Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-Generic C


  • This topic is locked This topic is locked
10 replies to this topic

#1 W76

W76

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 29 November 2012 - 02:34 PM

Back in early October, I had spybot found the virus smit fraud generic-c that was successfully removed here. I'm not sure what happened along the way, but I have since been very careful about my web habits. I only visit reputable sites... so I am not sure what happened, but the same virus has returned. Computer is rebooting a few times a day and Trend Micro keeps blocking websites when I'm not even on the web.

My computer started acting up a lot yesterday, but in retrospect it may have had issues dating back to last week.

UPDATE 11/30 - Malwarebytes found a new virus - Heuristics.Reserved.Word.Exploit.- says it removes, but it comes back... similar to smitfraud.

Thanks in advance.

Here are my logs.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by Robert at 11:14:58 on 2012-11-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7934.5609 [GMT -8:00]
.
AV: Trend Micro Security Agent *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Symantec\pcAnywhere\AWHPROBE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Microsoft Office97\Office\OSA.EXE
C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Canon Electronics\DR2010C\TouchDR.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\wiawow64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Canon Electronics\Shared Files\CEITRAY.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [FtLnSOP_setup] C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
mRun: [FTPWRENV] C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [DR-2010C CaptureOnTouch] "C:\Program Files (x86)\Canon Electronics\DR2010C\TouchDR.exe" LOGON
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Microsoft Office97\Office\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SERVIC~1.LNK - C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - <no file>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://themeetingson.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
TCP: NameServer = 192.168.40.1
TCP: Interfaces\{1CFC3999-65CF-4AB4-8472-CF0B33C55EFA} : DHCPNameServer = 192.168.40.1
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll
Notify: PCANotify - PCANotify.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [CANON DR2010C SVC] rundll32.exe DR201SVC.dll,EntryPointUserMessage
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-18 272816]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-5 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-5 676936]
R2 MSSQL$JJKA_KDS;MSSQL$JJKA_KDS;C:\Program Files (x86)\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe -sJJKA_KDS --> C:\Program Files (x86)\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe -sJJKA_KDS [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-25 1153368]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-4-18 69904]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-5 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 SQLAgent$JJKA_KDS;SQLAgent$JJKA_KDS;C:\Program Files (x86)\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlagent.EXE -i JJKA_KDS --> C:\Program Files (x86)\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlagent.EXE -i JJKA_KDS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2012-11-29 19:02:03 20480 ----a-w- C:\Windows\svchost.exe
2012-11-29 13:16:46 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A3D673D-46E2-49D4-AB59-D7ABA15E2F37}\offreg.dll
2012-11-27 20:32:47 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A3D673D-46E2-49D4-AB59-D7ABA15E2F37}\mpengine.dll
2012-11-15 17:17:15 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-11-15 11:07:17 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-15 11:00:51 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 11:00:51 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
.
==================== Find3M ====================
.
2012-10-10 16:14:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-10 16:14:30 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-09 17:59:36 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:59:36 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 11:16:36.09 ===============

Attached Files


Edited by W76, 30 November 2012 - 02:24 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:02 PM

Posted 01 December 2012 - 09:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I found traces of a ZeroAccess infection. Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 W76

W76
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 03 December 2012 - 03:14 PM

I actually ran tdsskiller on my own prior to your response. I will post the log I ran from a few days ago and the one I reran today. First the one from 11/30

