Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cant quarantine or delete on restart - trojan(s)


  • This topic is locked This topic is locked
23 replies to this topic

#1 surf

surf

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 AM

Posted 19 November 2012 - 12:24 AM

Computer was acting funny. netflix stalling. I have run malware bytes 3 times. 1st time lots of adware came up. most removed. quarantined some. then on reboot it says restart computer to quarantine trojans. Everytime on start up now it gives option to quarantine.I select that. no change. my husband ran rkill. no change. I am at a complete loss.
here is dds
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by CLIENT at 23:10:47 on 2012-11-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1919.771 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\CLIENT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CLIENT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CLIENT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CLIENT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CLIENT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CLIENT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CLIENT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CLIENT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Google Update] "C:\Users\CLIENT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: academybankmw.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} - hxxp://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3282F547-4335-425A-BD2E-E3CAFF2B2EF2} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [MRT] "C:\Windows\System32\MRT.exe" /R
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-22 55856]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-10 399432]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-10 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-4-3 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-8 239616]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2012-11-19 00:45:33 20480 ----a-w- C:\Windows\svchost.exe
2012-11-18 22:35:05 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6ACC9D3-3CFE-4E78-AE5B-002523986F15}\mpengine.dll
2012-11-18 02:26:00 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-18 02:25:59 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-18 02:25:59 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-18 02:25:59 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-18 02:18:34 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-18 02:18:34 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-18 02:18:34 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-18 02:18:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-18 02:18:33 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-18 02:18:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-18 02:18:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-17 19:20:38 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-10 10:34:05 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-11-09 20:39:15 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-09 20:38:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-22 02:33:52 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0143635-D836-4ED6-BB95-60885DEA8F44}\gapaengine.dll
2012-10-22 02:29:02 58704 ----a-r- C:\Users\CLIENT\AppData\Roaming\Microsoft\Installer\{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}\ARPPRODUCTICON.exe
.
==================== Find3M ====================
.
2012-11-09 20:37:59 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-09 10:44:19 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 10:44:19 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2011-03-14 18:51:47 6277496 ----a-w- C:\Program Files\Silverlight.exe
.
============= FINISH: 23:12:28.90 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 AM

Posted 19 November 2012 - 03:15 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,051 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:28 AM

Posted 20 November 2012 - 01:30 AM

Hello surf,

When responding to a topic, you need to use the Add Reply button:

Posted Image

not the report button. I have pasted below the content of your report which was intended as your reply.

Orange Blossom :cherry:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

# AdwCleaner v2.008 - Logfile created 11/19/2012 at 22:40:13
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : CLIENT - CLIENT-PC
# Boot Mode : Normal
# Running from : C:\Users\CLIENT\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\RewardsArcade
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\CLIENT\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4557 octets] - [19/11/2012 22:40:13]

########## EOF - C:\AdwCleaner[S1].txt - [4617 octets] ##########

RogueKiller V8.3.0 [Nov 19 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : CLIENT [Admin rights]
Mode : Scan -- Date : 11/19/2012 22:59:34

Bad processes : 0

Registry Entries : 2
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] 0c9da5ff8f6c4c9eb2f77fa8081db558
[BSP] 990def249e402397a2743fb715cece08 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11192012_02d2259.txt >>
RKreport[1]_S_11192012_02d2259.txt

Computer stalled when trying to open microsoft office starter when I was copying instructions from you to print. Also on restart the computer asked about quaranteening again i said yes to that. and a "fake" microsoft security warning came up I said no to that. otherwise the computer downloaded fine and ran the scans fine.


back to you Gringo,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 AM

Posted 20 November 2012 - 01:47 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 AM

Posted 25 November 2012 - 07:59 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 surf

surf
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 AM

Posted 27 November 2012 - 07:16 AM

Hi Gringo, I missed your reply from two days ago. And I just remembered that I needed to sign in to have the ADD REPLY button pop up. so, back on track. However, The computer will not start up. It goes into Windows Recovery and does not boot up.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 AM

Posted 27 November 2012 - 07:42 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 surf

surf
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 AM

Posted 27 November 2012 - 10:19 PM

When I turned on the computer to start the recovery. it loaded. Should I go back to the previous post and run combofix?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 AM

Posted 28 November 2012 - 07:27 AM

If the computer is running then yes go ahead and run combofix for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 surf

surf
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 AM

Posted 28 November 2012 - 01:12 PM

ComboFix 12-11-28.02 - CLIENT 11/28/2012 11:50:06.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1919.1222 [GMT -6:00]
Running from: c:\users\CLIENT\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 17:55 . 2012-11-28 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 01:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4EF9F087-3895-4812-BE70-E891EEDBE2DB}\mpengine.dll
2012-11-22 18:04 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-18 02:26 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-18 02:25 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-18 02:25 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-18 02:25 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-18 02:18 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-18 02:18 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-18 02:18 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-18 02:18 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-18 02:18 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 02:18 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-18 02:18 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-10 10:34 . 2012-11-12 21:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-09 20:39 . 2012-11-09 20:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-09 20:39 . 2012-11-09 20:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-09 20:38 . 2012-11-09 20:38 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-09 20:35 . 2012-11-09 20:35 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 02:19 . 2011-02-08 20:32 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-09 20:37 . 2011-03-08 21:22 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-22 02:29 . 2012-10-22 02:29 58704 ----a-r- c:\users\CLIENT\AppData\Roaming\Microsoft\Installer\{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}\ARPPRODUCTICON.exe
2012-10-16 08:38 . 2012-11-28 00:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 00:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 00:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 10:44 . 2012-06-04 13:03 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 10:44 . 2011-07-07 02:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 13:33 . 2012-10-22 02:33 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0143635-D836-4ED6-BB95-60885DEA8F44}\gapaengine.dll
2012-10-03 13:33 . 2011-03-26 10:44 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 01:54 . 2011-04-03 19:07 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 12:46 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 12:47 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2010-10-25 03:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:03 . 2012-10-10 12:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-14 18:51 . 2011-03-14 18:49 6277496 ----a-w- c:\program files\Silverlight.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FXDrv32;FXDrv32;D:\FXDrv64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:44]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 02:04]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 02:04]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266725863-3690335571-4066993543-1001Core.job
- c:\users\CLIENT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 17:54]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266725863-3690335571-4066993543-1001UA.job
- c:\users\CLIENT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 17:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-11 8114720]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MRT"="c:\windows\system32\MRT.exe" [2012-11-18 66395536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: academybankmw.com
Trusted Zone: scat.suz.com\Cww
Trusted Zone: scat.suz.com\www
Trusted Zone: suz.com\Cww.scat
Trusted Zone: suz.com\www.scat
Trusted Zone: suzuki.com\www.dealer
Trusted Zone: suzukiconnect.com\www
Trusted Zone: suzukidcs.com\www
Trusted Zone: scat.suz.com\cww
Trusted Zone: scat.suz.com\www
Trusted Zone: suz.com\Cww.scat
Trusted Zone: suz.com\www.scat
Trusted Zone: suzuki.com\www.dealer
Trusted Zone: suzukiconnect.com\www
Trusted Zone: suzukidcs.com\www
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-28 11:57:25
ComboFix-quarantined-files.txt 2012-11-28 17:57
ComboFix2.txt 2012-11-28 17:26
.
Pre-Run: 443,786,534,912 bytes free
Post-Run: 443,734,331,392 bytes free
.
- - End Of File - - 423A9674D862AE61C5E1C639FE536504

There were no problems running combofix.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 AM

Posted 28 November 2012 - 09:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 surf

