ok
02:49:52.0835 0988 ================ Scan MBR ==================================
02:49:52.0850 0988 [ 564FD35314278444C09289C7D23E0635 ] \Device\Harddisk0\DR0
02:49:53.0428 0988 \Device\Harddisk0\DR0 - ok
02:49:53.0428 0988 ================ Scan VBR ==================================
02:49:53.0444 0988 [ 97484E0FF60B719E0777120DBE9CC6B6 ] \Device\Harddisk0\DR0\Partition1
02:49:53.0444 0988 \Device\Harddisk0\DR0\Partition1 - ok
02:49:53.0444 0988 ============================================================
02:49:53.0444 0988 Scan finished
02:49:53.0444 0988 ============================================================
02:49:53.0460 2464 Detected object count: 1
02:49:53.0460 2464 Actual detected object count: 1
02:51:44.0585 2464 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - copied to quarantine
02:51:45.0553 2464 nv ( ForgedFile.Multi.Generic ) - User select action: Quarantine

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:05 AM

Posted 17 November 2012 - 10:08 PM

Have you run Hitman pro as these may be its drivers and can be ignored or deleted


Have you run Hitman pro as these may be its drivers and can be ignored or deleted


if not then we should restore that file from quarantine ..
right-click the file in Quarantine and select Restore

Edited by boopme, 17 November 2012 - 10:11 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 John Knee

John Knee
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 17 November 2012 - 10:13 PM

Don't have Hitman Pro...

aswMBR is currenly running... I started running it on the default set up and just hit "Scan".... Looks as if it takes a while.

#13 John Knee

John Knee
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 17 November 2012 - 10:26 PM

Don't have Hitman Pro...

aswMBR is currenly running... I started running it on the default set up and just hit "Scan".... Looks as if it takes a while.

Edit:

Oh s***

Just re-run TDSS and got 284 "hits":

Edited by John Knee, 17 November 2012 - 10:29 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:05 AM

Posted 17 November 2012 - 10:30 PM

Post it
at least the botom section

Edited by boopme, 17 November 2012 - 10:31 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 John Knee

John Knee
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 17 November 2012 - 10:56 PM

I'm on a different PC.... My infected PC has gone a bit s***ed...

I've lost the internet on it and Firefox won't open...

The 284 hits all cited the ForgedFile.Multi.Generic as to what the issue was...

Things have really slowed up on the PC and is taking ages... I am praying that upon putting the file into quarantine that a payload hasn't triggered.

Edited by John Knee, 17 November 2012 - 10:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users