13:38:49.0877 3176 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:38:50.0657 3176 ============================================================
13:38:50.0657 3176 Current date / time: 2012/11/30 13:38:50.0657
13:38:50.0657 3176 SystemInfo:
13:38:50.0657 3176
13:38:50.0657 3176 OS Version: 6.1.7601 ServicePack: 1.0
13:38:50.0657 3176 Product type: Workstation
13:38:50.0657 3176 ComputerName: PTWIN705
13:38:50.0657 3176 UserName: Robert
13:38:50.0657 3176 Windows directory: C:\Windows
13:38:50.0657 3176 System windows directory: C:\Windows
13:38:50.0657 3176 Running under WOW64
13:38:50.0657 3176 Processor architecture: Intel x64
13:38:50.0657 3176 Number of processors: 2
13:38:50.0657 3176 Page size: 0x1000
13:38:50.0657 3176 Boot type: Normal boot
13:38:50.0657 3176 ============================================================
13:38:51.0500 3176 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:38:51.0500 3176 ============================================================
13:38:51.0500 3176 \Device\Harddisk0\DR0:
13:38:51.0500 3176 MBR partitions:
13:38:51.0500 3176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:38:51.0500 3176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BE000
13:38:51.0500 3176 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x15994800
13:38:51.0500 3176 ============================================================
13:38:51.0515 3176 C: <-> \Device\Harddisk0\DR0\Partition2
13:38:51.0546 3176 D: <-> \Device\Harddisk0\DR0\Partition3
13:38:51.0546 3176 ============================================================
13:38:51.0546 3176 Initialize success
13:38:51.0546 3176 ============================================================
13:38:54.0464 2344 ============================================================
13:38:54.0464 2344 Scan started
13:38:54.0464 2344 Mode: Manual;
13:38:54.0464 2344 ============================================================
13:38:54.0855 2344 ================ Scan system memory ========================
13:38:54.0855 2344 System memory - ok
13:38:54.0855 2344 ================ Scan services =============================
13:38:55.0026 2344 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:38:55.0026 2344 1394ohci - ok
13:38:55.0057 2344 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:38:55.0057 2344 ACPI - ok
13:38:55.0073 2344 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:38:55.0073 2344 AcpiPmi - ok
13:38:55.0151 2344 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:38:55.0151 2344 AdobeARMservice - ok
13:38:55.0245 2344 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:38:55.0245 2344 AdobeFlashPlayerUpdateSvc - ok
13:38:55.0307 2344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:38:55.0323 2344 adp94xx - ok
13:38:55.0354 2344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:38:55.0354 2344 adpahci - ok
13:38:55.0369 2344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:38:55.0369 2344 adpu320 - ok
13:38:55.0401 2344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:38:55.0401 2344 AeLookupSvc - ok
13:38:55.0432 2344 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:38:55.0432 2344 AFD - ok
13:38:55.0448 2344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:38:55.0448 2344 agp440 - ok
13:38:55.0463 2344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:38:55.0463 2344 ALG - ok
13:38:55.0479 2344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:38:55.0479 2344 aliide - ok
13:38:55.0510 2344 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:38:55.0510 2344 AMD External Events Utility - ok
13:38:55.0526 2344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:38:55.0526 2344 amdide - ok
13:38:55.0526 2344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:38:55.0541 2344 AmdK8 - ok
13:38:55.0728 2344 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:38:55.0853 2344 amdkmdag - ok
13:38:55.0884 2344 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:38:55.0884 2344 amdkmdap - ok
13:38:55.0900 2344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:38:55.0900 2344 AmdPPM - ok
13:38:55.0931 2344 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:38:55.0931 2344 amdsata - ok
13:38:55.0962 2344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:38:55.0978 2344 amdsbs - ok
13:38:55.0994 2344 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:38:55.0994 2344 amdxata - ok
13:38:56.0103 2344 [ 24C5AAB82E681147E8F3D33FD416DAC8 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
13:38:56.0103 2344 Amsp - ok
13:38:56.0134 2344 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:38:56.0134 2344 AppID - ok
13:38:56.0150 2344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:38:56.0150 2344 AppIDSvc - ok
13:38:56.0165 2344 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:38:56.0165 2344 Appinfo - ok
13:38:56.0228 2344 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:38:56.0228 2344 AppMgmt - ok
13:38:56.0259 2344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:38:56.0275 2344 arc - ok
13:38:56.0290 2344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:38:56.0290 2344 arcsas - ok
13:38:56.0384 2344 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:38:56.0384 2344 aspnet_state - ok
13:38:56.0399 2344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:38:56.0399 2344 AsyncMac - ok
13:38:56.0415 2344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:38:56.0415 2344 atapi - ok
13:38:56.0493 2344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:38:56.0493 2344 AudioEndpointBuilder - ok
13:38:56.0524 2344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:38:56.0524 2344 AudioSrv - ok
13:38:56.0571 2344 [ B7A8FE974F4C5785F21B8EDFCCD1BB86 ] awecho C:\Windows\syswow64\drivers\awechomd.sys
13:38:56.0571 2344 awecho - ok
13:38:56.0587 2344 [ E1CDED3A9CCD6EF4B1EC9FB1C4EB6275 ] awhost32 C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
13:38:56.0587 2344 awhost32 - ok
13:38:56.0602 2344 [ 9808626EC988C6B7C773589B3B5993A0 ] AW_HOST C:\Windows\syswow64\drivers\aw_host5.sys
13:38:56.0602 2344 AW_HOST - ok
13:38:56.0618 2344 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:38:56.0618 2344 AxInstSV - ok
13:38:56.0665 2344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:38:56.0665 2344 b06bdrv - ok
13:38:56.0711 2344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:38:56.0711 2344 b57nd60a - ok
13:38:56.0727 2344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:38:56.0727 2344 BDESVC - ok
13:38:56.0743 2344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:38:56.0743 2344 Beep - ok
13:38:56.0774 2344 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:38:56.0774 2344 BFE - ok
13:38:56.0805 2344 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:38:56.0805 2344 BITS - ok
13:38:56.0821 2344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:38:56.0821 2344 blbdrive - ok
13:38:56.0836 2344 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:38:56.0836 2344 bowser - ok
13:38:56.0852 2344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:38:56.0852 2344 BrFiltLo - ok
13:38:56.0868 2344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:38:56.0868 2344 BrFiltUp - ok
13:38:56.0899 2344 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:38:56.0899 2344 BridgeMP - ok
13:38:56.0930 2344 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:38:56.0930 2344 Browser - ok
13:38:56.0946 2344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:38:56.0961 2344 Brserid - ok
13:38:56.0961 2344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:38:56.0961 2344 BrSerWdm - ok
13:38:56.0977 2344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:38:56.0977 2344 BrUsbMdm - ok
13:38:56.0992 2344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:38:56.0992 2344 BrUsbSer - ok
13:38:57.0008 2344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:38:57.0008 2344 BTHMODEM - ok
13:38:57.0055 2344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:38:57.0055 2344 bthserv - ok
13:38:57.0055 2344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:38:57.0055 2344 cdfs - ok
13:38:57.0086 2344 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:38:57.0086 2344 cdrom - ok
13:38:57.0102 2344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:38:57.0102 2344 CertPropSvc - ok
13:38:57.0133 2344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:38:57.0133 2344 circlass - ok
13:38:57.0148 2344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:38:57.0148 2344 CLFS - ok
13:38:57.0195 2344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:38:57.0211 2344 clr_optimization_v2.0.50727_32 - ok
13:38:57.0242 2344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:38:57.0242 2344 clr_optimization_v2.0.50727_64 - ok
13:38:57.0336 2344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:38:57.0351 2344 clr_optimization_v4.0.30319_32 - ok
13:38:57.0367 2344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:38:57.0367 2344 clr_optimization_v4.0.30319_64 - ok
13:38:57.0398 2344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:38:57.0398 2344 CmBatt - ok
13:38:57.0414 2344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:38:57.0414 2344 cmdide - ok
13:38:57.0445 2344 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:38:57.0445 2344 CNG - ok
13:38:57.0460 2344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:38:57.0460 2344 Compbatt - ok
13:38:57.0476 2344 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:38:57.0476 2344 CompositeBus - ok
13:38:57.0492 2344 COMSysApp - ok
13:38:57.0492 2344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:38:57.0492 2344 crcdisk - ok
13:38:57.0523 2344 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:38:57.0539 2344 CryptSvc - ok
13:38:57.0570 2344 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:38:57.0570 2344 CSC - ok
13:38:57.0601 2344 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:38:57.0601 2344 CscService - ok
13:38:57.0632 2344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:38:57.0632 2344 DcomLaunch - ok
13:38:57.0648 2344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:38:57.0663 2344 defragsvc - ok
13:38:57.0679 2344 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:38:57.0679 2344 DfsC - ok
13:38:57.0710 2344 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:38:57.0710 2344 Dhcp - ok
13:38:57.0726 2344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:38:57.0726 2344 discache - ok
13:38:57.0741 2344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:38:57.0757 2344 Disk - ok
13:38:57.0773 2344 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:38:57.0773 2344 dmvsc - ok
13:38:57.0804 2344 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:38:57.0804 2344 Dnscache - ok
13:38:57.0819 2344 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:38:57.0819 2344 dot3svc - ok
13:38:57.0851 2344 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:38:57.0851 2344 dot4 - ok
13:38:57.0866 2344 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:38:57.0866 2344 Dot4Print - ok
13:38:57.0882 2344 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:38:57.0882 2344 dot4usb - ok
13:38:57.0897 2344 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:38:57.0897 2344 DPS - ok
13:38:57.0913 2344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:38:57.0913 2344 drmkaud - ok
13:38:57.0944 2344 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:38:57.0944 2344 DXGKrnl - ok
13:38:57.0960 2344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:38:57.0960 2344 EapHost - ok
13:38:58.0022 2344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:38:58.0100 2344 ebdrv - ok
13:38:58.0147 2344 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:38:58.0147 2344 EFS - ok
13:38:58.0194 2344 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:38:58.0209 2344 ehRecvr - ok
13:38:58.0225 2344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:38:58.0225 2344 ehSched - ok
13:38:58.0272 2344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:38:58.0288 2344 elxstor - ok
13:38:58.0303 2344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:38:58.0303 2344 ErrDev - ok
13:38:58.0350 2344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:38:58.0350 2344 EventSystem - ok
13:38:58.0366 2344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:38:58.0366 2344 exfat - ok
13:38:58.0381 2344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:38:58.0397 2344 fastfat - ok
13:38:58.0412 2344 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:38:58.0412 2344 Fax - ok
13:38:58.0428 2344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:38:58.0428 2344 fdc - ok
13:38:58.0444 2344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:38:58.0444 2344 fdPHost - ok
13:38:58.0459 2344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:38:58.0459 2344 FDResPub - ok
13:38:58.0475 2344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:38:58.0475 2344 FileInfo - ok
13:38:58.0490 2344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:38:58.0490 2344 Filetrace - ok
13:38:58.0490 2344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:38:58.0490 2344 flpydisk - ok
13:38:58.0522 2344 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:38:58.0522 2344 FltMgr - ok
13:38:58.0568 2344 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
13:38:58.0600 2344 FontCache - ok
13:38:58.0646 2344 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:38:58.0646 2344 FontCache3.0.0.0 - ok
13:38:58.0662 2344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:38:58.0662 2344 FsDepends - ok
13:38:58.0693 2344 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:38:58.0693 2344 Fs_Rec - ok
13:38:58.0709 2344 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:38:58.0709 2344 fvevol - ok
13:38:58.0740 2344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:38:58.0740 2344 gagp30kx - ok
13:38:58.0771 2344 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:38:58.0771 2344 gpsvc - ok
13:38:58.0896 2344 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:38:58.0896 2344 gupdate - ok
13:38:58.0912 2344 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:38:58.0912 2344 gupdatem - ok
13:38:58.0959 2344 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:38:58.0959 2344 gusvc - ok
13:38:58.0974 2344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:38:58.0990 2344 hcw85cir - ok
13:38:59.0021 2344 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:38:59.0037 2344 HdAudAddService - ok
13:38:59.0052 2344 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:38:59.0068 2344 HDAudBus - ok
13:38:59.0083 2344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:38:59.0083 2344 HidBatt - ok
13:38:59.0099 2344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:38:59.0099 2344 HidBth - ok
13:38:59.0115 2344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:38:59.0115 2344 HidIr - ok
13:38:59.0130 2344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:38:59.0146 2344 hidserv - ok
13:38:59.0161 2344 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:38:59.0161 2344 HidUsb - ok
13:38:59.0177 2344 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:38:59.0193 2344 hkmsvc - ok
13:38:59.0208 2344 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:38:59.0208 2344 HomeGroupListener - ok
13:38:59.0239 2344 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:38:59.0239 2344 HomeGroupProvider - ok
13:38:59.0255 2344 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:38:59.0255 2344 HpSAMD - ok
13:38:59.0286 2344 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:38:59.0286 2344 HTTP - ok
13:38:59.0302 2344 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:38:59.0302 2344 hwpolicy - ok
13:38:59.0317 2344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:38:59.0333 2344 i8042prt - ok
13:38:59.0333 2344 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:38:59.0349 2344 iaStorV - ok