surf
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 AM

Posted 28 November 2012 - 10:06 PM

20:49:14.0597 0884 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:49:15.0158 0884 ============================================================
20:49:15.0158 0884 Current date / time: 2012/11/28 20:49:15.0158
20:49:15.0158 0884 SystemInfo:
20:49:15.0158 0884
20:49:15.0158 0884 OS Version: 6.1.7601 ServicePack: 1.0
20:49:15.0158 0884 Product type: Workstation
20:49:15.0158 0884 ComputerName: CLIENT-PC
20:49:15.0158 0884 UserName: CLIENT
20:49:15.0158 0884 Windows directory: C:\Windows
20:49:15.0158 0884 System windows directory: C:\Windows
20:49:15.0158 0884 Running under WOW64
20:49:15.0158 0884 Processor architecture: Intel x64
20:49:15.0158 0884 Number of processors: 2
20:49:15.0158 0884 Page size: 0x1000
20:49:15.0158 0884 Boot type: Normal boot
20:49:15.0158 0884 ============================================================
20:49:17.0935 0884 BG loaded
20:49:18.0403 0884 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:49:18.0419 0884 ============================================================
20:49:18.0419 0884 \Device\Harddisk0\DR0:
20:49:18.0419 0884 MBR partitions:
20:49:18.0419 0884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:49:18.0419 0884 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030
20:49:18.0419 0884 ============================================================
20:49:18.0481 0884 C: <-> \Device\Harddisk0\DR0\Partition2
20:49:18.0481 0884 ============================================================
20:49:18.0481 0884 Initialize success
20:49:18.0481 0884 ============================================================
20:49:29.0200 3144 ============================================================
20:49:29.0200 3144 Scan started
20:49:29.0200 3144 Mode: Manual;
20:49:29.0200 3144 ============================================================
20:49:32.0188 3144 ================ Scan system memory ========================
20:49:32.0188 3144 System memory - ok
20:49:32.0188 3144 ================ Scan services =============================
20:49:32.0422 3144 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:49:32.0438 3144 1394ohci - ok
20:49:32.0469 3144 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:49:32.0484 3144 ACPI - ok
20:49:32.0531 3144 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:49:32.0531 3144 AcpiPmi - ok
20:49:32.0656 3144 [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
20:49:32.0656 3144 AdobeActiveFileMonitor10.0 - ok
20:49:32.0703 3144 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:49:32.0703 3144 AdobeARMservice - ok
20:49:32.0828 3144 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:49:32.0828 3144 AdobeFlashPlayerUpdateSvc - ok
20:49:32.0859 3144 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:49:32.0874 3144 adp94xx - ok
20:49:32.0890 3144 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:49:32.0890 3144 adpahci - ok
20:49:32.0906 3144 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:49:32.0906 3144 adpu320 - ok
20:49:32.0937 3144 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:49:32.0937 3144 AeLookupSvc - ok
20:49:33.0006 3144 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:49:33.0014 3144 AFD - ok
20:49:33.0050 3144 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:49:33.0052 3144 agp440 - ok
20:49:33.0067 3144 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:49:33.0069 3144 ALG - ok
20:49:33.0098 3144 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:49:33.0117 3144 aliide - ok
20:49:33.0128 3144 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:49:33.0129 3144 amdide - ok
20:49:33.0155 3144 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:49:33.0162 3144 AmdK8 - ok
20:49:33.0182 3144 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:49:33.0182 3144 AmdPPM - ok
20:49:33.0202 3144 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:49:33.0204 3144 amdsata - ok
20:49:33.0216 3144 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:49:33.0219 3144 amdsbs - ok
20:49:33.0246 3144 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:49:33.0269 3144 amdxata - ok
20:49:33.0306 3144 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:49:33.0309 3144 AppID - ok
20:49:33.0342 3144 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:49:33.0345 3144 AppIDSvc - ok
20:49:33.0414 3144 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:49:33.0416 3144 Appinfo - ok
20:49:33.0488 3144 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:49:33.0561 3144 arc - ok
20:49:33.0579 3144 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:49:33.0583 3144 arcsas - ok
20:49:33.0605 3144 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:49:33.0605 3144 AsyncMac - ok
20:49:33.0630 3144 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:49:33.0636 3144 atapi - ok
20:49:33.0667 3144 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:49:33.0671 3144 AudioEndpointBuilder - ok
20:49:33.0684 3144 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:49:33.0687 3144 AudioSrv - ok
20:49:33.0718 3144 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:49:33.0720 3144 AxInstSV - ok
20:49:33.0756 3144 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:49:33.0766 3144 b06bdrv - ok
20:49:33.0792 3144 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:49:33.0797 3144 b57nd60a - ok
20:49:33.0819 3144 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:49:33.0821 3144 BDESVC - ok
20:49:33.0835 3144 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:49:33.0835 3144 Beep - ok
20:49:33.0882 3144 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:49:33.0893 3144 BFE - ok
20:49:33.0940 3144 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:49:33.0955 3144 BITS - ok
20:49:33.0976 3144 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:49:33.0977 3144 blbdrive - ok
20:49:34.0001 3144 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:49:34.0002 3144 bowser - ok
20:49:34.0030 3144 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:49:34.0031 3144 BrFiltLo - ok
20:49:34.0045 3144 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:49:34.0046 3144 BrFiltUp - ok
20:49:34.0087 3144 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:49:34.0091 3144 BridgeMP - ok
20:49:34.0123 3144 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:49:34.0125 3144 Browser - ok
20:49:34.0152 3144 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:49:34.0159 3144 Brserid - ok
20:49:34.0172 3144 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:49:34.0175 3144 BrSerWdm - ok
20:49:34.0195 3144 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:49:34.0197 3144 BrUsbMdm - ok
20:49:34.0215 3144 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:49:34.0217 3144 BrUsbSer - ok
20:49:34.0238 3144 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:49:34.0239 3144 BTHMODEM - ok
20:49:34.0269 3144 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:49:34.0271 3144 bthserv - ok
20:49:34.0324 3144 catchme - ok
20:49:34.0341 3144 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:49:34.0343 3144 cdfs - ok
20:49:34.0376 3144 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:49:34.0379 3144 cdrom - ok
20:49:34.0410 3144 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:49:34.0413 3144 CertPropSvc - ok
20:49:34.0443 3144 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:49:34.0445 3144 circlass - ok
20:49:34.0481 3144 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:49:34.0489 3144 CLFS - ok
20:49:34.0548 3144 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:49:34.0571 3144 clr_optimization_v2.0.50727_32 - ok
20:49:34.0599 3144 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:49:34.0606 3144 clr_optimization_v2.0.50727_64 - ok
20:49:34.0681 3144 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:49:34.0710 3144 clr_optimization_v4.0.30319_32 - ok
20:49:34.0744 3144 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:49:34.0747 3144 clr_optimization_v4.0.30319_64 - ok
20:49:34.0782 3144 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:49:34.0784 3144 CmBatt - ok
20:49:34.0801 3144 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:49:34.0803 3144 cmdide - ok
20:49:34.0841 3144 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:49:34.0850 3144 CNG - ok
20:49:34.0874 3144 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:49:34.0876 3144 Compbatt - ok
20:49:34.0893 3144 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:49:34.0895 3144 CompositeBus - ok
20:49:34.0905 3144 COMSysApp - ok
20:49:34.0922 3144 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:49:34.0924 3144 crcdisk - ok
20:49:34.0971 3144 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:49:34.0973 3144 CryptSvc - ok
20:49:35.0039 3144 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:49:35.0052 3144 cvhsvc - ok
20:49:35.0088 3144 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:49:35.0092 3144 DcomLaunch - ok
20:49:35.0113 3144 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:49:35.0116 3144 defragsvc - ok
20:49:35.0132 3144 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:49:35.0133 3144 DfsC - ok
20:49:35.0158 3144 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:49:35.0160 3144 Dhcp - ok
20:49:35.0180 3144 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:49:35.0181 3144 discache - ok
20:49:35.0201 3144 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:49:35.0202 3144 Disk - ok
20:49:35.0230 3144 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:49:35.0232 3144 Dnscache - ok
20:49:35.0258 3144 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:49:35.0262 3144 dot3svc - ok
20:49:35.0283 3144 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:49:35.0285 3144 Dot4 - ok
20:49:35.0306 3144 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:49:35.0307 3144 Dot4Print - ok
20:49:35.0326 3144 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:49:35.0328 3144 dot4usb - ok
20:49:35.0345 3144 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:49:35.0347 3144 DPS - ok
20:49:35.0362 3144 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:49:35.0363 3144 drmkaud - ok
20:49:35.0396 3144 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:49:35.0402 3144 DXGKrnl - ok
20:49:35.0424 3144 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:49:35.0426 3144 EapHost - ok
20:49:35.0521 3144 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:49:35.0612 3144 ebdrv - ok
20:49:35.0637 3144 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:49:35.0639 3144 EFS - ok
20:49:35.0691 3144 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:49:35.0706 3144 ehRecvr - ok
20:49:35.0734 3144 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:49:35.0737 3144 ehSched - ok
20:49:35.0789 3144 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:49:35.0801 3144 elxstor - ok
20:49:35.0822 3144 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:49:35.0824 3144 ErrDev - ok
20:49:35.0871 3144 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:49:35.0875 3144 EventSystem - ok
20:49:35.0895 3144 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:49:35.0898 3144 exfat - ok
20:49:35.0917 3144 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:49:35.0919 3144 fastfat - ok
20:49:35.0956 3144 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:49:35.0962 3144 Fax - ok
20:49:35.0985 3144 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:49:35.0985 3144 fdc - ok
20:49:36.0003 3144 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:49:36.0003 3144 fdPHost - ok
20:49:36.0015 3144 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:49:36.0016 3144 FDResPub - ok
20:49:36.0031 3144 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:49:36.0033 3144 FileInfo - ok
20:49:36.0042 3144 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:49:36.0044 3144 Filetrace - ok
20:49:36.0058 3144 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:49:36.0059 3144 flpydisk - ok
20:49:36.0086 3144 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:49:36.0089 3144 FltMgr - ok
20:49:36.0126 3144 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:49:36.0135 3144 FontCache - ok
20:49:36.0178 3144 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:49:36.0181 3144 FontCache3.0.0.0 - ok
20:49:36.0205 3144 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:49:36.0208 3144 FsDepends - ok
20:49:36.0242 3144 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:49:36.0244 3144 Fs_Rec - ok
20:49:36.0276 3144 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:49:36.0281 3144 fvevol - ok
20:49:36.0287 3144 FXDrv32 - ok
20:49:36.0308 3144 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:49:36.0311 3144 gagp30kx - ok
20:49:36.0348 3144 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:49:36.0361 3144 gpsvc - ok
20:49:36.0413 3144 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:36.0415 3144 gupdate - ok
20:49:36.0420 3144 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:36.0423 3144 gupdatem - ok
20:49:36.0459 3144 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:49:36.0464 3144 gusvc - ok
20:49:36.0494 3144 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:49:36.0497 3144 hcw85cir - ok
20:49:36.0543 3144 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:49:36.0552 3144 HdAudAddService - ok
20:49:36.0580 3144 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:49:36.0582 3144 HDAudBus - ok
20:49:36.0608 3144 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:49:36.0611 3144 HidBatt - ok
20:49:36.0630 3144 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:49:36.0634 3144 HidBth - ok
20:49:36.0649 3144 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:49:36.0653 3144 HidIr - ok
20:49:36.0673 3144 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:49:36.0675 3144 hidserv - ok
20:49:36.0711 3144 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:49:36.0711 3144 HidUsb - ok
20:49:36.0732 3144 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:49:36.0734 3144 hkmsvc - ok
20:49:36.0761 3144 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:49:36.0763 3144 HomeGroupListener - ok
20:49:36.0786 3144 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:49:36.0789 3144 HomeGroupProvider - ok
20:49:36.0826 3144 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:49:36.0828 3144 HpSAMD - ok
20:49:36.0864 3144 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:49:36.0870 3144 HTTP - ok
20:49:36.0894 3144 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:49:36.0896 3144 hwpolicy - ok
20:49:36.0931 3144 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:49:36.0935 3144 i8042prt - ok
20:49:36.0973 3144 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:49:36.0983 3144 iaStorV - ok
20:49:37.0041 3144 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:49:37.0046 3144 IDriverT - ok
20:49:37.0098 3144 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:49:37.0117 3144 idsvc - ok
20:49:37.0154 3144 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:49:37.0157 3144 iirsp - ok
20:49:37.0222 3144 [ F82BC30BB2B608AF8B5540CDBAEA93A6 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
20:49:37.0225 3144 IJPLMSVC - ok
20:49:37.0271 3144 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:49:37.0290 3144 IKEEXT - ok
20:49:37.0374 3144 [ 5BA1779E2C84FDE2A5E201FFF9C42C9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:49:37.0393 3144 IntcAzAudAddService - ok
20:49:37.0416 3144 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:49:37.0417 3144 intelide - ok
20:49:37.0445 3144 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:49:37.0448 3144 intelppm - ok
20:49:37.0480 3144 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:49:37.0485 3144 IPBusEnum - ok
20:49:37.0508 3144 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:49:37.0512 3144 IpFilterDriver - ok
20:49:37.0559 3144 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:49:37.0569 3144 iphlpsvc - ok
20:49:37.0589 3144 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:49:37.0593 3144 IPMIDRV - ok
20:49:37.0620 3144 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:49:37.0624 3144 IPNAT - ok
20:49:37.0646 3144 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:49:37.0649 3144 IRENUM - ok
20:49:37.0665 3144 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:49:37.0668 3144 isapnp - ok
20:49:37.0697 3144 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:49:37.0702 3144 iScsiPrt - ok
20:49:37.0723 3144 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:49:37.0724 3144 kbdclass - ok
20:49:37.0739 3144 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:49:37.0739 3144 kbdhid - ok
20:49:37.0752 3144 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:49:37.0753 3144 KeyIso - ok
20:49:37.0785 3144 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:49:37.0788 3144 KSecDD - ok
20:49:37.0843 3144 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:49:37.0845 3144 KSecPkg - ok
20:49:37.0876 3144 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:49:37.0876 3144 ksthunk - ok
20:49:37.0895 3144 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:49:37.0900 3144 KtmRm - ok
20:49:37.0925 3144 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:49:37.0928 3144 LanmanServer - ok
20:49:37.0945 3144 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:49:37.0947 3144 LanmanWorkstation - ok
20:49:37.0977 3144 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:49:37.0978 3144 lltdio - ok
20:49:38.0006 3144 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:49:38.0010 3144 lltdsvc - ok
20:49:38.0023 3144 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:49:38.0024 3144 lmhosts - ok
20:49:38.0044 3144 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:49:38.0045 3144 LSI_FC - ok
20:49:38.0066 3144 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:49:38.0067 3144 LSI_SAS - ok
20:49:38.0076 3144 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:49:38.0077 3144 LSI_SAS2 - ok
20:49:38.0089 3144 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:49:38.0091 3144 LSI_SCSI - ok
20:49:38.0107 3144 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:49:38.0108 3144 luafv - ok
20:49:38.0150 3144 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:49:38.0150 3144 MBAMProtector - ok
20:49:38.0219 3144 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:49:38.0226 3144 MBAMScheduler - ok
20:49:38.0285 3144 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:49:38.0297 3144 MBAMService - ok
20:49:38.0330 3144 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:49:38.0333 3144 Mcx2Svc - ok
20:49:38.0359 3144 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:49:38.0361 3144 megasas - ok
20:49:38.0373 3144 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:49:38.0377 3144 MegaSR - ok
20:49:38.0403 3144 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:49:38.0404 3144 MMCSS - ok
20:49:38.0421 3144 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:49:38.0422 3144 Modem - ok
20:49:38.0444 3144 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:49:38.0445 3144 monitor - ok
20:49:38.0458 3144 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:49:38.0459 3144 mouclass - ok
20:49:38.0495 3144 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:49:38.0495 3144 mouhid - ok
20:49:38.0519 3144 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:49:38.0522 3144 mountmgr - ok
20:49:38.0566 3144 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:49:38.0568 3144 MpFilter - ok
20:49:38.0591 3144 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:49:38.0594 3144 mpio - ok
20:49:38.0613 3144 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:49:38.0614 3144 mpsdrv - ok
20:49:38.0647 3144 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:49:38.0655 3144 MpsSvc - ok
20:49:38.0683 3144 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:49:38.0685 3144 MRxDAV - ok
20:49:38.0719 3144 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:49:38.0720 3144 mrxsmb - ok
20:49:38.0739 3144 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:49:38.0741 3144 mrxsmb10 - ok
20:49:38.0760 3144 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:49:38.0761 3144 mrxsmb20 - ok
20:49:38.0829 3144 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:49:38.0831 3144 msahci - ok
20:49:38.0854 3144 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:49:38.0858 3144 msdsm - ok
20:49:38.0875 3144 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:49:38.0880 3144 MSDTC - ok
20:49:38.0925 3144 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:49:38.0926 3144 Msfs - ok
20:49:38.0947 3144 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:49:38.0949 3144 mshidkmdf - ok
20:49:38.0969 3144 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:49:38.0970 3144 msisadrv - ok
20:49:39.0001 3144 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:49:39.0005 3144 MSiSCSI - ok
20:49:39.0011 3144 msiserver - ok
20:49:39.0034 3144 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:49:39.0035 3144 MSKSSRV - ok
20:49:39.0094 3144 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:49:39.0095 3144 MsMpSvc - ok
20:49:39.0111 3144 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:49:39.0113 3144 MSPCLOCK - ok
20:49:39.0134 3144 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:49:39.0135 3144 MSPQM - ok
20:49:39.0156 3144 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:49:39.0160 3144 MsRPC - ok
20:49:39.0189 3144 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:49:39.0190 3144 mssmbios - ok
20:49:39.0204 3144 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:49:39.0206 3144 MSTEE - ok
20:49:39.0214 3144 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:49:39.0216 3144 MTConfig - ok
20:49:39.0231 3144 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:49:39.0233 3144 Mup - ok
20:49:39.0264 3144 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:49:39.0267 3144 napagent - ok
20:49:39.0287 3144 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:49:39.0291 3144 NativeWifiP - ok
20:49:39.0323 3144 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:49:39.0328 3144 NDIS - ok
20:49:39.0339 3144 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:49:39.0341 3144 NdisCap - ok
20:49:39.0365 3144 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:49:39.0365 3144 NdisTapi - ok
20:49:39.0393 3144 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:49:39.0395 3144 Ndisuio - ok
20:49:39.0409 3144 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:49:39.0410 3144 NdisWan - ok
20:49:39.0427 3144 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:49:39.0428 3144 NDProxy - ok
20:49:39.0454 3144 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:49:39.0455 3144 Net Driver HPZ12 - ok
20:49:39.0467 3144 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:49:39.0467 3144 NetBIOS - ok
20:49:39.0493 3144 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:49:39.0494 3144 NetBT - ok
20:49:39.0508 3144 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:49:39.0510 3144 Netlogon - ok