13:38:59.0395 2344 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:38:59.0395 2344 idsvc - ok
13:38:59.0411 2344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:38:59.0411 2344 iirsp - ok
13:38:59.0473 2344 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:38:59.0505 2344 IKEEXT - ok
13:38:59.0536 2344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:38:59.0551 2344 intelide - ok
13:38:59.0583 2344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
13:38:59.0583 2344 intelppm - ok
13:38:59.0598 2344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:38:59.0614 2344 IPBusEnum - ok
13:38:59.0629 2344 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:38:59.0629 2344 IpFilterDriver - ok
13:38:59.0661 2344 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:38:59.0661 2344 iphlpsvc - ok
13:38:59.0676 2344 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:38:59.0676 2344 IPMIDRV - ok
13:38:59.0692 2344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:38:59.0692 2344 IPNAT - ok
13:38:59.0708 2344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:38:59.0708 2344 IRENUM - ok
13:38:59.0723 2344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:38:59.0723 2344 isapnp - ok
13:38:59.0739 2344 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:38:59.0754 2344 iScsiPrt - ok
13:38:59.0786 2344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:38:59.0786 2344 kbdclass - ok
13:38:59.0801 2344 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:38:59.0801 2344 kbdhid - ok
13:38:59.0817 2344 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:38:59.0817 2344 KeyIso - ok
13:38:59.0848 2344 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:38:59.0848 2344 KSecDD - ok
13:38:59.0864 2344 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:38:59.0864 2344 KSecPkg - ok
13:38:59.0879 2344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:38:59.0879 2344 ksthunk - ok
13:38:59.0910 2344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:38:59.0910 2344 KtmRm - ok
13:38:59.0926 2344 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:38:59.0942 2344 LanmanServer - ok
13:38:59.0957 2344 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:38:59.0957 2344 LanmanWorkstation - ok
13:38:59.0973 2344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:38:59.0988 2344 lltdio - ok
13:39:00.0004 2344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:39:00.0004 2344 lltdsvc - ok
13:39:00.0020 2344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:39:00.0020 2344 lmhosts - ok
13:39:00.0035 2344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:39:00.0035 2344 LSI_FC - ok
13:39:00.0066 2344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:39:00.0066 2344 LSI_SAS - ok
13:39:00.0082 2344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:39:00.0082 2344 LSI_SAS2 - ok
13:39:00.0098 2344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:39:00.0098 2344 LSI_SCSI - ok
13:39:00.0113 2344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:39:00.0113 2344 luafv - ok
13:39:00.0129 2344 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:39:00.0144 2344 MBAMProtector - ok
13:39:00.0191 2344 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:39:00.0191 2344 MBAMScheduler - ok
13:39:00.0207 2344 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:39:00.0222 2344 MBAMService - ok
13:39:00.0254 2344 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:39:00.0254 2344 Mcx2Svc - ok
13:39:00.0300 2344 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:39:00.0332 2344 MDM - ok
13:39:00.0363 2344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:39:00.0363 2344 megasas - ok
13:39:00.0379 2344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:39:00.0394 2344 MegaSR - ok
13:39:00.0410 2344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:39:00.0410 2344 MMCSS - ok
13:39:00.0425 2344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:39:00.0425 2344 Modem - ok
13:39:00.0441 2344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:39:00.0441 2344 monitor - ok
13:39:00.0457 2344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:39:00.0457 2344 mouclass - ok
13:39:00.0488 2344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:39:00.0488 2344 mouhid - ok
13:39:00.0488 2344 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:39:00.0503 2344 mountmgr - ok
13:39:00.0503 2344 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:39:00.0519 2344 mpio - ok
13:39:00.0535 2344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:39:00.0535 2344 mpsdrv - ok
13:39:00.0550 2344 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:39:00.0566 2344 MpsSvc - ok
13:39:00.0566 2344 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:39:00.0566 2344 MRxDAV - ok
13:39:00.0597 2344 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:39:00.0597 2344 mrxsmb - ok
13:39:00.0613 2344 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:39:00.0613 2344 mrxsmb10 - ok
13:39:00.0644 2344 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:39:00.0644 2344 mrxsmb20 - ok
13:39:00.0659 2344 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:39:00.0659 2344 msahci - ok
13:39:00.0675 2344 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:39:00.0675 2344 msdsm - ok
13:39:00.0691 2344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:39:00.0691 2344 MSDTC - ok
13:39:00.0706 2344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:39:00.0706 2344 Msfs - ok
13:39:00.0722 2344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:39:00.0722 2344 mshidkmdf - ok
13:39:00.0737 2344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:39:00.0737 2344 msisadrv - ok
13:39:00.0769 2344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:39:00.0769 2344 MSiSCSI - ok
13:39:00.0784 2344 msiserver - ok
13:39:00.0815 2344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:39:00.0815 2344 MSKSSRV - ok
13:39:00.0815 2344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:39:00.0815 2344 MSPCLOCK - ok
13:39:00.0831 2344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:39:00.0831 2344 MSPQM - ok
13:39:00.0847 2344 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:39:00.0847 2344 MsRPC - ok
13:39:00.0862 2344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:39:00.0862 2344 mssmbios - ok
13:39:00.0893 2344 MSSQL$JJKA_KDS - ok
13:39:00.0940 2344 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
13:39:01.0003 2344 MSSQLServerADHelper - ok
13:39:01.0018 2344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:39:01.0018 2344 MSTEE - ok
13:39:01.0018 2344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:39:01.0034 2344 MTConfig - ok
13:39:01.0065 2344 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
13:39:01.0065 2344 MTsensor - ok
13:39:01.0081 2344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:39:01.0081 2344 Mup - ok
13:39:01.0128 2344 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:39:01.0143 2344 napagent - ok
13:39:01.0174 2344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:39:01.0174 2344 NativeWifiP - ok
13:39:01.0221 2344 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:39:01.0237 2344 NDIS - ok
13:39:01.0252 2344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:39:01.0252 2344 NdisCap - ok
13:39:01.0268 2344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:39:01.0268 2344 NdisTapi - ok
13:39:01.0284 2344 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:39:01.0284 2344 Ndisuio - ok
13:39:01.0315 2344 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:39:01.0315 2344 NdisWan - ok
13:39:01.0315 2344 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:39:01.0330 2344 NDProxy - ok
13:39:01.0346 2344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:39:01.0346 2344 NetBIOS - ok
13:39:01.0362 2344 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:39:01.0362 2344 NetBT - ok
13:39:01.0377 2344 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:39:01.0377 2344 Netlogon - ok
13:39:01.0424 2344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:39:01.0440 2344 Netman - ok
13:39:01.0471 2344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:39:01.0471 2344 NetMsmqActivator - ok
13:39:01.0486 2344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:39:01.0502 2344 NetPipeActivator - ok
13:39:01.0518 2344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:39:01.0518 2344 netprofm - ok
13:39:01.0533 2344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:39:01.0533 2344 NetTcpActivator - ok
13:39:01.0533 2344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:39:01.0533 2344 NetTcpPortSharing - ok
13:39:01.0564 2344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:39:01.0564 2344 nfrd960 - ok
13:39:01.0564 2344 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:39:01.0564 2344 NlaSvc - ok
13:39:01.0580 2344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:39:01.0596 2344 Npfs - ok
13:39:01.0596 2344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:39:01.0611 2344 nsi - ok
13:39:01.0611 2344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:39:01.0611 2344 nsiproxy - ok
13:39:01.0658 2344 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:39:01.0674 2344 Ntfs - ok
13:39:01.0689 2344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:39:01.0689 2344 Null - ok
13:39:01.0705 2344 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:39:01.0705 2344 nvraid - ok
13:39:01.0720 2344 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:39:01.0720 2344 nvstor - ok
13:39:01.0720 2344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:39:01.0720 2344 nv_agp - ok
13:39:01.0783 2344 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:39:01.0799 2344 odserv - ok
13:39:01.0814 2344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:39:01.0814 2344 ohci1394 - ok
13:39:01.0861 2344 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:39:01.0861 2344 ose - ok
13:39:01.0892 2344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:39:01.0908 2344 p2pimsvc - ok
13:39:01.0923 2344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:39:01.0939 2344 p2psvc - ok
13:39:01.0986 2344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:39:01.0986 2344 Parport - ok
13:39:02.0017 2344 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:39:02.0017 2344 partmgr - ok
13:39:02.0064 2344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:39:02.0064 2344 PcaSvc - ok
13:39:02.0079 2344 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:39:02.0095 2344 pci - ok
13:39:02.0095 2344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:39:02.0095 2344 pciide - ok
13:39:02.0126 2344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:39:02.0126 2344 pcmcia - ok
13:39:02.0142 2344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:39:02.0142 2344 pcw - ok
13:39:02.0157 2344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:39:02.0173 2344 PEAUTH - ok
13:39:02.0204 2344 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:39:02.0235 2344 PeerDistSvc - ok
13:39:02.0298 2344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:39:02.0298 2344 PerfHost - ok
13:39:02.0360 2344 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:39:02.0376 2344 pla - ok
13:39:02.0423 2344 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:39:02.0423 2344 PlugPlay - ok
13:39:02.0438 2344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:39:02.0438 2344 PNRPAutoReg - ok
13:39:02.0454 2344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:39:02.0454 2344 PNRPsvc - ok
13:39:02.0485 2344 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:39:02.0501 2344 Point64 - ok
13:39:02.0516 2344 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:39:02.0548 2344 PolicyAgent - ok
13:39:02.0563 2344 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:39:02.0563 2344 Power - ok
13:39:02.0594 2344 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:39:02.0594 2344 PptpMiniport - ok
13:39:02.0610 2344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:39:02.0610 2344 Processor - ok
13:39:02.0641 2344 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
13:39:02.0641 2344 ProfSvc - ok
13:39:02.0657 2344 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:39:02.0657 2344 ProtectedStorage - ok
13:39:02.0672 2344 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:39:02.0672 2344 Psched - ok
13:39:02.0719 2344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:39:02.0750 2344 ql2300 - ok
13:39:02.0782 2344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:39:02.0782 2344 ql40xx - ok
13:39:02.0797 2344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:39:02.0813 2344 QWAVE - ok
13:39:02.0813 2344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:39:02.0828 2344 QWAVEdrv - ok
13:39:02.0844 2344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:39:02.0844 2344 RasAcd - ok
13:39:02.0860 2344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:39:02.0860 2344 RasAgileVpn - ok
13:39:02.0875 2344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:39:02.0875 2344 RasAuto - ok
13:39:02.0891 2344 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:39:02.0891 2344 Rasl2tp - ok
13:39:02.0922 2344 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:39:02.0922 2344 RasMan - ok
13:39:02.0938 2344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:39:02.0938 2344 RasPppoe - ok
13:39:02.0953 2344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:39:02.0953 2344 RasSstp - ok
13:39:02.0969 2344 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:39:02.0969 2344 rdbss - ok
13:39:02.0984 2344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:39:02.0984 2344 rdpbus - ok
13:39:03.0000 2344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:39:03.0000 2344 RDPCDD - ok
13:39:03.0016 2344 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:39:03.0016 2344 RDPDR - ok
13:39:03.0031 2344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:39:03.0047 2344 RDPENCDD - ok
13:39:03.0062 2344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:39:03.0062 2344 RDPREFMP - ok
13:39:03.0094 2344 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:39:03.0094 2344 RDPWD - ok
13:39:03.0125 2344 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:39:03.0125 2344 rdyboost - ok
13:39:03.0140 2344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:39:03.0156 2344 RemoteAccess - ok
13:39:03.0172 2344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:39:03.0187 2344 RemoteRegistry - ok
13:39:03.0187 2344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:39:03.0203 2344 RpcEptMapper - ok
13:39:03.0219 2344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:39:03.0219 2344 RpcLocator - ok
13:39:03.0250 2344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:39:03.0250 2344 RpcSs - ok
13:39:03.0265 2344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:39:03.0265 2344 rspndr - ok
13:39:03.0297 2344 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:39:03.0297 2344 RTL8167 - ok
13:39:03.0328 2344 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:39:03.0328 2344 s3cap - ok
13:39:03.0328 2344 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:39:03.0343 2344 SamSs - ok
13:39:03.0359 2344 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:39:03.0359 2344 sbp2port - ok
13:39:03.0437 2344 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:39:03.0453 2344 SBSDWSCService - ok
13:39:03.0484 2344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:39:03.0484 2344 SCardSvr - ok
13:39:03.0499 2344 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:39:03.0499 2344 scfilter - ok
13:39:03.0515 2344 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:39:03.0531 2344 Schedule - ok
13:39:03.0546 2344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:39:03.0562 2344 SCPolicySvc - ok
13:39:03.0562 2344 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:39:03.0577 2344 SDRSVC - ok