20:49:39.0541 3144 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:49:39.0544 3144 Netman - ok
20:49:39.0554 3144 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:49:39.0557 3144 netprofm - ok
20:49:39.0578 3144 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:39.0581 3144 NetTcpPortSharing - ok
20:49:39.0610 3144 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:49:39.0611 3144 nfrd960 - ok
20:49:39.0644 3144 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:49:39.0646 3144 NisDrv - ok
20:49:39.0689 3144 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:49:39.0693 3144 NisSrv - ok
20:49:39.0744 3144 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:49:39.0747 3144 NlaSvc - ok
20:49:39.0841 3144 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
20:49:39.0850 3144 NMIndexingService - ok
20:49:39.0875 3144 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:49:39.0876 3144 Npfs - ok
20:49:39.0907 3144 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:49:39.0908 3144 nsi - ok
20:49:39.0935 3144 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:49:39.0936 3144 nsiproxy - ok
20:49:39.0987 3144 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:49:40.0013 3144 Ntfs - ok
20:49:40.0037 3144 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:49:40.0038 3144 Null - ok
20:49:40.0249 3144 [ AA0828F3223E1A2952F80A8D2047DD40 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:49:40.0309 3144 nvlddmkm - ok
20:49:40.0374 3144 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:49:40.0385 3144 nvraid - ok
20:49:40.0418 3144 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
20:49:40.0419 3144 nvsmu - ok
20:49:40.0437 3144 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:49:40.0441 3144 nvstor - ok
20:49:40.0479 3144 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
20:49:40.0480 3144 nvstor64 - ok
20:49:40.0520 3144 [ 57D0D222A9F22113FE3B55488DBFD761 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:49:40.0523 3144 nvsvc - ok
20:49:40.0552 3144 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:49:40.0554 3144 nv_agp - ok
20:49:40.0568 3144 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:49:40.0569 3144 ohci1394 - ok
20:49:40.0593 3144 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:40.0597 3144 ose - ok
20:49:40.0755 3144 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:49:40.0855 3144 osppsvc - ok
20:49:40.0892 3144 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:49:40.0894 3144 p2pimsvc - ok
20:49:40.0939 3144 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:49:40.0942 3144 p2psvc - ok
20:49:40.0966 3144 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:49:40.0966 3144 Parport - ok
20:49:40.0997 3144 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:49:40.0999 3144 partmgr - ok
20:49:41.0012 3144 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:49:41.0014 3144 PcaSvc - ok
20:49:41.0039 3144 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:49:41.0042 3144 pci - ok
20:49:41.0064 3144 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:49:41.0066 3144 pciide - ok
20:49:41.0080 3144 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:49:41.0083 3144 pcmcia - ok
20:49:41.0097 3144 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:49:41.0099 3144 pcw - ok
20:49:41.0120 3144 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:49:41.0123 3144 PEAUTH - ok
20:49:41.0174 3144 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:49:41.0176 3144 PerfHost - ok
20:49:41.0231 3144 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:49:41.0270 3144 pla - ok
20:49:41.0303 3144 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:49:41.0308 3144 PlugPlay - ok
20:49:41.0333 3144 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:49:41.0335 3144 Pml Driver HPZ12 - ok
20:49:41.0360 3144 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:49:41.0362 3144 PNRPAutoReg - ok
20:49:41.0384 3144 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:49:41.0387 3144 PNRPsvc - ok
20:49:41.0412 3144 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:49:41.0419 3144 PolicyAgent - ok
20:49:41.0453 3144 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:49:41.0455 3144 Power - ok
20:49:41.0489 3144 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:49:41.0490 3144 PptpMiniport - ok
20:49:41.0515 3144 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:49:41.0517 3144 Processor - ok
20:49:41.0547 3144 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:49:41.0550 3144 ProfSvc - ok
20:49:41.0565 3144 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:49:41.0566 3144 ProtectedStorage - ok
20:49:41.0585 3144 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:49:41.0586 3144 Psched - ok
20:49:41.0639 3144 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:49:41.0641 3144 PxHlpa64 - ok
20:49:41.0690 3144 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:49:41.0720 3144 ql2300 - ok
20:49:41.0737 3144 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:49:41.0739 3144 ql40xx - ok
20:49:41.0766 3144 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:49:41.0771 3144 QWAVE - ok
20:49:41.0790 3144 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:49:41.0791 3144 QWAVEdrv - ok
20:49:41.0801 3144 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:49:41.0803 3144 RasAcd - ok
20:49:41.0830 3144 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:49:41.0831 3144 RasAgileVpn - ok
20:49:41.0850 3144 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:49:41.0853 3144 RasAuto - ok
20:49:41.0881 3144 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:49:41.0882 3144 Rasl2tp - ok
20:49:41.0904 3144 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:49:41.0908 3144 RasMan - ok
20:49:41.0928 3144 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:49:41.0930 3144 RasPppoe - ok
20:49:41.0943 3144 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:49:41.0944 3144 RasSstp - ok
20:49:41.0972 3144 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:49:41.0975 3144 rdbss - ok
20:49:41.0985 3144 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:49:41.0986 3144 rdpbus - ok
20:49:41.0996 3144 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:49:41.0997 3144 RDPCDD - ok
20:49:42.0014 3144 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:49:42.0014 3144 RDPENCDD - ok
20:49:42.0023 3144 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:49:42.0024 3144 RDPREFMP - ok
20:49:42.0058 3144 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:49:42.0060 3144 RDPWD - ok
20:49:42.0105 3144 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:49:42.0110 3144 rdyboost - ok
20:49:42.0138 3144 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:49:42.0143 3144 RemoteAccess - ok
20:49:42.0168 3144 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:49:42.0174 3144 RemoteRegistry - ok
20:49:42.0191 3144 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:49:42.0194 3144 RpcEptMapper - ok
20:49:42.0208 3144 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:49:42.0210 3144 RpcLocator - ok
20:49:42.0231 3144 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:49:42.0236 3144 RpcSs - ok
20:49:42.0265 3144 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:49:42.0266 3144 rspndr - ok
20:49:42.0296 3144 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:49:42.0298 3144 RTL8167 - ok
20:49:42.0306 3144 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:49:42.0307 3144 SamSs - ok
20:49:42.0333 3144 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:49:42.0335 3144 sbp2port - ok
20:49:42.0364 3144 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:49:42.0368 3144 SCardSvr - ok
20:49:42.0385 3144 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:49:42.0387 3144 scfilter - ok
20:49:42.0420 3144 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:49:42.0430 3144 Schedule - ok
20:49:42.0451 3144 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:49:42.0452 3144 SCPolicySvc - ok
20:49:42.0479 3144 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:49:42.0483 3144 SDRSVC - ok
20:49:42.0505 3144 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:49:42.0506 3144 secdrv - ok
20:49:42.0524 3144 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:49:42.0526 3144 seclogon - ok
20:49:42.0543 3144 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:49:42.0545 3144 SENS - ok
20:49:42.0569 3144 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:49:42.0572 3144 SensrSvc - ok
20:49:42.0589 3144 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:49:42.0590 3144 Serenum - ok
20:49:42.0600 3144 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:49:42.0601 3144 Serial - ok
20:49:42.0619 3144 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:49:42.0621 3144 sermouse - ok
20:49:42.0650 3144 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:49:42.0653 3144 SessionEnv - ok
20:49:42.0673 3144 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:49:42.0681 3144 sffdisk - ok
20:49:42.0692 3144 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:49:42.0694 3144 sffp_mmc - ok
20:49:42.0707 3144 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:49:42.0708 3144 sffp_sd - ok
20:49:42.0725 3144 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:49:42.0726 3144 sfloppy - ok
20:49:42.0769 3144 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:49:42.0775 3144 Sftfs - ok
20:49:42.0828 3144 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:49:42.0832 3144 sftlist - ok
20:49:42.0852 3144 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:49:42.0854 3144 Sftplay - ok
20:49:42.0864 3144 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:49:42.0865 3144 Sftredir - ok
20:49:42.0888 3144 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:49:42.0889 3144 Sftvol - ok
20:49:42.0904 3144 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:49:42.0905 3144 sftvsa - ok
20:49:42.0928 3144 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:49:42.0932 3144 SharedAccess - ok
20:49:42.0958 3144 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:49:42.0962 3144 ShellHWDetection - ok
20:49:42.0998 3144 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:49:43.0000 3144 SiSRaid2 - ok
20:49:43.0016 3144 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:49:43.0018 3144 SiSRaid4 - ok
20:49:43.0059 3144 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:49:43.0061 3144 SkypeUpdate - ok
20:49:43.0083 3144 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:49:43.0085 3144 Smb - ok
20:49:43.0114 3144 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:49:43.0116 3144 SNMPTRAP - ok
20:49:43.0129 3144 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:49:43.0131 3144 spldr - ok
20:49:43.0152 3144 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:49:43.0158 3144 Spooler - ok
20:49:43.0242 3144 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:49:43.0266 3144 sppsvc - ok
20:49:43.0280 3144 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:49:43.0282 3144 sppuinotify - ok
20:49:43.0309 3144 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:49:43.0312 3144 srv - ok
20:49:43.0331 3144 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:49:43.0333 3144 srv2 - ok
20:49:43.0361 3144 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:49:43.0362 3144 srvnet - ok
20:49:43.0383 3144 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
20:49:43.0386 3144 sscdbus - ok
20:49:43.0403 3144 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:49:43.0405 3144 sscdmdfl - ok
20:49:43.0420 3144 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
20:49:43.0423 3144 sscdmdm - ok
20:49:43.0443 3144 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
20:49:43.0445 3144 sscdserd - ok
20:49:43.0476 3144 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:49:43.0478 3144 SSDPSRV - ok
20:49:43.0486 3144 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:49:43.0488 3144 SstpSvc - ok
20:49:43.0549 3144 [ F9506327BB18C51ED720CB9E83BBAB66 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:49:43.0553 3144 Stereo Service - ok
20:49:43.0580 3144 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:49:43.0583 3144 stexstor - ok
20:49:43.0622 3144 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:49:43.0634 3144 stisvc - ok
20:49:43.0660 3144 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:49:43.0661 3144 swenum - ok
20:49:43.0700 3144 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:49:43.0708 3144 swprv - ok
20:49:43.0751 3144 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:49:43.0765 3144 SysMain - ok
20:49:43.0786 3144 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:49:43.0788 3144 TabletInputService - ok
20:49:43.0810 3144 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:49:43.0813 3144 TapiSrv - ok
20:49:43.0834 3144 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:49:43.0836 3144 TBS - ok
20:49:43.0909 3144 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:49:43.0940 3144 Tcpip - ok
20:49:44.0002 3144 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:49:44.0018 3144 TCPIP6 - ok
20:49:44.0038 3144 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:49:44.0039 3144 tcpipreg - ok
20:49:44.0058 3144 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:49:44.0060 3144 TDPIPE - ok
20:49:44.0091 3144 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:49:44.0092 3144 TDTCP - ok
20:49:44.0130 3144 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:49:44.0133 3144 tdx - ok
20:49:44.0151 3144 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:49:44.0153 3144 TermDD - ok
20:49:44.0186 3144 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:49:44.0196 3144 TermService - ok
20:49:44.0219 3144 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:49:44.0221 3144 Themes - ok
20:49:44.0237 3144 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:49:44.0239 3144 THREADORDER - ok
20:49:44.0270 3144 [ 199C2E87D9A5EC58D0BCD94E893BF629 ] TIEHDUSB C:\Windows\system32\DRIVERS\tiehdusb.sys
20:49:44.0273 3144 TIEHDUSB - ok
20:49:44.0298 3144 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:49:44.0300 3144 TrkWks - ok
20:49:44.0333 3144 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:49:44.0336 3144 TrustedInstaller - ok
20:49:44.0361 3144 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:49:44.0363 3144 tssecsrv - ok
20:49:44.0387 3144 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:49:44.0389 3144 TsUsbFlt - ok
20:49:44.0413 3144 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:49:44.0415 3144 tunnel - ok
20:49:44.0437 3144 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:49:44.0439 3144 uagp35 - ok
20:49:44.0466 3144 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:49:44.0471 3144 udfs - ok
20:49:44.0495 3144 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:49:44.0497 3144 UI0Detect - ok
20:49:44.0511 3144 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:49:44.0513 3144 uliagpkx - ok
20:49:44.0539 3144 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:49:44.0540 3144 umbus - ok
20:49:44.0561 3144 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:49:44.0562 3144 UmPass - ok
20:49:44.0578 3144 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:49:44.0581 3144 upnphost - ok
20:49:44.0599 3144 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:49:44.0602 3144 usbaudio - ok
20:49:44.0630 3144 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:49:44.0631 3144 usbccgp - ok
20:49:44.0642 3144 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:49:44.0644 3144 usbcir - ok
20:49:44.0661 3144 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:49:44.0662 3144 usbehci - ok
20:49:44.0692 3144 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:49:44.0694 3144 usbhub - ok
20:49:44.0706 3144 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:49:44.0706 3144 usbohci - ok
20:49:44.0732 3144 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:49:44.0732 3144 usbprint - ok
20:49:44.0763 3144 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:49:44.0763 3144 usbscan - ok
20:49:44.0784 3144 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:49:44.0785 3144 USBSTOR - ok
20:49:44.0806 3144 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:49:44.0808 3144 usbuhci - ok
20:49:44.0832 3144 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:49:44.0835 3144 usbvideo - ok
20:49:44.0861 3144 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:49:44.0863 3144 UxSms - ok
20:49:44.0878 3144 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:49:44.0879 3144 VaultSvc - ok
20:49:44.0901 3144 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:49:44.0902 3144 vdrvroot - ok
20:49:44.0928 3144 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:49:44.0934 3144 vds - ok
20:49:44.0958 3144 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:49:44.0959 3144 vga - ok
20:49:44.0974 3144 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:49:44.0975 3144 VgaSave - ok
20:49:44.0994 3144 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:49:44.0996 3144 vhdmp - ok
20:49:45.0019 3144 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:49:45.0021 3144 viaide - ok
20:49:45.0034 3144 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:49:45.0036 3144 volmgr - ok
20:49:45.0069 3144 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:49:45.0073 3144 volmgrx - ok
20:49:45.0090 3144 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:49:45.0093 3144 volsnap - ok
20:49:45.0110 3144 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:49:45.0112 3144 vsmraid - ok
20:49:45.0162 3144 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:49:45.0211 3144 VSS - ok
20:49:45.0224 3144 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:49:45.0226 3144 vwifibus - ok
20:49:45.0251 3144 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:49:45.0256 3144 W32Time - ok
20:49:45.0271 3144 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:49:45.0273 3144 WacomPen - ok
20:49:45.0308 3144 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:49:45.0309 3144 WANARP - ok
20:49:45.0313 3144 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:49:45.0314 3144 Wanarpv6 - ok
20:49:45.0379 3144 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:49:45.0415 3144 WatAdminSvc - ok
20:49:45.0461 3144 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:49:45.0488 3144 wbengine - ok
20:49:45.0518 3144 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:49:45.0522 3144 WbioSrvc - ok
20:49:45.0546 3144 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:49:45.0552 3144 wcncsvc - ok
20:49:45.0564 3144 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:49:45.0568 3144 WcsPlugInService - ok
20:49:45.0588 3144 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:49:45.0590 3144 Wd - ok
20:49:45.0630 3144 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
20:49:45.0633 3144 WDC_SAM - ok
20:49:45.0680 3144 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:49:45.0693 3144 Wdf01000 - ok
20:49:45.0704 3144 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:49:45.0706 3144 WdiServiceHost - ok
20:49:45.0711 3144 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:49:45.0714 3144 WdiSystemHost - ok
20:49:45.0743 3144 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:49:45.0747 3144 WebClient - ok
20:49:45.0770 3144 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:49:45.0773 3144 Wecsvc - ok
20:49:45.0785 3144 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:49:45.0787 3144 wercplsupport - ok
20:49:45.0805 3144 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:49:45.0808 3144 WerSvc - ok
20:49:45.0831 3144 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:49:45.0831 3144 WfpLwf - ok
20:49:45.0840 3144 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:49:45.0842 3144 WIMMount - ok
20:49:45.0851 3144 WinDefend - ok
20:49:45.0857 3144 WinHttpAutoProxySvc - ok
20:49:45.0896 3144 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:49:45.0898 3144 Winmgmt - ok
20:49:45.0952 3144 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:49:45.0987 3144 WinRM - ok
20:49:46.0032 3144 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:49:46.0034 3144 WinUsb - ok
20:49:46.0069 3144 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:49:46.0082 3144 Wlansvc - ok
20:49:46.0110 3144 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:49:46.0112 3144 WmiAcpi - ok
20:49:46.0134 3144 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:49:46.0137 3144 wmiApSrv - ok
20:49:46.0163 3144 WMPNetworkSvc - ok
20:49:46.0225 3144 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
20:49:46.0232 3144 WMZuneComm - ok
20:49:46.0254 3144 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:49:46.0257 3144 WPCSvc - ok
20:49:46.0284 3144 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:49:46.0286 3144 WPDBusEnum - ok
20:49:46.0442 3144 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:49:46.0444 3144 ws2ifsl - ok
20:49:46.0478 3144 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:49:46.0484 3144 wscsvc - ok
20:49:46.0493 3144 WSearch - ok
20:49:46.0591 3144 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:49:46.0611 3144 wuauserv - ok
20:49:46.0648 3144 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:49:46.0648 3144 WudfPf - ok
20:49:46.0674 3144 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:49:46.0678 3144 WUDFRd - ok
20:49:46.0715 3144 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:49:46.0718 3144 wudfsvc - ok
20:49:46.0740 3144 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:49:46.0744 3144 WwanSvc - ok
20:49:46.0923 3144 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
20:49:47.0073 3144 ZuneNetworkSvc - ok
20:49:47.0108 3144 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
20:49:47.0113 3144 ZuneWlanCfgSvc - ok
20:49:47.0125 3144 ================ Scan global ===============================
20:49:47.0140 3144 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:49:47.0169 3144 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:49:47.0175 3144 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:49:47.0202 3144 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:49:47.0218 3144 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:49:47.0220 3144 [Global] - ok
20:49:47.0221 3144 ================ Scan MBR ==================================
20:49:47.0232 3144 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:49:47.0446 3144 \Device\Harddisk0\DR0 - ok
20:49:47.0446 3144 ================ Scan VBR ==================================
20:49:47.0450 3144 [ 3C6BC8E394B29360374F821D4EB06B57 ] \Device\Harddisk0\DR0\Partition1
20:49:47.0452 3144 \Device\Harddisk0\DR0\Partition1 - ok
20:49:47.0461 3144 [ 4EBC6B3CDFC9343D2FA30552E517992D ] \Device\Harddisk0\DR0\Partition2
20:49:47.0463 3144 \Device\Harddisk0\DR0\Partition2 - ok
20:49:47.0464 3144 ============================================================
20:49:47.0464 3144 Scan finished
20:49:47.0464 3144 ============================================================
20:49:47.0481 4028 Detected object count: 0
20:49:47.0481 4028 Actual detected object count: 0
20:50:20.0122 2592 Deinitialize success