13:39:03.0609 2344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:39:03.0609 2344 secdrv - ok
13:39:03.0609 2344 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:39:03.0624 2344 seclogon - ok
13:39:03.0624 2344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:39:03.0624 2344 SENS - ok
13:39:03.0640 2344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:39:03.0640 2344 SensrSvc - ok
13:39:03.0655 2344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:39:03.0655 2344 Serenum - ok
13:39:03.0655 2344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:39:03.0655 2344 Serial - ok
13:39:03.0671 2344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:39:03.0671 2344 sermouse - ok
13:39:03.0702 2344 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:39:03.0702 2344 SessionEnv - ok
13:39:03.0702 2344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:39:03.0718 2344 sffdisk - ok
13:39:03.0718 2344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:39:03.0718 2344 sffp_mmc - ok
13:39:03.0733 2344 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:39:03.0733 2344 sffp_sd - ok
13:39:03.0749 2344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:39:03.0749 2344 sfloppy - ok
13:39:03.0765 2344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:39:03.0796 2344 SharedAccess - ok
13:39:03.0843 2344 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:39:03.0843 2344 ShellHWDetection - ok
13:39:03.0858 2344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:39:03.0858 2344 SiSRaid2 - ok
13:39:03.0874 2344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:39:03.0874 2344 SiSRaid4 - ok
13:39:03.0889 2344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:39:03.0889 2344 Smb - ok
13:39:03.0921 2344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:39:03.0936 2344 SNMPTRAP - ok
13:39:03.0936 2344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:39:03.0936 2344 spldr - ok
13:39:03.0952 2344 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:39:03.0968 2344 Spooler - ok
13:39:04.0030 2344 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:39:04.0061 2344 sppsvc - ok
13:39:04.0077 2344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:39:04.0077 2344 sppuinotify - ok
13:39:04.0092 2344 SQLAgent$JJKA_KDS - ok
13:39:04.0108 2344 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:39:04.0124 2344 srv - ok
13:39:04.0139 2344 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:39:04.0139 2344 srv2 - ok
13:39:04.0155 2344 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:39:04.0155 2344 srvnet - ok
13:39:04.0186 2344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:39:04.0186 2344 SSDPSRV - ok
13:39:04.0202 2344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:39:04.0217 2344 SstpSvc - ok
13:39:04.0248 2344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:39:04.0248 2344 stexstor - ok
13:39:04.0264 2344 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:39:04.0280 2344 stisvc - ok
13:39:04.0295 2344 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:39:04.0295 2344 storflt - ok
13:39:04.0326 2344 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
13:39:04.0326 2344 StorSvc - ok
13:39:04.0358 2344 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:39:04.0358 2344 storvsc - ok
13:39:04.0373 2344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:39:04.0373 2344 swenum - ok
13:39:04.0389 2344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:39:04.0389 2344 swprv - ok
13:39:04.0436 2344 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:39:04.0467 2344 SysMain - ok
13:39:04.0482 2344 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:39:04.0482 2344 TabletInputService - ok
13:39:04.0498 2344 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:39:04.0498 2344 TapiSrv - ok
13:39:04.0514 2344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:39:04.0514 2344 TBS - ok
13:39:04.0623 2344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:39:04.0670 2344 Tcpip - ok
13:39:04.0763 2344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:39:04.0779 2344 TCPIP6 - ok
13:39:04.0795 2344 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:39:04.0795 2344 tcpipreg - ok
13:39:04.0810 2344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:39:04.0826 2344 TDPIPE - ok
13:39:04.0841 2344 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:39:04.0841 2344 TDTCP - ok
13:39:04.0857 2344 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:39:04.0857 2344 tdx - ok
13:39:04.0873 2344 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:39:04.0873 2344 TermDD - ok
13:39:04.0888 2344 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:39:04.0904 2344 TermService - ok
13:39:04.0919 2344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:39:04.0919 2344 Themes - ok
13:39:04.0935 2344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:39:04.0935 2344 THREADORDER - ok
13:39:04.0966 2344 [ 95AB85CF9C7EDC62845D21BB596B0093 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
13:39:04.0982 2344 tmactmon - ok
13:39:04.0997 2344 [ 0B975F08621CADF7F8EC164E1A991CF3 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
13:39:04.0997 2344 tmcomm - ok
13:39:05.0013 2344 [ AEA9012CFC3C4B2A167B210C523B9B65 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:39:05.0013 2344 tmevtmgr - ok
13:39:05.0107 2344 [ 2C5BDCB2EFAB4CA5B88DAF2C97A5794D ] TmListen C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
13:39:05.0122 2344 TmListen - ok
13:39:05.0153 2344 [ 77B9BEBB0769F45EF770297196EF3506 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
13:39:05.0153 2344 tmtdi - ok
13:39:05.0169 2344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:39:05.0169 2344 TrkWks - ok
13:39:05.0216 2344 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:39:05.0216 2344 TrustedInstaller - ok
13:39:05.0216 2344 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:39:05.0231 2344 tssecsrv - ok
13:39:05.0247 2344 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:39:05.0247 2344 TsUsbFlt - ok
13:39:05.0263 2344 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:39:05.0263 2344 TsUsbGD - ok
13:39:05.0294 2344 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:39:05.0294 2344 tunnel - ok
13:39:05.0309 2344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:39:05.0309 2344 uagp35 - ok
13:39:05.0325 2344 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:39:05.0325 2344 udfs - ok
13:39:05.0341 2344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:39:05.0356 2344 UI0Detect - ok
13:39:05.0356 2344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:39:05.0372 2344 uliagpkx - ok
13:39:05.0388 2344 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:39:05.0388 2344 umbus - ok
13:39:05.0388 2344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:39:05.0403 2344 UmPass - ok
13:39:05.0419 2344 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:39:05.0419 2344 UmRdpService - ok
13:39:05.0434 2344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:39:05.0450 2344 upnphost - ok
13:39:05.0466 2344 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:39:05.0466 2344 usbccgp - ok
13:39:05.0481 2344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:39:05.0481 2344 usbcir - ok
13:39:05.0497 2344 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:39:05.0497 2344 usbehci - ok
13:39:05.0512 2344 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:39:05.0512 2344 usbhub - ok
13:39:05.0528 2344 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:39:05.0528 2344 usbohci - ok
13:39:05.0544 2344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:39:05.0544 2344 usbprint - ok
13:39:05.0575 2344 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:39:05.0575 2344 usbscan - ok
13:39:05.0590 2344 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:39:05.0590 2344 USBSTOR - ok
13:39:05.0606 2344 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:39:05.0606 2344 usbuhci - ok
13:39:05.0622 2344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:39:05.0622 2344 UxSms - ok
13:39:05.0622 2344 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:39:05.0622 2344 VaultSvc - ok
13:39:05.0637 2344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:39:05.0637 2344 vdrvroot - ok
13:39:05.0653 2344 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:39:05.0668 2344 vds - ok
13:39:05.0684 2344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:39:05.0684 2344 vga - ok
13:39:05.0700 2344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:39:05.0700 2344 VgaSave - ok
13:39:05.0715 2344 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:39:05.0715 2344 vhdmp - ok
13:39:05.0731 2344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:39:05.0731 2344 viaide - ok
13:39:05.0746 2344 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:39:05.0762 2344 vmbus - ok
13:39:05.0762 2344 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:39:05.0762 2344 VMBusHID - ok
13:39:05.0778 2344 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:39:05.0793 2344 volmgr - ok
13:39:05.0809 2344 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:39:05.0809 2344 volmgrx - ok
13:39:05.0824 2344 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:39:05.0824 2344 volsnap - ok
13:39:05.0840 2344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:39:05.0840 2344 vsmraid - ok
13:39:05.0902 2344 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:39:05.0934 2344 VSS - ok
13:39:05.0949 2344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:39:05.0949 2344 vwifibus - ok
13:39:05.0965 2344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:39:05.0965 2344 W32Time - ok
13:39:05.0980 2344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:39:05.0980 2344 WacomPen - ok
13:39:06.0012 2344 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:39:06.0012 2344 WANARP - ok
13:39:06.0027 2344 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:39:06.0027 2344 Wanarpv6 - ok
13:39:06.0059 2344 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:39:06.0074 2344 wbengine - ok
13:39:06.0090 2344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:39:06.0090 2344 WbioSrvc - ok
13:39:06.0105 2344 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:39:06.0121 2344 wcncsvc - ok
13:39:06.0121 2344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:39:06.0137 2344 WcsPlugInService - ok
13:39:06.0152 2344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:39:06.0152 2344 Wd - ok
13:39:06.0168 2344 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:39:06.0168 2344 Wdf01000 - ok
13:39:06.0183 2344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:39:06.0183 2344 WdiServiceHost - ok
13:39:06.0183 2344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:39:06.0183 2344 WdiSystemHost - ok
13:39:06.0215 2344 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:39:06.0215 2344 WebClient - ok
13:39:06.0230 2344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:39:06.0230 2344 Wecsvc - ok
13:39:06.0246 2344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:39:06.0246 2344 wercplsupport - ok
13:39:06.0261 2344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:39:06.0261 2344 WerSvc - ok
13:39:06.0277 2344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:39:06.0277 2344 WfpLwf - ok
13:39:06.0293 2344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:39:06.0293 2344 WIMMount - ok
13:39:06.0308 2344 WinDefend - ok
13:39:06.0308 2344 WinHttpAutoProxySvc - ok
13:39:06.0355 2344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:39:06.0355 2344 Winmgmt - ok
13:39:06.0402 2344 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:39:06.0433 2344 WinRM - ok
13:39:06.0464 2344 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:39:06.0464 2344 WinUsb - ok
13:39:06.0495 2344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:39:06.0527 2344 Wlansvc - ok
13:39:06.0527 2344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:39:06.0527 2344 WmiAcpi - ok
13:39:06.0558 2344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:39:06.0558 2344 wmiApSrv - ok
13:39:06.0573 2344 WMPNetworkSvc - ok
13:39:06.0589 2344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:39:06.0589 2344 WPCSvc - ok
13:39:06.0605 2344 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:39:06.0605 2344 WPDBusEnum - ok
13:39:06.0636 2344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:39:06.0636 2344 ws2ifsl - ok
13:39:06.0651 2344 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:39:06.0651 2344 wscsvc - ok
13:39:06.0667 2344 WSearch - ok
13:39:06.0761 2344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:39:06.0792 2344 wuauserv - ok
13:39:06.0792 2344 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:39:06.0808 2344 WudfPf - ok
13:39:06.0839 2344 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:39:06.0854 2344 WUDFRd - ok
13:39:06.0854 2344 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:39:06.0870 2344 wudfsvc - ok
13:39:06.0886 2344 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:39:06.0886 2344 WwanSvc - ok
13:39:06.0901 2344 ================ Scan global ===============================
13:39:06.0932 2344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:39:06.0948 2344 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:39:06.0964 2344 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:39:06.0979 2344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:39:07.0010 2344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:39:07.0026 2344 [Global] - ok
13:39:07.0026 2344 ================ Scan MBR ==================================
13:39:07.0026 2344 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:39:07.0026 2344 Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:39:07.0057 2344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:39:07.0057 2344 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:39:07.0057 2344 ================ Scan VBR ==================================
13:39:07.0057 2344 [ F20C143B100FFE26D6B230F8095BC907 ] \Device\Harddisk0\DR0\Partition1
13:39:07.0057 2344 \Device\Harddisk0\DR0\Partition1 - ok
13:39:07.0088 2344 [ B38D9E472D4909E8FDDE986C549A07DD ] \Device\Harddisk0\DR0\Partition2
13:39:07.0088 2344 \Device\Harddisk0\DR0\Partition2 - ok
13:39:07.0104 2344 [ C1A8C5DC2BEDD8E2F7C799A967D6DC28 ] \Device\Harddisk0\DR0\Partition3
13:39:07.0104 2344 \Device\Harddisk0\DR0\Partition3 - ok
13:39:07.0104 2344 ============================================================
13:39:07.0104 2344 Scan finished
13:39:07.0104 2344 ============================================================
13:39:07.0104 4708 Detected object count: 1
13:39:07.0104 4708 Actual detected object count: 1
13:39:17.0075 4708 \Device\Harddisk0\DR0\# - copied to quarantine
13:39:17.0091 4708 \Device\Harddisk0\DR0 - copied to quarantine
13:39:17.0122 4708 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:39:17.0122 4708 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:39:17.0138 4708 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:39:17.0262 4708 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:39:26.0063 4708 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:39:26.0141 4708 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:39:26.0219 4708 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:39:26.0219 4708 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:39:32.0087 4708 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:39:37.0782 4708 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:39:37.0782 4708 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:39:37.0782 4708 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:39:37.0907 4708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:39:37.0954 4708 \Device\Harddisk0\DR0 - ok
13:39:37.0954 4708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
13:39:44.0960 0900 Deinitialize success




Now the one from today

11:54:05.0149 3968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:54:06.0273 3968 ============================================================
11:54:06.0273 3968 Current date / time: 2012/12/03 11:54:06.0273
11:54:06.0273 3968 SystemInfo:
11:54:06.0273 3968
11:54:06.0273 3968 OS Version: 6.1.7601 ServicePack: 1.0
11:54:06.0273 3968 Product type: Workstation
11:54:06.0273 3968 ComputerName: PTWIN705
11:54:06.0273 3968 UserName: Robert
11:54:06.0273 3968 Windows directory: C:\Windows
11:54:06.0273 3968 System windows directory: C:\Windows
11:54:06.0273 3968 Running under WOW64
11:54:06.0273 3968 Processor architecture: Intel x64
11:54:06.0273 3968 Number of processors: 2
11:54:06.0273 3968 Page size: 0x1000
11:54:06.0273 3968 Boot type: Normal boot
11:54:06.0273 3968 ============================================================
11:54:08.0193 3968 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:54:08.0209 3968 ============================================================
11:54:08.0209 3968 \Device\Harddisk0\DR0:
11:54:08.0209 3968 MBR partitions:
11:54:08.0209 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:54:08.0209 3968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BE000
11:54:08.0209 3968 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x15994800
11:54:08.0209 3968 ============================================================
11:54:08.0240 3968 C: <-> \Device\Harddisk0\DR0\Partition2
11:54:08.0271 3968 D: <-> \Device\Harddisk0\DR0\Partition3
11:54:08.0271 3968 ============================================================
11:54:08.0271 3968 Initialize success
11:54:08.0271 3968 ============================================================
11:54:11.0534 3156 ============================================================
11:54:11.0534 3156 Scan started
11:54:11.0534 3156 Mode: Manual;
11:54:11.0534 3156 ============================================================
11:54:13.0423 3156 ================ Scan system memory ========================
11:54:13.0423 3156 System memory - ok
11:54:13.0423 3156 ================ Scan services =============================
11:54:13.0829 3156 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:54:13.0829 3156 1394ohci - ok
11:54:13.0845 3156 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:54:13.0845 3156 ACPI - ok
11:54:13.0876 3156 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:54:13.0876 3156 AcpiPmi - ok
11:54:13.0954 3156 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:54:13.0954 3156 AdobeARMservice - ok
11:54:14.0063 3156 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:54:14.0079 3156 AdobeFlashPlayerUpdateSvc - ok
11:54:14.0110 3156 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:54:14.0126 3156 adp94xx - ok
11:54:14.0172 3156 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:54:14.0172 3156 adpahci - ok
11:54:14.0219 3156 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:54:14.0219 3156 adpu320 - ok
11:54:14.0360 3156 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:54:14.0422 3156 AeLookupSvc - ok
11:54:14.0641 3156 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:54:14.0641 3156 AFD - ok
11:54:14.0734 3156 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:54:14.0734 3156 agp440 - ok
11:54:14.0766 3156 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:54:14.0781 3156 ALG - ok
11:54:14.0813 3156 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:54:14.0813 3156 aliide - ok
11:54:14.0859 3156 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:54:14.0859 3156 AMD External Events Utility - ok
11:54:14.0891 3156 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:54:14.0891 3156 amdide - ok
11:54:14.0906 3156 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:54:14.0922 3156 AmdK8 - ok
11:54:15.0749 3156 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:54:15.0905 3156 amdkmdag - ok
11:54:15.0937 3156 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:54:15.0968 3156 amdkmdap - ok
11:54:15.0983 3156 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:54:15.0983 3156 AmdPPM - ok
11:54:16.0030 3156 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:54:16.0030 3156 amdsata - ok
11:54:16.0046 3156 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:54:16.0061 3156 amdsbs - ok
11:54:16.0171 3156 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:54:16.0171 3156 amdxata - ok
11:54:16.0280 3156 [ 24C5AAB82E681147E8F3D33FD416DAC8 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
11:54:16.0280 3156 Amsp - ok
11:54:16.0311 3156 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:54:16.0327 3156 AppID - ok
11:54:16.0389 3156 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:54:16.0405 3156 AppIDSvc - ok
11:54:16.0421 3156 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:54:16.0421 3156 Appinfo - ok
11:54:16.0467 3156 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:54:16.0467 3156 AppMgmt - ok
11:54:16.0530 3156 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:54:16.0530 3156 arc - ok
11:54:16.0545 3156 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:54:16.0545 3156 arcsas - ok
11:54:16.0686 3156 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:54:16.0702 3156 aspnet_state - ok
11:54:16.0717 3156 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:54:16.0717 3156 AsyncMac - ok
11:54:16.0733 3156 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:54:16.0733 3156 atapi - ok
11:54:16.0842 3156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:54:16.0873 3156 AudioEndpointBuilder - ok
11:54:16.0889 3156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:54:16.0889 3156 AudioSrv - ok
11:54:16.0936 3156 [ B7A8FE974F4C5785F21B8EDFCCD1BB86 ] awecho C:\Windows\syswow64\drivers\awechomd.sys
11:54:16.0951 3156 awecho - ok
11:54:16.0967 3156 [ E1CDED3A9CCD6EF4B1EC9FB1C4EB6275 ] awhost32 C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
11:54:16.0967 3156 awhost32 - ok
11:54:16.0983 3156 [ 9808626EC988C6B7C773589B3B5993A0 ] AW_HOST C:\Windows\syswow64\drivers\aw_host5.sys
11:54:16.0983 3156 AW_HOST - ok
11:54:16.0998 3156 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:54:16.0998 3156 AxInstSV - ok
11:54:17.0045 3156 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:54:17.0061 3156 b06bdrv - ok
11:54:17.0076 3156 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:54:17.0076 3156 b57nd60a - ok
11:54:17.0092 3156 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:54:17.0092 3156 BDESVC - ok
11:54:17.0092 3156 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:54:17.0092 3156 Beep - ok
11:54:17.0139 3156 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:54:17.0139 3156 BFE - ok
11:54:17.0170 3156 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:54:17.0186 3156 BITS - ok
11:54:17.0201 3156 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:54:17.0201 3156 blbdrive - ok
11:54:17.0248 3156 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:54:17.0248 3156 bowser - ok
11:54:17.0279 3156 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:54:17.0295 3156 BrFiltLo - ok
11:54:17.0310 3156 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:54:17.0310 3156 BrFiltUp - ok
11:54:17.0342 3156 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:54:17.0357 3156 BridgeMP - ok
11:54:17.0404 3156 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:54:17.0404 3156 Browser - ok
11:54:17.0404 3156 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:54:17.0404 3156 Brserid - ok
11:54:17.0404 3156 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:54:17.0420 3156 BrSerWdm - ok
11:54:17.0420 3156 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:54:17.0420 3156 BrUsbMdm - ok
11:54:17.0451 3156 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:54:17.0451 3156 BrUsbSer - ok
11:54:17.0467 3156 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:54:17.0467 3156 BTHMODEM - ok
11:54:17.0498 3156 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:54:17.0498 3156 bthserv - ok
11:54:17.0498 3156 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:54:17.0498 3156 cdfs - ok
11:54:17.0560 3156 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:54:17.0576 3156 cdrom - ok
11:54:17.0591 3156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:54:17.0591 3156 CertPropSvc - ok
11:54:17.0607 3156 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:54:17.0607 3156 circlass - ok
11:54:17.0623 3156 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:54:17.0623 3156 CLFS - ok
11:54:17.0669 3156 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:54:17.0701 3156 clr_optimization_v2.0.50727_32 - ok
11:54:17.0748 3156 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:54:17.0748 3156 clr_optimization_v2.0.50727_64 - ok
11:54:18.0013 3156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:54:18.0013 3156 clr_optimization_v4.0.30319_32 - ok
11:54:18.0044 3156 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:54:18.0044 3156 clr_optimization_v4.0.30319_64 - ok
11:54:18.0060 3156 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:54:18.0060 3156 CmBatt - ok
11:54:18.0075 3156 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:54:18.0075 3156 cmdide - ok
11:54:18.0107 3156 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:54:18.0107 3156 CNG - ok
11:54:18.0122 3156 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:54:18.0122 3156 Compbatt - ok
11:54:18.0153 3156 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:54:18.0153 3156 CompositeBus - ok
11:54:18.0169 3156 COMSysApp - ok
11:54:18.0185 3156 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:54:18.0185 3156 crcdisk - ok
11:54:18.0216 3156 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:54:18.0232 3156 CryptSvc - ok
11:54:18.0263 3156 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:54:18.0263 3156 CSC - ok
11:54:18.0278 3156 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:54:18.0294 3156 CscService - ok
11:54:18.0325 3156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:54:18.0325 3156 DcomLaunch - ok
11:54:18.0356 3156 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:54:18.0356 3156 defragsvc - ok
11:54:18.0372 3156 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:54:18.0372 3156 DfsC - ok
11:54:18.0403 3156 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:54:18.0403 3156 Dhcp - ok
11:54:18.0419 3156 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:54:18.0419 3156 discache - ok
11:54:18.0434 3156 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:54:18.0434 3156 Disk - ok
11:54:18.0466 3156 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:54:18.0466 3156 dmvsc - ok
11:54:18.0513 3156 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:54:18.0513 3156 Dnscache - ok
11:54:18.0528 3156 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:54:18.0544 3156 dot3svc - ok
11:54:18.0606 3156 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:54:18.0606 3156 dot4 - ok
11:54:18.0622 3156 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:54:18.0622 3156 Dot4Print - ok
11:54:18.0637 3156 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:54:18.0637 3156 dot4usb - ok
11:54:18.0637 3156 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:54:18.0653 3156 DPS - ok
11:54:18.0669 3156 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:54:18.0669 3156 drmkaud - ok
11:54:18.0700 3156 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:54:18.0715 3156 DXGKrnl - ok
11:54:18.0747 3156 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:54:18.0747 3156 EapHost - ok
11:54:18.0794 3156 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:54:18.0840 3156 ebdrv - ok
11:54:18.0887 3156 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:54:18.0903 3156 EFS - ok
11:54:18.0934 3156 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:54:18.0950 3156 ehRecvr - ok
11:54:18.0996 3156 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:54:18.0996 3156 ehSched - ok
11:54:19.0028 3156 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:54:19.0028 3156 elxstor - ok
11:54:19.0043 3156 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:54:19.0043 3156 ErrDev - ok
11:54:19.0075 3156 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:54:19.0090 3156 EventSystem - ok
11:54:19.0121 3156 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:54:19.0137 3156 exfat - ok
11:54:19.0153 3156 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:54:19.0153 3156 fastfat - ok
11:54:19.0184 3156 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:54:19.0199 3156 Fax - ok
11:54:19.0215 3156 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:54:19.0215 3156 fdc - ok
11:54:19.0246 3156 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:54:19.0246 3156 fdPHost - ok
11:54:19.0262 3156 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:54:19.0262 3156 FDResPub - ok
11:54:19.0278 3156 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:54:19.0278 3156 FileInfo - ok
11:54:19.0278 3156 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:54:19.0278 3156 Filetrace - ok
11:54:19.0293 3156 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:54:19.0293 3156 flpydisk - ok
11:54:19.0309 3156 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:54:19.0309 3156 FltMgr - ok
11:54:19.0324 3156 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
11:54:19.0340 3156 FontCache - ok
11:54:19.0480 3156 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:54:19.0496 3156 FontCache3.0.0.0 - ok
11:54:19.0496 3156 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:54:19.0496 3156 FsDepends - ok
11:54:19.0527 3156 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:54:19.0527 3156 Fs_Rec - ok
11:54:19.0559 3156 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:54:19.0559 3156 fvevol - ok
11:54:19.0590 3156 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:54:19.0590 3156 gagp30kx - ok
11:54:19.0605 3156 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:54:19.0621 3156 gpsvc - ok
11:54:19.0730 3156 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:54:19.0793 3156 gupdate - ok
11:54:19.0808 3156 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:54:19.0808 3156 gupdatem - ok
11:54:19.0902 3156 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:54:19.0933 3156 gusvc - ok
11:54:19.0996 3156 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:54:20.0011 3156 hcw85cir - ok
11:54:20.0058 3156 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:54:20.0058 3156 HdAudAddService - ok
11:54:20.0074 3156 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:54:20.0074 3156 HDAudBus - ok
11:54:20.0089 3156 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:54:20.0089 3156 HidBatt - ok
11:54:20.0089 3156 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:54:20.0105 3156 HidBth - ok
11:54:20.0105 3156 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:54:20.0121 3156 HidIr - ok
11:54:20.0136 3156 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:54:20.0136 3156 hidserv - ok
11:54:20.0167 3156 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:54:20.0167 3156 HidUsb - ok
11:54:20.0183 3156 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:54:20.0183 3156 hkmsvc - ok
11:54:20.0199 3156 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:54:20.0214 3156 HomeGroupListener - ok
11:54:20.0245 3156 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:54:20.0245 3156 HomeGroupProvider - ok
11:54:20.0277 3156 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:54:20.0277 3156 HpSAMD - ok