20:42:12.0902 3600 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:42:13.0759 3600 ============================================================
20:42:13.0759 3600 Current date / time: 2012/11/28 20:42:13.0759
20:42:13.0759 3600 SystemInfo:
20:42:13.0759 3600
20:42:13.0759 3600 OS Version: 6.1.7601 ServicePack: 1.0
20:42:13.0759 3600 Product type: Workstation
20:42:13.0759 3600 ComputerName: CLIENT-PC
20:42:13.0759 3600 UserName: CLIENT
20:42:13.0759 3600 Windows directory: C:\Windows
20:42:13.0759 3600 System windows directory: C:\Windows
20:42:13.0759 3600 Running under WOW64
20:42:13.0759 3600 Processor architecture: Intel x64
20:42:13.0759 3600 Number of processors: 2
20:42:13.0759 3600 Page size: 0x1000
20:42:13.0759 3600 Boot type: Normal boot
20:42:13.0759 3600 ============================================================
20:42:14.0474 3600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:42:14.0493 3600 ============================================================
20:42:14.0493 3600 \Device\Harddisk0\DR0:
20:42:14.0493 3600 MBR partitions:
20:42:14.0493 3600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:42:14.0493 3600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030
20:42:14.0493 3600 ============================================================
20:42:14.0518 3600 C: <-> \Device\Harddisk0\DR0\Partition2
20:42:14.0518 3600 ============================================================
20:42:14.0518 3600 Initialize success
20:42:14.0518 3600 ============================================================
20:42:16.0450 4472 ============================================================
20:42:16.0450 4472 Scan started
20:42:16.0450 4472 Mode: Manual;
20:42:16.0450 4472 ============================================================
20:42:19.0873 4472 ================ Scan system memory ========================
20:42:19.0873 4472 System memory - ok
20:42:19.0873 4472 ================ Scan services =============================
20:42:19.0971 4472 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:42:19.0976 4472 1394ohci - ok
20:42:19.0995 4472 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:42:20.0001 4472 ACPI - ok
20:42:20.0022 4472 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:42:20.0023 4472 AcpiPmi - ok
20:42:20.0139 4472 [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
20:42:20.0152 4472 AdobeActiveFileMonitor10.0 - ok
20:42:20.0254 4472 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:42:20.0272 4472 AdobeARMservice - ok
20:42:20.0382 4472 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:42:20.0384 4472 AdobeFlashPlayerUpdateSvc - ok
20:42:20.0420 4472 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:42:20.0426 4472 adp94xx - ok
20:42:20.0450 4472 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:42:20.0454 4472 adpahci - ok
20:42:20.0464 4472 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:42:20.0467 4472 adpu320 - ok
20:42:20.0489 4472 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:42:20.0490 4472 AeLookupSvc - ok
20:42:20.0535 4472 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:42:20.0541 4472 AFD - ok
20:42:20.0574 4472 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:42:20.0575 4472 agp440 - ok
20:42:20.0599 4472 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:42:20.0600 4472 ALG - ok
20:42:20.0630 4472 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:42:20.0633 4472 aliide - ok
20:42:20.0643 4472 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:42:20.0645 4472 amdide - ok
20:42:20.0670 4472 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:42:20.0672 4472 AmdK8 - ok
20:42:20.0688 4472 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:42:20.0690 4472 AmdPPM - ok
20:42:20.0717 4472 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:42:20.0720 4472 amdsata - ok
20:42:20.0740 4472 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:42:20.0743 4472 amdsbs - ok
20:42:20.0753 4472 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:42:20.0754 4472 amdxata - ok
20:42:20.0779 4472 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:42:20.0781 4472 AppID - ok
20:42:20.0807 4472 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:42:20.0808 4472 AppIDSvc - ok
20:42:20.0829 4472 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:42:20.0831 4472 Appinfo - ok
20:42:20.0862 4472 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:42:20.0864 4472 arc - ok
20:42:20.0877 4472 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:42:20.0879 4472 arcsas - ok
20:42:20.0904 4472 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:42:20.0905 4472 AsyncMac - ok
20:42:20.0929 4472 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:42:20.0930 4472 atapi - ok
20:42:20.0960 4472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:42:20.0966 4472 AudioEndpointBuilder - ok
20:42:20.0979 4472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:42:20.0983 4472 AudioSrv - ok
20:42:21.0017 4472 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:42:21.0028 4472 AxInstSV - ok
20:42:21.0051 4472 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:42:21.0057 4472 b06bdrv - ok
20:42:21.0074 4472 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:42:21.0077 4472 b57nd60a - ok
20:42:21.0101 4472 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:42:21.0102 4472 BDESVC - ok
20:42:21.0117 4472 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:42:21.0118 4472 Beep - ok
20:42:21.0151 4472 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:42:21.0158 4472 BFE - ok
20:42:21.0190 4472 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:42:21.0200 4472 BITS - ok
20:42:21.0208 4472 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:42:21.0210 4472 blbdrive - ok
20:42:21.0233 4472 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:42:21.0235 4472 bowser - ok
20:42:21.0245 4472 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:42:21.0246 4472 BrFiltLo - ok
20:42:21.0261 4472 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:42:21.0262 4472 BrFiltUp - ok
20:42:21.0301 4472 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:42:21.0303 4472 BridgeMP - ok
20:42:21.0320 4472 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:42:21.0323 4472 Browser - ok
20:42:21.0341 4472 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:42:21.0344 4472 Brserid - ok
20:42:21.0362 4472 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:42:21.0364 4472 BrSerWdm - ok
20:42:21.0377 4472 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:42:21.0378 4472 BrUsbMdm - ok
20:42:21.0389 4472 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:42:21.0390 4472 BrUsbSer - ok
20:42:21.0403 4472 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:42:21.0405 4472 BTHMODEM - ok
20:42:21.0434 4472 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:42:21.0436 4472 bthserv - ok
20:42:21.0489 4472 catchme - ok
20:42:21.0498 4472 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:42:21.0500 4472 cdfs - ok
20:42:21.0532 4472 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:42:21.0534 4472 cdrom - ok
20:42:21.0558 4472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:42:21.0560 4472 CertPropSvc - ok
20:42:21.0583 4472 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:42:21.0585 4472 circlass - ok
20:42:21.0610 4472 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:42:21.0614 4472 CLFS - ok
20:42:21.0654 4472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:21.0659 4472 clr_optimization_v2.0.50727_32 - ok
20:42:21.0688 4472 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:42:21.0693 4472 clr_optimization_v2.0.50727_64 - ok
20:42:21.0747 4472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:42:21.0761 4472 clr_optimization_v4.0.30319_32 - ok
20:42:21.0784 4472 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:42:21.0785 4472 clr_optimization_v4.0.30319_64 - ok
20:42:21.0814 4472 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:42:21.0815 4472 CmBatt - ok
20:42:21.0825 4472 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:42:21.0827 4472 cmdide - ok
20:42:21.0853 4472 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:42:21.0858 4472 CNG - ok
20:42:21.0881 4472 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:42:21.0883 4472 Compbatt - ok
20:42:21.0900 4472 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:42:21.0902 4472 CompositeBus - ok
20:42:21.0910 4472 COMSysApp - ok
20:42:21.0921 4472 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:42:21.0923 4472 crcdisk - ok
20:42:21.0953 4472 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:42:21.0956 4472 CryptSvc - ok
20:42:22.0015 4472 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:42:22.0023 4472 cvhsvc - ok
20:42:22.0061 4472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:42:22.0067 4472 DcomLaunch - ok
20:42:22.0095 4472 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:42:22.0098 4472 defragsvc - ok
20:42:22.0123 4472 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:42:22.0125 4472 DfsC - ok
20:42:22.0148 4472 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:42:22.0152 4472 Dhcp - ok
20:42:22.0179 4472 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:42:22.0181 4472 discache - ok
20:42:22.0200 4472 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:42:22.0202 4472 Disk - ok
20:42:22.0229 4472 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:42:22.0232 4472 Dnscache - ok
20:42:22.0257 4472 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:42:22.0261 4472 dot3svc - ok
20:42:22.0282 4472 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:42:22.0284 4472 Dot4 - ok
20:42:22.0305 4472 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:42:22.0306 4472 Dot4Print - ok
20:42:22.0325 4472 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:42:22.0327 4472 dot4usb - ok
20:42:22.0344 4472 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:42:22.0346 4472 DPS - ok
20:42:22.0361 4472 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:42:22.0363 4472 drmkaud - ok
20:42:22.0395 4472 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:42:22.0405 4472 DXGKrnl - ok
20:42:22.0431 4472 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:42:22.0433 4472 EapHost - ok
20:42:22.0505 4472 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:42:22.0558 4472 ebdrv - ok
20:42:22.0586 4472 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:42:22.0588 4472 EFS - ok
20:42:22.0628 4472 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:42:22.0637 4472 ehRecvr - ok
20:42:22.0665 4472 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:42:22.0668 4472 ehSched - ok
20:42:22.0709 4472 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:42:22.0715 4472 elxstor - ok
20:42:22.0729 4472 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:42:22.0731 4472 ErrDev - ok
20:42:22.0761 4472 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:42:22.0767 4472 EventSystem - ok
20:42:22.0786 4472 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:42:22.0790 4472 exfat - ok
20:42:22.0808 4472 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:42:22.0810 4472 fastfat - ok
20:42:22.0846 4472 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:42:22.0853 4472 Fax - ok
20:42:22.0867 4472 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:42:22.0869 4472 fdc - ok
20:42:22.0885 4472 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:42:22.0887 4472 fdPHost - ok
20:42:22.0897 4472 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:42:22.0899 4472 FDResPub - ok
20:42:22.0913 4472 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:42:22.0915 4472 FileInfo - ok
20:42:22.0925 4472 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:42:22.0927 4472 Filetrace - ok
20:42:22.0941 4472 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:42:22.0942 4472 flpydisk - ok
20:42:22.0968 4472 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:42:22.0972 4472 FltMgr - ok
20:42:23.0007 4472 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:42:23.0032 4472 FontCache - ok
20:42:23.0077 4472 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:42:23.0079 4472 FontCache3.0.0.0 - ok
20:42:23.0096 4472 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:42:23.0108 4472 FsDepends - ok
20:42:23.0132 4472 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:42:23.0134 4472 Fs_Rec - ok
20:42:23.0165 4472 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:42:23.0167 4472 fvevol - ok
20:42:23.0170 4472 FXDrv32 - ok
20:42:23.0190 4472 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:42:23.0192 4472 gagp30kx - ok
20:42:23.0216 4472 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:42:23.0224 4472 gpsvc - ok
20:42:23.0279 4472 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:23.0282 4472 gupdate - ok
20:42:23.0287 4472 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:23.0288 4472 gupdatem - ok
20:42:23.0324 4472 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:42:23.0326 4472 gusvc - ok
20:42:23.0352 4472 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:42:23.0354 4472 hcw85cir - ok
20:42:23.0398 4472 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:42:23.0403 4472 HdAudAddService - ok
20:42:23.0419 4472 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:42:23.0422 4472 HDAudBus - ok
20:42:23.0432 4472 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:42:23.0434 4472 HidBatt - ok
20:42:23.0445 4472 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:42:23.0448 4472 HidBth - ok
20:42:23.0465 4472 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:42:23.0466 4472 HidIr - ok
20:42:23.0498 4472 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:42:23.0499 4472 hidserv - ok
20:42:23.0527 4472 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:42:23.0528 4472 HidUsb - ok
20:42:23.0548 4472 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:42:23.0550 4472 hkmsvc - ok
20:42:23.0568 4472 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:42:23.0571 4472 HomeGroupListener - ok
20:42:23.0594 4472 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:42:23.0597 4472 HomeGroupProvider - ok
20:42:23.0609 4472 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:42:23.0611 4472 HpSAMD - ok
20:42:23.0646 4472 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:42:23.0654 4472 HTTP - ok
20:42:23.0669 4472 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:42:23.0670 4472 hwpolicy - ok
20:42:23.0696 4472 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:42:23.0700 4472 i8042prt - ok
20:42:23.0736 4472 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:42:23.0741 4472 iaStorV - ok
20:42:23.0798 4472 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:42:23.0801 4472 IDriverT - ok
20:42:23.0840 4472 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:42:23.0850 4472 idsvc - ok
20:42:23.0878 4472 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:42:23.0880 4472 iirsp - ok
20:42:23.0929 4472 [ F82BC30BB2B608AF8B5540CDBAEA93A6 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
20:42:23.0930 4472 IJPLMSVC - ok
20:42:23.0964 4472 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:42:23.0972 4472 IKEEXT - ok
20:42:24.0033 4472 [ 5BA1779E2C84FDE2A5E201FFF9C42C9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:42:24.0068 4472 IntcAzAudAddService - ok
20:42:24.0091 4472 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:42:24.0092 4472 intelide - ok
20:42:24.0119 4472 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:42:24.0121 4472 intelppm - ok
20:42:24.0154 4472 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:42:24.0156 4472 IPBusEnum - ok
20:42:24.0182 4472 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:24.0184 4472 IpFilterDriver - ok
20:42:24.0232 4472 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:42:24.0238 4472 iphlpsvc - ok