11:54:20.0292 3156 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:54:20.0308 3156 HTTP - ok
11:54:20.0308 3156 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:54:20.0308 3156 hwpolicy - ok
11:54:20.0324 3156 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:54:20.0324 3156 i8042prt - ok
11:54:20.0339 3156 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:54:20.0339 3156 iaStorV - ok
11:54:20.0386 3156 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:54:20.0386 3156 idsvc - ok
11:54:20.0433 3156 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:54:20.0433 3156 iirsp - ok
11:54:20.0464 3156 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:54:20.0480 3156 IKEEXT - ok
11:54:20.0495 3156 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:54:20.0495 3156 intelide - ok
11:54:20.0511 3156 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:54:20.0526 3156 intelppm - ok
11:54:20.0542 3156 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:54:20.0542 3156 IPBusEnum - ok
11:54:20.0558 3156 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:54:20.0558 3156 IpFilterDriver - ok
11:54:20.0573 3156 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:54:20.0589 3156 iphlpsvc - ok
11:54:20.0620 3156 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:54:20.0636 3156 IPMIDRV - ok
11:54:20.0636 3156 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:54:20.0651 3156 IPNAT - ok
11:54:20.0667 3156 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:54:20.0667 3156 IRENUM - ok
11:54:20.0683 3156 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:54:20.0683 3156 isapnp - ok
11:54:20.0698 3156 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:54:20.0714 3156 iScsiPrt - ok
11:54:20.0729 3156 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:54:20.0729 3156 kbdclass - ok
11:54:20.0745 3156 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:54:20.0745 3156 kbdhid - ok
11:54:20.0761 3156 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:54:20.0761 3156 KeyIso - ok
11:54:20.0792 3156 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:54:20.0792 3156 KSecDD - ok
11:54:20.0807 3156 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:54:20.0807 3156 KSecPkg - ok
11:54:20.0823 3156 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:54:20.0823 3156 ksthunk - ok
11:54:20.0839 3156 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:54:20.0854 3156 KtmRm - ok
11:54:20.0917 3156 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:54:20.0932 3156 LanmanServer - ok
11:54:20.0948 3156 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:54:20.0948 3156 LanmanWorkstation - ok
11:54:20.0979 3156 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:54:20.0979 3156 lltdio - ok
11:54:20.0995 3156 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:54:21.0010 3156 lltdsvc - ok
11:54:21.0042 3156 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:54:21.0042 3156 lmhosts - ok
11:54:21.0073 3156 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:54:21.0073 3156 LSI_FC - ok
11:54:21.0104 3156 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:54:21.0120 3156 LSI_SAS - ok
11:54:21.0120 3156 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:54:21.0135 3156 LSI_SAS2 - ok
11:54:21.0135 3156 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:54:21.0135 3156 LSI_SCSI - ok
11:54:21.0167 3156 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:54:21.0182 3156 luafv - ok
11:54:21.0198 3156 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:54:21.0198 3156 MBAMProtector - ok
11:54:21.0307 3156 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:54:21.0385 3156 MBAMScheduler - ok
11:54:21.0401 3156 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:54:21.0416 3156 MBAMService - ok
11:54:21.0463 3156 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:54:21.0494 3156 Mcx2Svc - ok
11:54:21.0557 3156 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:54:21.0729 3156 MDM - ok
11:54:21.0760 3156 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:54:21.0775 3156 megasas - ok
11:54:21.0791 3156 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:54:21.0791 3156 MegaSR - ok
11:54:21.0822 3156 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:54:21.0822 3156 MMCSS - ok
11:54:21.0838 3156 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:54:21.0838 3156 Modem - ok
11:54:21.0853 3156 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:54:21.0869 3156 monitor - ok
11:54:21.0885 3156 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:54:21.0885 3156 mouclass - ok
11:54:21.0916 3156 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:54:21.0916 3156 mouhid - ok
11:54:21.0932 3156 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:54:21.0932 3156 mountmgr - ok
11:54:21.0947 3156 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:54:21.0947 3156 mpio - ok
11:54:21.0963 3156 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:54:21.0963 3156 mpsdrv - ok
11:54:22.0134 3156 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:54:22.0150 3156 MpsSvc - ok
11:54:22.0181 3156 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:54:22.0181 3156 MRxDAV - ok
11:54:22.0228 3156 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:54:22.0244 3156 mrxsmb - ok
11:54:22.0259 3156 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:54:22.0259 3156 mrxsmb10 - ok
11:54:22.0337 3156 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:54:22.0337 3156 mrxsmb20 - ok
11:54:22.0369 3156 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:54:22.0369 3156 msahci - ok
11:54:22.0384 3156 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:54:22.0384 3156 msdsm - ok
11:54:22.0400 3156 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:54:22.0400 3156 MSDTC - ok
11:54:22.0431 3156 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:54:22.0431 3156 Msfs - ok
11:54:22.0447 3156 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:54:22.0447 3156 mshidkmdf - ok
11:54:22.0462 3156 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:54:22.0462 3156 msisadrv - ok
11:54:22.0494 3156 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:54:22.0525 3156 MSiSCSI - ok
11:54:22.0525 3156 msiserver - ok
11:54:22.0556 3156 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:54:22.0556 3156 MSKSSRV - ok
11:54:22.0572 3156 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:54:22.0572 3156 MSPCLOCK - ok
11:54:22.0572 3156 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:54:22.0572 3156 MSPQM - ok
11:54:22.0603 3156 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:54:22.0603 3156 MsRPC - ok
11:54:22.0603 3156 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:54:22.0618 3156 mssmbios - ok
11:54:22.0634 3156 MSSQL$JJKA_KDS - ok
11:54:22.0665 3156 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
11:54:22.0853 3156 MSSQLServerADHelper - ok
11:54:22.0868 3156 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:54:22.0868 3156 MSTEE - ok
11:54:22.0899 3156 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:54:22.0899 3156 MTConfig - ok
11:54:22.0931 3156 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
11:54:22.0931 3156 MTsensor - ok
11:54:22.0946 3156 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:54:22.0946 3156 Mup - ok
11:54:22.0978 3156 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:54:22.0993 3156 napagent - ok
11:54:23.0056 3156 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:54:23.0056 3156 NativeWifiP - ok
11:54:23.0087 3156 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:54:23.0102 3156 NDIS - ok
11:54:23.0118 3156 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:54:23.0118 3156 NdisCap - ok
11:54:23.0149 3156 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:54:23.0149 3156 NdisTapi - ok
11:54:23.0165 3156 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:54:23.0165 3156 Ndisuio - ok
11:54:23.0180 3156 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:54:23.0180 3156 NdisWan - ok
11:54:23.0196 3156 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:54:23.0196 3156 NDProxy - ok
11:54:23.0212 3156 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:54:23.0212 3156 NetBIOS - ok
11:54:23.0227 3156 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:54:23.0227 3156 NetBT - ok
11:54:23.0243 3156 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:54:23.0259 3156 Netlogon - ok
11:54:23.0321 3156 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:54:23.0337 3156 Netman - ok
11:54:23.0383 3156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:54:23.0383 3156 NetMsmqActivator - ok
11:54:23.0383 3156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:54:23.0399 3156 NetPipeActivator - ok
11:54:23.0430 3156 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:54:23.0446 3156 netprofm - ok
11:54:23.0446 3156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:54:23.0446 3156 NetTcpActivator - ok
11:54:23.0446 3156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:54:23.0461 3156 NetTcpPortSharing - ok
11:54:23.0477 3156 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:54:23.0477 3156 nfrd960 - ok
11:54:23.0493 3156 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:54:23.0493 3156 NlaSvc - ok
11:54:23.0508 3156 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:54:23.0508 3156 Npfs - ok
11:54:23.0524 3156 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:54:23.0524 3156 nsi - ok
11:54:23.0524 3156 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:54:23.0524 3156 nsiproxy - ok
11:54:23.0649 3156 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:54:23.0680 3156 Ntfs - ok
11:54:23.0680 3156 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:54:23.0696 3156 Null - ok
11:54:23.0696 3156 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:54:23.0696 3156 nvraid - ok
11:54:23.0727 3156 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:54:23.0727 3156 nvstor - ok
11:54:23.0742 3156 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:54:23.0742 3156 nv_agp - ok
11:54:23.0821 3156 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:54:23.0836 3156 odserv - ok
11:54:23.0852 3156 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:54:23.0852 3156 ohci1394 - ok
11:54:23.0899 3156 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:54:23.0899 3156 ose - ok
11:54:23.0930 3156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:54:23.0930 3156 p2pimsvc - ok
11:54:23.0961 3156 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:54:23.0961 3156 p2psvc - ok
11:54:24.0008 3156 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:54:24.0008 3156 Parport - ok
11:54:24.0039 3156 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:54:24.0055 3156 partmgr - ok
11:54:24.0102 3156 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:54:24.0102 3156 PcaSvc - ok
11:54:24.0148 3156 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:54:24.0148 3156 pci - ok
11:54:24.0148 3156 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:54:24.0164 3156 pciide - ok
11:54:24.0180 3156 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:54:24.0195 3156 pcmcia - ok
11:54:24.0195 3156 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:54:24.0195 3156 pcw - ok
11:54:24.0226 3156 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:54:24.0226 3156 PEAUTH - ok
11:54:24.0320 3156 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:54:24.0351 3156 PeerDistSvc - ok
11:54:24.0492 3156 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:54:24.0492 3156 PerfHost - ok
11:54:24.0601 3156 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:54:24.0632 3156 pla - ok
11:54:24.0664 3156 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:54:24.0679 3156 PlugPlay - ok
11:54:24.0695 3156 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:54:24.0695 3156 PNRPAutoReg - ok
11:54:24.0710 3156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:54:24.0710 3156 PNRPsvc - ok
11:54:24.0742 3156 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
11:54:24.0742 3156 Point64 - ok
11:54:24.0773 3156 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:54:24.0773 3156 PolicyAgent - ok
11:54:24.0788 3156 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:54:24.0788 3156 Power - ok
11:54:24.0835 3156 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:54:24.0851 3156 PptpMiniport - ok
11:54:24.0851 3156 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:54:24.0867 3156 Processor - ok
11:54:24.0882 3156 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
11:54:24.0882 3156 ProfSvc - ok
11:54:24.0898 3156 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:54:24.0898 3156 ProtectedStorage - ok
11:54:24.0913 3156 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:54:24.0913 3156 Psched - ok
11:54:24.0945 3156 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:54:24.0991 3156 ql2300 - ok
11:54:25.0023 3156 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:54:25.0023 3156 ql40xx - ok
11:54:25.0038 3156 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:54:25.0054 3156 QWAVE - ok
11:54:25.0054 3156 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:54:25.0054 3156 QWAVEdrv - ok
11:54:25.0069 3156 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:54:25.0069 3156 RasAcd - ok
11:54:25.0101 3156 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:54:25.0101 3156 RasAgileVpn - ok
11:54:25.0101 3156 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:54:25.0101 3156 RasAuto - ok
11:54:25.0116 3156 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:54:25.0116 3156 Rasl2tp - ok
11:54:25.0132 3156 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:54:25.0132 3156 RasMan - ok
11:54:25.0163 3156 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:54:25.0163 3156 RasPppoe - ok
11:54:25.0179 3156 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:54:25.0179 3156 RasSstp - ok
11:54:25.0194 3156 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:54:25.0194 3156 rdbss - ok
11:54:25.0210 3156 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:54:25.0210 3156 rdpbus - ok
11:54:25.0226 3156 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:54:25.0226 3156 RDPCDD - ok
11:54:25.0241 3156 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:54:25.0241 3156 RDPDR - ok
11:54:25.0257 3156 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:54:25.0272 3156 RDPENCDD - ok
11:54:25.0272 3156 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:54:25.0272 3156 RDPREFMP - ok
11:54:25.0304 3156 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:54:25.0304 3156 RDPWD - ok
11:54:25.0335 3156 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:54:25.0335 3156 rdyboost - ok
11:54:25.0351 3156 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:54:25.0366 3156 RemoteAccess - ok
11:54:25.0382 3156 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:54:25.0382 3156 RemoteRegistry - ok
11:54:25.0397 3156 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:54:25.0397 3156 RpcEptMapper - ok
11:54:25.0429 3156 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:54:25.0429 3156 RpcLocator - ok
11:54:25.0429 3156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:54:25.0444 3156 RpcSs - ok
11:54:25.0444 3156 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:54:25.0444 3156 rspndr - ok
11:54:25.0491 3156 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:54:25.0491 3156 RTL8167 - ok