20:42:24.0263 4472 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:42:24.0265 4472 IPMIDRV - ok
20:42:24.0285 4472 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:42:24.0287 4472 IPNAT - ok
20:42:24.0304 4472 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:42:24.0306 4472 IRENUM - ok
20:42:24.0323 4472 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:42:24.0324 4472 isapnp - ok
20:42:24.0338 4472 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:42:24.0341 4472 iScsiPrt - ok
20:42:24.0364 4472 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:42:24.0365 4472 kbdclass - ok
20:42:24.0380 4472 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:42:24.0381 4472 kbdhid - ok
20:42:24.0393 4472 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:42:24.0394 4472 KeyIso - ok
20:42:24.0426 4472 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:42:24.0428 4472 KSecDD - ok
20:42:24.0459 4472 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:42:24.0462 4472 KSecPkg - ok
20:42:24.0484 4472 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:42:24.0485 4472 ksthunk - ok
20:42:24.0511 4472 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:42:24.0517 4472 KtmRm - ok
20:42:24.0542 4472 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:42:24.0545 4472 LanmanServer - ok
20:42:24.0570 4472 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:42:24.0573 4472 LanmanWorkstation - ok
20:42:24.0601 4472 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:42:24.0603 4472 lltdio - ok
20:42:24.0622 4472 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:42:24.0627 4472 lltdsvc - ok
20:42:24.0639 4472 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:42:24.0641 4472 lmhosts - ok
20:42:24.0661 4472 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:42:24.0663 4472 LSI_FC - ok
20:42:24.0675 4472 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:42:24.0678 4472 LSI_SAS - ok
20:42:24.0692 4472 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:42:24.0694 4472 LSI_SAS2 - ok
20:42:24.0705 4472 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:42:24.0707 4472 LSI_SCSI - ok
20:42:24.0723 4472 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:42:24.0725 4472 luafv - ok
20:42:24.0758 4472 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:42:24.0759 4472 MBAMProtector - ok
20:42:24.0815 4472 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:42:24.0820 4472 MBAMScheduler - ok
20:42:24.0854 4472 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:42:24.0861 4472 MBAMService - ok
20:42:24.0888 4472 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:42:24.0890 4472 Mcx2Svc - ok
20:42:24.0909 4472 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:42:24.0911 4472 megasas - ok
20:42:24.0922 4472 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:42:24.0925 4472 MegaSR - ok
20:42:24.0952 4472 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:42:24.0954 4472 MMCSS - ok
20:42:24.0970 4472 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:42:24.0972 4472 Modem - ok
20:42:24.0994 4472 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:42:24.0995 4472 monitor - ok
20:42:25.0008 4472 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:42:25.0009 4472 mouclass - ok
20:42:25.0028 4472 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:42:25.0029 4472 mouhid - ok
20:42:25.0052 4472 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:42:25.0054 4472 mountmgr - ok
20:42:25.0115 4472 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:42:25.0117 4472 MpFilter - ok
20:42:25.0140 4472 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:42:25.0142 4472 mpio - ok
20:42:25.0155 4472 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:42:25.0156 4472 mpsdrv - ok
20:42:25.0187 4472 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:42:25.0196 4472 MpsSvc - ok
20:42:25.0217 4472 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:42:25.0219 4472 MRxDAV - ok
20:42:25.0241 4472 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:42:25.0245 4472 mrxsmb - ok
20:42:25.0264 4472 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:42:25.0268 4472 mrxsmb10 - ok
20:42:25.0284 4472 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:42:25.0286 4472 mrxsmb20 - ok
20:42:25.0295 4472 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:42:25.0399 4472 msahci - ok
20:42:25.0419 4472 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:42:25.0421 4472 msdsm - ok
20:42:25.0432 4472 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:42:25.0434 4472 MSDTC - ok
20:42:25.0466 4472 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:42:25.0467 4472 Msfs - ok
20:42:25.0488 4472 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:42:25.0490 4472 mshidkmdf - ok
20:42:25.0502 4472 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:42:25.0503 4472 msisadrv - ok
20:42:25.0526 4472 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:42:25.0528 4472 MSiSCSI - ok
20:42:25.0533 4472 msiserver - ok
20:42:25.0559 4472 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:42:25.0560 4472 MSKSSRV - ok
20:42:25.0619 4472 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:42:25.0620 4472 MsMpSvc - ok
20:42:25.0635 4472 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:42:25.0637 4472 MSPCLOCK - ok
20:42:25.0650 4472 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:42:25.0651 4472 MSPQM - ok
20:42:25.0680 4472 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:42:25.0684 4472 MsRPC - ok
20:42:25.0705 4472 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:42:25.0707 4472 mssmbios - ok
20:42:25.0720 4472 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:42:25.0722 4472 MSTEE - ok
20:42:25.0739 4472 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:42:25.0740 4472 MTConfig - ok
20:42:25.0756 4472 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:42:25.0757 4472 Mup - ok
20:42:25.0789 4472 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:42:25.0795 4472 napagent - ok
20:42:25.0811 4472 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:42:25.0815 4472 NativeWifiP - ok
20:42:25.0848 4472 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:42:25.0857 4472 NDIS - ok
20:42:25.0872 4472 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:42:25.0874 4472 NdisCap - ok
20:42:25.0898 4472 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:42:25.0899 4472 NdisTapi - ok
20:42:25.0926 4472 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:42:25.0928 4472 Ndisuio - ok
20:42:25.0942 4472 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:42:25.0944 4472 NdisWan - ok
20:42:25.0968 4472 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:42:25.0970 4472 NDProxy - ok
20:42:25.0996 4472 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:42:25.0997 4472 Net Driver HPZ12 - ok
20:42:26.0008 4472 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:42:26.0009 4472 NetBIOS - ok
20:42:26.0035 4472 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:42:26.0043 4472 NetBT - ok
20:42:26.0058 4472 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:42:26.0060 4472 Netlogon - ok
20:42:26.0099 4472 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:42:26.0104 4472 Netman - ok
20:42:26.0115 4472 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:42:26.0121 4472 netprofm - ok
20:42:26.0145 4472 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:42:26.0147 4472 NetTcpPortSharing - ok
20:42:26.0159 4472 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:42:26.0161 4472 nfrd960 - ok
20:42:26.0194 4472 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:42:26.0195 4472 NisDrv - ok
20:42:26.0222 4472 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:42:26.0226 4472 NisSrv - ok
20:42:26.0260 4472 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:42:26.0264 4472 NlaSvc - ok
20:42:26.0335 4472 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
20:42:26.0340 4472 NMIndexingService - ok
20:42:26.0350 4472 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:42:26.0352 4472 Npfs - ok
20:42:26.0373 4472 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:42:26.0376 4472 nsi - ok
20:42:26.0401 4472 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:42:26.0402 4472 nsiproxy - ok
20:42:26.0453 4472 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:42:26.0481 4472 Ntfs - ok
20:42:26.0512 4472 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:42:26.0513 4472 Null - ok
20:42:26.0693 4472 [ AA0828F3223E1A2952F80A8D2047DD40 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:42:26.0854 4472 nvlddmkm - ok
20:42:26.0916 4472 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:42:26.0918 4472 nvraid - ok
20:42:26.0942 4472 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
20:42:26.0944 4472 nvsmu - ok
20:42:26.0962 4472 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:42:26.0966 4472 nvstor - ok
20:42:26.0985 4472 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
20:42:26.0987 4472 nvstor64 - ok
20:42:27.0028 4472 [ 57D0D222A9F22113FE3B55488DBFD761 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:42:27.0033 4472 nvsvc - ok
20:42:27.0060 4472 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:42:27.0062 4472 nv_agp - ok
20:42:27.0076 4472 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:42:27.0077 4472 ohci1394 - ok
20:42:27.0105 4472 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:42:27.0108 4472 ose - ok
20:42:27.0205 4472 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:42:27.0274 4472 osppsvc - ok
20:42:27.0300 4472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:42:27.0306 4472 p2pimsvc - ok
20:42:27.0330 4472 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:42:27.0347 4472 p2psvc - ok
20:42:27.0374 4472 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:42:27.0376 4472 Parport - ok
20:42:27.0405 4472 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:42:27.0407 4472 partmgr - ok
20:42:27.0420 4472 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:42:27.0424 4472 PcaSvc - ok
20:42:27.0447 4472 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:42:27.0450 4472 pci - ok
20:42:27.0473 4472 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:42:27.0482 4472 pciide - ok
20:42:27.0496 4472 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:42:27.0499 4472 pcmcia - ok
20:42:27.0514 4472 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:42:27.0515 4472 pcw - ok
20:42:27.0536 4472 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:42:27.0543 4472 PEAUTH - ok
20:42:27.0591 4472 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:42:27.0597 4472 PerfHost - ok
20:42:27.0639 4472 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:42:27.0665 4472 pla - ok
20:42:27.0694 4472 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:42:27.0699 4472 PlugPlay - ok
20:42:27.0725 4472 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:42:27.0727 4472 Pml Driver HPZ12 - ok
20:42:27.0751 4472 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:42:27.0754 4472 PNRPAutoReg - ok
20:42:27.0775 4472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:42:27.0777 4472 PNRPsvc - ok
20:42:27.0803 4472 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:42:27.0808 4472 PolicyAgent - ok
20:42:27.0835 4472 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:42:27.0839 4472 Power - ok
20:42:27.0872 4472 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:42:27.0874 4472 PptpMiniport - ok
20:42:27.0898 4472 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:42:27.0900 4472 Processor - ok
20:42:27.0938 4472 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:42:27.0941 4472 ProfSvc - ok
20:42:27.0956 4472 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:42:27.0957 4472 ProtectedStorage - ok
20:42:27.0976 4472 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:42:27.0978 4472 Psched - ok
20:42:28.0030 4472 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:42:28.0032 4472 PxHlpa64 - ok
20:42:28.0074 4472 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:42:28.0100 4472 ql2300 - ok
20:42:28.0128 4472 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:42:28.0130 4472 ql40xx - ok
20:42:28.0157 4472 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:42:28.0161 4472 QWAVE - ok
20:42:28.0173 4472 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:42:28.0174 4472 QWAVEdrv - ok
20:42:28.0184 4472 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:42:28.0185 4472 RasAcd - ok
20:42:28.0204 4472 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:42:28.0206 4472 RasAgileVpn - ok
20:42:28.0225 4472 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:42:28.0228 4472 RasAuto - ok
20:42:28.0247 4472 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:42:28.0250 4472 Rasl2tp - ok
20:42:28.0270 4472 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:42:28.0274 4472 RasMan - ok
20:42:28.0286 4472 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:42:28.0288 4472 RasPppoe - ok
20:42:28.0301 4472 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:42:28.0303 4472 RasSstp - ok
20:42:28.0330 4472 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:42:28.0333 4472 rdbss - ok
20:42:28.0343 4472 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:42:28.0349 4472 rdpbus - ok
20:42:28.0363 4472 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:42:28.0364 4472 RDPCDD - ok
20:42:28.0380 4472 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:42:28.0381 4472 RDPENCDD - ok
20:42:28.0390 4472 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:42:28.0391 4472 RDPREFMP - ok
20:42:28.0424 4472 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:42:28.0427 4472 RDPWD - ok
20:42:28.0461 4472 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:42:28.0464 4472 rdyboost - ok
20:42:28.0486 4472 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:42:28.0489 4472 RemoteAccess - ok
20:42:28.0508 4472 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:42:28.0511 4472 RemoteRegistry - ok
20:42:28.0524 4472 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:42:28.0527 4472 RpcEptMapper - ok
20:42:28.0541 4472 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:42:28.0543 4472 RpcLocator - ok
20:42:28.0563 4472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:42:28.0567 4472 RpcSs - ok
20:42:28.0590 4472 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:42:28.0592 4472 rspndr - ok
20:42:28.0620 4472 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:42:28.0623 4472 RTL8167 - ok
20:42:28.0630 4472 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:42:28.0631 4472 SamSs - ok
20:42:28.0649 4472 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:42:28.0651 4472 sbp2port - ok
20:42:28.0672 4472 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:42:28.0675 4472 SCardSvr - ok
20:42:28.0694 4472 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:42:28.0697 4472 scfilter - ok
20:42:28.0735 4472 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:42:28.0754 4472 Schedule - ok
20:42:28.0776 4472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:42:28.0777 4472 SCPolicySvc - ok
20:42:28.0795 4472 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:42:28.0799 4472 SDRSVC - ok
20:42:28.0822 4472 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:42:28.0823 4472 secdrv - ok
20:42:28.0840 4472 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:42:28.0842 4472 seclogon - ok
20:42:28.0859 4472 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:42:28.0861 4472 SENS - ok
20:42:28.0877 4472 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:42:28.0879 4472 SensrSvc - ok
20:42:28.0897 4472 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:42:28.0899 4472 Serenum - ok
20:42:28.0908 4472 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:42:28.0910 4472 Serial - ok
20:42:28.0943 4472 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:42:28.0945 4472 sermouse - ok
20:42:28.0974 4472 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:42:28.0977 4472 SessionEnv - ok
20:42:28.0989 4472 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:42:28.0991 4472 sffdisk - ok
20:42:29.0000 4472 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:42:29.0001 4472 sffp_mmc - ok
20:42:29.0015 4472 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:42:29.0016 4472 sffp_sd - ok
20:42:29.0024 4472 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:42:29.0026 4472 sfloppy - ok
20:42:29.0051 4472 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:42:29.0059 4472 Sftfs - ok
20:42:29.0110 4472 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:42:29.0116 4472 sftlist - ok
20:42:29.0134 4472 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:42:29.0138 4472 Sftplay - ok
20:42:29.0156 4472 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:42:29.0158 4472 Sftredir - ok
20:42:29.0171 4472 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:42:29.0173 4472 Sftvol - ok
20:42:29.0195 4472 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:42:29.0198 4472 sftvsa - ok
20:42:29.0228 4472 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:42:29.0232 4472 SharedAccess - ok
20:42:29.0257 4472 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:42:29.0261 4472 ShellHWDetection - ok
20:42:29.0282 4472 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:42:29.0283 4472 SiSRaid2 - ok
20:42:29.0299 4472 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:42:29.0301 4472 SiSRaid4 - ok
20:42:29.0342 4472 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:42:29.0344 4472 SkypeUpdate - ok
20:42:29.0366 4472 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:42:29.0368 4472 Smb - ok
20:42:29.0397 4472 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:42:29.0399 4472 SNMPTRAP - ok
20:42:29.0412 4472 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:42:29.0414 4472 spldr - ok
20:42:29.0435 4472 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:42:29.0441 4472 Spooler - ok
20:42:29.0511 4472 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:42:29.0608 4472 sppsvc - ok
20:42:29.0630 4472 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:42:29.0633 4472 sppuinotify - ok
20:42:29.0660 4472 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:42:29.0666 4472 srv - ok
20:42:29.0689 4472 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:42:29.0693 4472 srv2 - ok
20:42:29.0719 4472 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:42:29.0722 4472 srvnet - ok
20:42:29.0741 4472 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
20:42:29.0743 4472 sscdbus - ok
20:42:29.0761 4472 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:42:29.0762 4472 sscdmdfl - ok
20:42:29.0779 4472 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
20:42:29.0782 4472 sscdmdm - ok
20:42:29.0810 4472 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
20:42:29.0812 4472 sscdserd - ok
20:42:29.0842 4472 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:42:29.0845 4472 SSDPSRV - ok
20:42:29.0853 4472 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:42:29.0855 4472 SstpSvc - ok
20:42:29.0905 4472 [ F9506327BB18C51ED720CB9E83BBAB66 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:42:29.0908 4472 Stereo Service - ok
20:42:29.0930 4472 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:42:29.0932 4472 stexstor - ok
20:42:29.0967 4472 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:42:29.0974 4472 stisvc - ok
20:42:29.0994 4472 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:42:29.0995 4472 swenum - ok
20:42:30.0024 4472 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:42:30.0030 4472 swprv - ok
20:42:30.0072 4472 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:42:30.0099 4472 SysMain - ok
20:42:30.0119 4472 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:42:30.0127 4472 TabletInputService - ok
20:42:30.0143 4472 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:42:30.0148 4472 TapiSrv - ok
20:42:30.0167 4472 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:42:30.0169 4472 TBS - ok
20:42:30.0229 4472 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:42:30.0264 4472 Tcpip - ok
20:42:30.0303 4472 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:42:30.0313 4472 TCPIP6 - ok
20:42:30.0338 4472 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:42:30.0339 4472 tcpipreg - ok
20:42:30.0358 4472 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:42:30.0360 4472 TDPIPE - ok
20:42:30.0390 4472 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:42:30.0392 4472 TDTCP - ok
20:42:30.0429 4472 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:42:30.0431 4472 tdx - ok
20:42:30.0442 4472 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:42:30.0444 4472 TermDD - ok
20:42:30.0477 4472 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:42:30.0485 4472 TermService - ok
20:42:30.0511 4472 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:42:30.0513 4472 Themes - ok
20:42:30.0538 4472 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:42:30.0539 4472 THREADORDER - ok
20:42:30.0569 4472 [ 199C2E87D9A5EC58D0BCD94E893BF629 ] TIEHDUSB C:\Windows\system32\DRIVERS\tiehdusb.sys
20:42:30.0571 4472 TIEHDUSB - ok
20:42:30.0597 4472 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:42:30.0600 4472 TrkWks - ok
20:42:30.0632 4472 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:42:30.0635 4472 TrustedInstaller - ok
20:42:30.0660 4472 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:42:30.0662 4472 tssecsrv - ok
20:42:30.0695 4472 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:42:30.0697 4472 TsUsbFlt - ok
20:42:30.0721 4472 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:42:30.0723 4472 tunnel - ok
20:42:30.0746 4472 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:42:30.0747 4472 uagp35 - ok
20:42:30.0775 4472 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:42:30.0779 4472 udfs - ok
20:42:30.0803 4472 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:42:30.0806 4472 UI0Detect - ok
20:42:30.0819 4472 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:42:30.0821 4472 uliagpkx - ok
20:42:30.0839 4472 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:42:30.0841 4472 umbus - ok
20:42:30.0852 4472 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:42:30.0854 4472 UmPass - ok
20:42:30.0870 4472 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:42:30.0875 4472 upnphost - ok
20:42:30.0908 4472 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:42:30.0910 4472 usbaudio - ok
20:42:30.0939 4472 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:42:30.0941 4472 usbccgp - ok
20:42:30.0958 4472 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:42:30.0961 4472 usbcir - ok
20:42:30.0986 4472 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:42:30.0987 4472 usbehci - ok
20:42:31.0017 4472 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:42:31.0021 4472 usbhub - ok
20:42:31.0039 4472 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:42:31.0041 4472 usbohci - ok
20:42:31.0073 4472 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:42:31.0076 4472 usbprint - ok
20:42:31.0113 4472 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:42:31.0114 4472 usbscan - ok
20:42:31.0151 4472 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:42:31.0153 4472 USBSTOR - ok
20:42:31.0173 4472 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:42:31.0174 4472 usbuhci - ok
20:42:31.0190 4472 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:42:31.0193 4472 usbvideo - ok
20:42:31.0220 4472 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:42:31.0222 4472 UxSms - ok
20:42:31.0236 4472 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:42:31.0237 4472 VaultSvc - ok
20:42:31.0265 4472 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:42:31.0267 4472 vdrvroot - ok
20:42:31.0294 4472 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:42:31.0301 4472 vds - ok
20:42:31.0324 4472 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:42:31.0326 4472 vga - ok
20:42:31.0341 4472 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:42:31.0342 4472 VgaSave - ok
20:42:31.0360 4472 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:42:31.0363 4472 vhdmp - ok
20:42:31.0386 4472 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:42:31.0387 4472 viaide - ok
20:42:31.0400 4472 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:42:31.0403 4472 volmgr - ok
20:42:31.0429 4472 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:42:31.0433 4472 volmgrx - ok
20:42:31.0448 4472 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:42:31.0451 4472 volsnap - ok
20:42:31.0469 4472 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:42:31.0471 4472 vsmraid - ok
20:42:31.0512 4472 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:42:31.0537 4472 VSS - ok
20:42:31.0549 4472 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:42:31.0550 4472 vwifibus - ok
20:42:31.0576 4472 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:42:31.0581 4472 W32Time - ok
20:42:31.0596 4472 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:42:31.0598 4472 WacomPen - ok
20:42:31.0633 4472 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:42:31.0635 4472 WANARP - ok
20:42:31.0640 4472 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:42:31.0641 4472 Wanarpv6 - ok
20:42:31.0693 4472 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:42:31.0720 4472 WatAdminSvc - ok
20:42:31.0767 4472 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:42:31.0793 4472 wbengine - ok
20:42:31.0817 4472 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:42:31.0821 4472 WbioSrvc - ok
20:42:31.0845 4472 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:42:31.0850 4472 wcncsvc - ok
20:42:31.0865 4472 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:42:31.0868 4472 WcsPlugInService - ok
20:42:31.0888 4472 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:42:31.0889 4472 Wd - ok
20:42:31.0930 4472 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
20:42:31.0931 4472 WDC_SAM - ok
20:42:31.0969 4472 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:42:31.0977 4472 Wdf01000 - ok
20:42:31.0995 4472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:42:32.0002 4472 WdiServiceHost - ok
20:42:32.0009 4472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:42:32.0011 4472 WdiSystemHost - ok
20:42:32.0043 4472 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:42:32.0047 4472 WebClient - ok
20:42:32.0070 4472 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:42:32.0074 4472 Wecsvc - ok
20:42:32.0093 4472 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:42:32.0095 4472 wercplsupport - ok
20:42:32.0113 4472 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:42:32.0116 4472 WerSvc - ok
20:42:32.0139 4472 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:42:32.0141 4472 WfpLwf - ok
20:42:32.0157 4472 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:42:32.0158 4472 WIMMount - ok
20:42:32.0168 4472 WinDefend - ok
20:42:32.0174 4472 WinHttpAutoProxySvc - ok
20:42:32.0213 4472 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:42:32.0216 4472 Winmgmt - ok
20:42:32.0264 4472 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:42:32.0299 4472 WinRM - ok
20:42:32.0349 4472 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:42:32.0350 4472 WinUsb - ok
20:42:32.0393 4472 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:42:32.0403 4472 Wlansvc - ok
20:42:32.0426 4472 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:42:32.0428 4472 WmiAcpi - ok
20:42:32.0441 4472 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:42:32.0444 4472 wmiApSrv - ok
20:42:32.0463 4472 WMPNetworkSvc - ok
20:42:32.0516 4472 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
20:42:32.0521 4472 WMZuneComm - ok
20:42:32.0546 4472 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:42:32.0548 4472 WPCSvc - ok
20:42:32.0567 4472 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:42:32.0570 4472 WPDBusEnum - ok
20:42:32.0592 4472 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:42:32.0594 4472 ws2ifsl - ok
20:42:32.0611 4472 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:42:32.0614 4472 wscsvc - ok
20:42:32.0618 4472 WSearch - ok
20:42:32.0689 4472 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:42:32.0733 4472 wuauserv - ok
20:42:32.0773 4472 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:42:32.0775 4472 WudfPf - ok
20:42:32.0796 4472 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:42:32.0799 4472 WUDFRd - ok
20:42:32.0815 4472 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:42:32.0818 4472 wudfsvc - ok
20:42:32.0839 4472 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:42:32.0843 4472 WwanSvc - ok
20:42:32.0999 4472 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
20:42:33.0121 4472 ZuneNetworkSvc - ok
20:42:33.0149 4472 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
20:42:33.0162 4472 ZuneWlanCfgSvc - ok
20:42:33.0175 4472 ================ Scan global ===============================
20:42:33.0190 4472 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:42:33.0227 4472 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:42:33.0234 4472 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:42:33.0261 4472 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:42:33.0276 4472 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:42:33.0280 4472 [Global] - ok
20:42:33.0281 4472 ================ Scan MBR ==================================
20:42:33.0286 4472 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:42:33.0286 4472 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:42:33.0309 4472 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:42:33.0309 4472 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:42:33.0310 4472 ================ Scan VBR ==================================
20:42:33.0339 4472 [ 3C6BC8E394B29360374F821D4EB06B57 ] \Device\Harddisk0\DR0\Partition1
20:42:33.0341 4472 \Device\Harddisk0\DR0\Partition1 - ok
20:42:33.0353 4472 [ 4EBC6B3CDFC9343D2FA30552E517992D ] \Device\Harddisk0\DR0\Partition2
20:42:33.0355 4472 \Device\Harddisk0\DR0\Partition2 - ok
20:42:33.0355 4472 ============================================================
20:42:33.0355 4472 Scan finished
20:42:33.0355 4472 ============================================================
20:42:33.0366 1536 Detected object count: 1
20:42:33.0366 1536 Actual detected object count: 1
20:42:46.0481 1536 \Device\Harddisk0\DR0\# - copied to quarantine
20:42:46.0483 1536 \Device\Harddisk0\DR0 - copied to quarantine
20:42:46.0526 1536 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:42:46.0528 1536 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:42:46.0544 1536 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:42:46.0551 1536 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:42:46.0552 1536 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:42:46.0553 1536 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:42:46.0555 1536 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:42:46.0557 1536 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:42:46.0560 1536 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:42:46.0560 1536 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:42:46.0561 1536 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:42:46.0562 1536 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:42:46.0588 1536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:42:46.0591 1536 \Device\Harddisk0\DR0 - ok
20:42:52.0174 1536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:43:22.0312 3124 Deinitialize success