11:54:25.0522 3156 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:54:25.0522 3156 s3cap - ok
11:54:25.0538 3156 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:54:25.0538 3156 SamSs - ok
11:54:25.0569 3156 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:54:25.0569 3156 sbp2port - ok
11:54:25.0663 3156 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:54:25.0678 3156 SBSDWSCService - ok
11:54:25.0694 3156 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:54:25.0710 3156 SCardSvr - ok
11:54:25.0710 3156 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:54:25.0710 3156 scfilter - ok
11:54:25.0725 3156 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:54:25.0741 3156 Schedule - ok
11:54:25.0772 3156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:54:25.0772 3156 SCPolicySvc - ok
11:54:25.0788 3156 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:54:25.0788 3156 SDRSVC - ok
11:54:25.0819 3156 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:54:25.0819 3156 secdrv - ok
11:54:25.0834 3156 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:54:25.0834 3156 seclogon - ok
11:54:25.0834 3156 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:54:25.0850 3156 SENS - ok
11:54:25.0850 3156 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:54:25.0850 3156 SensrSvc - ok
11:54:25.0866 3156 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:54:25.0866 3156 Serenum - ok
11:54:25.0866 3156 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:54:25.0866 3156 Serial - ok
11:54:25.0881 3156 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:54:25.0881 3156 sermouse - ok
11:54:25.0897 3156 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:54:25.0897 3156 SessionEnv - ok
11:54:25.0913 3156 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:54:25.0913 3156 sffdisk - ok
11:54:25.0928 3156 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:54:25.0928 3156 sffp_mmc - ok
11:54:25.0928 3156 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:54:25.0928 3156 sffp_sd - ok
11:54:25.0928 3156 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:54:25.0928 3156 sfloppy - ok
11:54:25.0959 3156 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:54:25.0975 3156 SharedAccess - ok
11:54:25.0991 3156 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:54:25.0991 3156 ShellHWDetection - ok
11:54:26.0022 3156 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:54:26.0037 3156 SiSRaid2 - ok
11:54:26.0053 3156 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:54:26.0069 3156 SiSRaid4 - ok
11:54:26.0100 3156 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:54:26.0100 3156 Smb - ok
11:54:26.0131 3156 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:54:26.0131 3156 SNMPTRAP - ok
11:54:26.0147 3156 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:54:26.0147 3156 spldr - ok
11:54:26.0162 3156 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
11:54:26.0162 3156 Spooler - ok
11:54:26.0365 3156 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:54:26.0443 3156 sppsvc - ok
11:54:26.0475 3156 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:54:26.0490 3156 sppuinotify - ok
11:54:26.0490 3156 SQLAgent$JJKA_KDS - ok
11:54:26.0521 3156 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:54:26.0521 3156 srv - ok
11:54:26.0553 3156 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:54:26.0584 3156 srv2 - ok
11:54:26.0615 3156 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:54:26.0631 3156 srvnet - ok
11:54:26.0662 3156 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:54:26.0662 3156 SSDPSRV - ok
11:54:26.0678 3156 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:54:26.0709 3156 SstpSvc - ok
11:54:26.0740 3156 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:54:26.0740 3156 stexstor - ok
11:54:26.0771 3156 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:54:26.0787 3156 stisvc - ok
11:54:26.0818 3156 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:54:26.0818 3156 storflt - ok
11:54:26.0834 3156 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
11:54:26.0849 3156 StorSvc - ok
11:54:26.0865 3156 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:54:26.0865 3156 storvsc - ok
11:54:26.0880 3156 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:54:26.0880 3156 swenum - ok
11:54:26.0896 3156 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:54:26.0896 3156 swprv - ok
11:54:26.0974 3156 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:54:27.0005 3156 SysMain - ok
11:54:27.0037 3156 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:54:27.0037 3156 TabletInputService - ok
11:54:27.0052 3156 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:54:27.0052 3156 TapiSrv - ok
11:54:27.0068 3156 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:54:27.0068 3156 TBS - ok
11:54:27.0099 3156 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:54:27.0115 3156 Tcpip - ok
11:54:27.0224 3156 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:54:27.0224 3156 TCPIP6 - ok
11:54:27.0349 3156 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:54:27.0364 3156 tcpipreg - ok
11:54:27.0380 3156 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:54:27.0380 3156 TDPIPE - ok
11:54:27.0396 3156 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:54:27.0396 3156 TDTCP - ok
11:54:27.0411 3156 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:54:27.0411 3156 tdx - ok
11:54:27.0411 3156 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:54:27.0411 3156 TermDD - ok
11:54:27.0458 3156 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:54:27.0458 3156 TermService - ok
11:54:27.0489 3156 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:54:27.0489 3156 Themes - ok
11:54:27.0521 3156 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:54:27.0521 3156 THREADORDER - ok
11:54:27.0630 3156 [ 95AB85CF9C7EDC62845D21BB596B0093 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
11:54:27.0630 3156 tmactmon - ok
11:54:27.0677 3156 [ 0B975F08621CADF7F8EC164E1A991CF3 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
11:54:27.0677 3156 tmcomm - ok
11:54:27.0692 3156 [ AEA9012CFC3C4B2A167B210C523B9B65 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
11:54:27.0692 3156 tmevtmgr - ok
11:54:27.0942 3156 [ 2C5BDCB2EFAB4CA5B88DAF2C97A5794D ] TmListen C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
11:54:27.0958 3156 TmListen - ok
11:54:27.0989 3156 [ 77B9BEBB0769F45EF770297196EF3506 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
11:54:27.0989 3156 tmtdi - ok
11:54:28.0005 3156 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:54:28.0005 3156 TrkWks - ok
11:54:28.0051 3156 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:54:28.0051 3156 TrustedInstaller - ok
11:54:28.0067 3156 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:54:28.0067 3156 tssecsrv - ok
11:54:28.0098 3156 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:54:28.0098 3156 TsUsbFlt - ok
11:54:28.0114 3156 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:54:28.0114 3156 TsUsbGD - ok
11:54:28.0129 3156 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:54:28.0129 3156 tunnel - ok
11:54:28.0145 3156 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:54:28.0145 3156 uagp35 - ok
11:54:28.0176 3156 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:54:28.0176 3156 udfs - ok
11:54:28.0192 3156 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:54:28.0192 3156 UI0Detect - ok
11:54:28.0223 3156 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:54:28.0223 3156 uliagpkx - ok
11:54:28.0239 3156 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:54:28.0239 3156 umbus - ok
11:54:28.0254 3156 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:54:28.0254 3156 UmPass - ok
11:54:28.0270 3156 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:54:28.0286 3156 UmRdpService - ok
11:54:28.0286 3156 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:54:28.0301 3156 upnphost - ok
11:54:28.0301 3156 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:54:28.0301 3156 usbccgp - ok
11:54:28.0317 3156 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:54:28.0317 3156 usbcir - ok
11:54:28.0332 3156 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:54:28.0332 3156 usbehci - ok
11:54:28.0364 3156 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:54:28.0379 3156 usbhub - ok
11:54:28.0457 3156 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:54:28.0473 3156 usbohci - ok
11:54:28.0504 3156 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:54:28.0504 3156 usbprint - ok
11:54:28.0520 3156 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:54:28.0520 3156 usbscan - ok
11:54:28.0582 3156 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:54:28.0582 3156 USBSTOR - ok
11:54:28.0613 3156 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:54:28.0613 3156 usbuhci - ok
11:54:28.0629 3156 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:54:28.0629 3156 UxSms - ok
11:54:28.0645 3156 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:54:28.0645 3156 VaultSvc - ok
11:54:28.0660 3156 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:54:28.0660 3156 vdrvroot - ok
11:54:28.0676 3156 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:54:28.0676 3156 vds - ok
11:54:28.0691 3156 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:54:28.0691 3156 vga - ok
11:54:28.0707 3156 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:54:28.0707 3156 VgaSave - ok
11:54:28.0723 3156 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:54:28.0723 3156 vhdmp - ok
11:54:28.0738 3156 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:54:28.0738 3156 viaide - ok
11:54:28.0754 3156 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:54:28.0754 3156 vmbus - ok
11:54:28.0769 3156 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:54:28.0769 3156 VMBusHID - ok
11:54:28.0785 3156 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:54:28.0785 3156 volmgr - ok
11:54:28.0801 3156 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:54:28.0801 3156 volmgrx - ok
11:54:28.0816 3156 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:54:28.0816 3156 volsnap - ok
11:54:28.0863 3156 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:54:28.0879 3156 vsmraid - ok
11:54:28.0988 3156 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:54:29.0004 3156 VSS - ok
11:54:29.0019 3156 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:54:29.0019 3156 vwifibus - ok
11:54:29.0066 3156 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:54:29.0082 3156 W32Time - ok
11:54:29.0097 3156 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:54:29.0113 3156 WacomPen - ok
11:54:29.0144 3156 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:54:29.0144 3156 WANARP - ok
11:54:29.0144 3156 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:54:29.0144 3156 Wanarpv6 - ok
11:54:29.0191 3156 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:54:29.0207 3156 wbengine - ok
11:54:29.0253 3156 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:54:29.0253 3156 WbioSrvc - ok
11:54:29.0332 3156 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:54:29.0332 3156 wcncsvc - ok
11:54:29.0378 3156 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:54:29.0394 3156 WcsPlugInService - ok
11:54:29.0410 3156 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:54:29.0410 3156 Wd - ok
11:54:29.0441 3156 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:54:29.0441 3156 Wdf01000 - ok
11:54:29.0456 3156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:54:29.0456 3156 WdiServiceHost - ok
11:54:29.0456 3156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:54:29.0456 3156 WdiSystemHost - ok
11:54:29.0472 3156 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:54:29.0472 3156 WebClient - ok
11:54:29.0488 3156 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:54:29.0488 3156 Wecsvc - ok
11:54:29.0503 3156 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:54:29.0503 3156 wercplsupport - ok
11:54:29.0519 3156 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:54:29.0550 3156 WerSvc - ok
11:54:29.0581 3156 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:54:29.0581 3156 WfpLwf - ok
11:54:29.0597 3156 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:54:29.0597 3156 WIMMount - ok
11:54:29.0613 3156 WinDefend - ok
11:54:29.0613 3156 WinHttpAutoProxySvc - ok
11:54:29.0737 3156 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:54:29.0737 3156 Winmgmt - ok
11:54:29.0878 3156 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:54:29.0894 3156 WinRM - ok
11:54:29.0925 3156 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:54:29.0925 3156 WinUsb - ok
11:54:29.0956 3156 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:54:29.0972 3156 Wlansvc - ok
11:54:29.0987 3156 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:54:29.0987 3156 WmiAcpi - ok
11:54:30.0003 3156 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:54:30.0003 3156 wmiApSrv - ok
11:54:30.0018 3156 WMPNetworkSvc - ok
11:54:30.0034 3156 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:54:30.0034 3156 WPCSvc - ok
11:54:30.0050 3156 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:54:30.0050 3156 WPDBusEnum - ok
11:54:30.0065 3156 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:54:30.0065 3156 ws2ifsl - ok
11:54:30.0081 3156 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:54:30.0081 3156 wscsvc - ok
11:54:30.0081 3156 WSearch - ok
11:54:30.0253 3156 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:54:30.0268 3156 wuauserv - ok
11:54:30.0299 3156 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:54:30.0315 3156 WudfPf - ok
11:54:30.0346 3156 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:54:30.0362 3156 WUDFRd - ok
11:54:30.0409 3156 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:54:30.0424 3156 wudfsvc - ok
11:54:30.0440 3156 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:54:30.0456 3156 WwanSvc - ok
11:54:30.0456 3156 ================ Scan global ===============================
11:54:30.0471 3156 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:54:30.0502 3156 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:54:30.0502 3156 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:54:30.0518 3156 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:54:30.0549 3156 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:54:30.0565 3156 [Global] - ok
11:54:30.0565 3156 ================ Scan MBR ==================================
11:54:30.0580 3156 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:54:32.0641 3156 \Device\Harddisk0\DR0 - ok
11:54:32.0641 3156 ================ Scan VBR ==================================
11:54:32.0657 3156 [ F20C143B100FFE26D6B230F8095BC907 ] \Device\Harddisk0\DR0\Partition1
11:54:32.0672 3156 \Device\Harddisk0\DR0\Partition1 - ok
11:54:32.0672 3156 [ B38D9E472D4909E8FDDE986C549A07DD ] \Device\Harddisk0\DR0\Partition2
11:54:32.0672 3156 \Device\Harddisk0\DR0\Partition2 - ok
11:54:32.0688 3156 [ C1A8C5DC2BEDD8E2F7C799A967D6DC28 ] \Device\Harddisk0\DR0\Partition3
11:54:32.0735 3156 \Device\Harddisk0\DR0\Partition3 - ok
11:54:32.0735 3156 ============================================================
11:54:32.0735 3156 Scan finished
11:54:32.0735 3156 ============================================================
11:54:32.0750 4892 Detected object count: 0
11:54:32.0750 4892 Actual detected object count: 0
11:54:48.0186 4784 Deinitialize success