20:40:52.0044 1656 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:40:52.0480 1656 ============================================================
20:40:52.0480 1656 Current date / time: 2012/11/28 20:40:52.0480
20:40:52.0480 1656 SystemInfo:
20:40:52.0480 1656
20:40:52.0481 1656 OS Version: 6.1.7601 ServicePack: 1.0
20:40:52.0481 1656 Product type: Workstation
20:40:52.0481 1656 ComputerName: CLIENT-PC
20:40:52.0481 1656 UserName: CLIENT
20:40:52.0481 1656 Windows directory: C:\Windows
20:40:52.0481 1656 System windows directory: C:\Windows
20:40:52.0481 1656 Running under WOW64
20:40:52.0481 1656 Processor architecture: Intel x64
20:40:52.0481 1656 Number of processors: 2
20:40:52.0481 1656 Page size: 0x1000
20:40:52.0481 1656 Boot type: Normal boot
20:40:52.0481 1656 ============================================================
20:40:53.0366 1656 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:40:53.0386 1656 ============================================================
20:40:53.0386 1656 \Device\Harddisk0\DR0:
20:40:53.0386 1656 MBR partitions:
20:40:53.0386 1656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:40:53.0386 1656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030
20:40:53.0386 1656 ============================================================
20:40:53.0416 1656 C: <-> \Device\Harddisk0\DR0\Partition2
20:40:53.0416 1656 ============================================================
20:40:53.0416 1656 Initialize success
20:40:53.0416 1656 ============================================================
20:41:06.0665 5012 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-28 20:56:50
-----------------------------
20:56:50.227 OS Version: Windows x64 6.1.7601 Service Pack 1
20:56:50.228 Number of processors: 2 586 0x603
20:56:50.229 ComputerName: CLIENT-PC UserName: CLIENT
20:56:51.661 Initialize success
20:58:41.610 AVAST engine defs: 12112801
20:59:03.026 The log file has been saved successfully to "C:\Users\CLIENT\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 AM

Posted 28 November 2012 - 10:28 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 surf

surf
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 AM

Posted 28 November 2012 - 10:55 PM

ComboFix 12-11-28.02 - CLIENT 11/28/2012 21:41:36.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1919.971 [GMT -6:00]
Running from: c:\users\CLIENT\Desktop\ComboFix.exe
Command switches used :: c:\users\CLIENT\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 03:47 . 2012-11-29 03:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 02:42 . 2012-11-29 02:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-29 02:26 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EED2DBD-ED30-49B8-94A5-52B6CFF18491}\mpengine.dll
2012-11-28 18:15 . 2012-11-28 18:15 -------- d-----w- c:\windows\Sun
2012-11-28 01:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-18 02:26 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-18 02:25 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-18 02:25 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-18 02:25 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-18 02:18 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-18 02:18 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-18 02:18 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-18 02:18 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-18 02:18 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 02:18 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-18 02:18 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-10 10:34 . 2012-11-12 21:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-09 20:39 . 2012-11-09 20:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-09 20:39 . 2012-11-09 20:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-09 20:38 . 2012-11-09 20:38 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-09 20:35 . 2012-11-09 20:35 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 02:19 . 2011-02-08 20:32 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-09 20:37 . 2011-03-08 21:22 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-22 02:29 . 2012-10-22 02:29 58704 ----a-r- c:\users\CLIENT\AppData\Roaming\Microsoft\Installer\{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}\ARPPRODUCTICON.exe
2012-10-16 08:38 . 2012-11-28 00:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 00:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 00:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 10:44 . 2012-06-04 13:03 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 10:44 . 2011-07-07 02:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 13:33 . 2012-10-22 02:33 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0143635-D836-4ED6-BB95-60885DEA8F44}\gapaengine.dll
2012-10-03 13:33 . 2011-03-26 10:44 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 01:54 . 2011-04-03 19:07 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 12:46 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 12:47 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-14 18:51 . 2011-03-14 18:49 6277496 ----a-w- c:\program files\Silverlight.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FXDrv32;FXDrv32;D:\FXDrv64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:44]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 02:04]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 02:04]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266725863-3690335571-4066993543-1001Core.job
- c:\users\CLIENT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 17:54]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266725863-3690335571-4066993543-1001UA.job
- c:\users\CLIENT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 17:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-11 8114720]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MRT"="c:\windows\system32\MRT.exe" [2012-11-18 66395536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: academybankmw.com
Trusted Zone: scat.suz.com\Cww
Trusted Zone: scat.suz.com\www
Trusted Zone: suz.com\Cww.scat
Trusted Zone: suz.com\www.scat
Trusted Zone: suzuki.com\www.dealer
Trusted Zone: suzukiconnect.com\www
Trusted Zone: suzukidcs.com\www
Trusted Zone: scat.suz.com\cww
Trusted Zone: scat.suz.com\www
Trusted Zone: suz.com\Cww.scat
Trusted Zone: suz.com\www.scat
Trusted Zone: suzuki.com\www.dealer
Trusted Zone: suzukiconnect.com\www
Trusted Zone: suzukidcs.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-78140619.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-28 21:48:56
ComboFix-quarantined-files.txt 2012-11-29 03:48
ComboFix2.txt 2012-11-28 17:57
ComboFix3.txt 2012-11-28 17:26
.
Pre-Run: 442,629,537,792 bytes free
Post-Run: 442,690,351,104 bytes free
.
- - End Of File - - C2B3D635DF6E1A8D5982AC91C9248D73

I did not have any problems running this again. There is a hard time shutting down still. but i haven't even used this computer except to answer the emails from you.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 AM

Posted 28 November 2012 - 11:12 PM

check things out and let me know how things are going



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users