===

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-03 11:55:16
-----------------------------
11:55:16.118 OS Version: Windows x64 6.1.7601 Service Pack 1
11:55:16.118 Number of processors: 2 586 0x402
11:55:16.118 ComputerName: PTWIN705 UserName: Robert
11:55:20.425 Initialize success
12:00:20.307 AVAST engine defs: 12120300
12:01:02.183 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-4
12:01:02.183 Disk 0 Vendor: WDC_WD5000AAKX-083CA1 19.01H19 Size: 476940MB BusType: 3
12:01:02.198 Disk 0 MBR read successfully
12:01:02.198 Disk 0 MBR scan
12:01:02.198 Disk 0 Windows 7 default MBR code
12:01:02.214 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:01:02.214 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 299900 MB offset 206848
12:01:02.245 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 176937 MB offset 614402048
12:01:02.276 Disk 0 scanning C:\Windows\system32\drivers
12:01:26.349 Service scanning
12:01:56.539 Modules scanning
12:01:56.539 Disk 0 trace - called modules:
12:01:56.555 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
12:01:57.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007685060]
12:01:57.085 3 CLASSPNP.SYS[fffff88000fbb43f] -> nt!IofCallDriver -> [0xfffffa80067f4520]
12:01:57.101 5 ACPI.sys[fffff88000e117a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-4[0xfffffa80067f6680]
12:01:58.053 AVAST engine scan C:\Windows
12:02:02.780 AVAST engine scan C:\Windows\system32
12:06:29.693 AVAST engine scan C:\Windows\system32\drivers
12:06:53.610 AVAST engine scan C:\Users\Robert
12:11:44.671 AVAST engine scan C:\ProgramData
12:12:23.018 Scan finished successfully
12:13:20.126 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\MBR.dat"
12:13:20.126 The log file has been saved successfully to "C:\Users\Robert\Desktop\aswMBR.txt"

Attached Files


Edited by nasdaq, 04 December 2012 - 09:22 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:02 PM

Posted 04 December 2012 - 09:28 AM

Your TDSSKiller and AswMBR logs are clean.
You still have some remnant item from this infection.
This entry in the DDS log is a sign.
\\.\globalroot\systemroot\svchost.exe -netsvcs

===

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#5 W76

W76
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 04 December 2012 - 01:01 PM

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Admin rights]
Mode : Scan -- Date : 12/04/2012 09:46:39

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][NOTFOUND] HKLM\[...]\Run : CANON DR2010C SVC (rundll32.exe DR201SVC.dll,EntryPointUserMessage) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-083CA1 ATA Device +++++
--- User ---
[MBR] b44952191ab6034dd5381633f4819a71
[BSP] b8f0a2493e339d0a0cee04e2fa94816d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 299900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 614402048 | Size: 176937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12042012_02d0946.txt >>
RKreport[1]_S_12042012_02d0946.txt

ComboFix 12-12-04.01 - Robert 12/04/2012 9:51.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7934.5706 [GMT -8:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: Trend Micro Security Agent *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-04 17:56 . 2012-12-04 17:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-04 17:56 . 2012-12-04 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 17:56 . 2012-12-04 17:56 -------- d-----w- c:\users\user\AppData\Local\temp
2012-12-04 17:56 . 2012-12-04 17:56 -------- d-----w- c:\users\__sbs_netsetup__\AppData\Local\temp
2012-12-04 11:06 . 2012-12-04 11:06 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F446C-CD74-458B-A473-D05F15BAD10E}\offreg.dll
2012-12-03 19:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F446C-CD74-458B-A473-D05F15BAD10E}\mpengine.dll
2012-11-15 17:20 . 2012-11-15 17:20 -------- d-----w- c:\users\Robert\AppData\Roaming\Yahoo!
2012-11-15 17:19 . 2012-11-15 17:19 -------- d-----w- c:\programdata\Yahoo!
2012-11-15 17:17 . 2012-11-15 17:19 -------- d-----w- c:\program files (x86)\Yahoo!
2012-11-15 11:07 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 11:00 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 11:00 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 16:14 . 2012-10-10 16:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-10 16:14 . 2012-10-10 16:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-09 17:59 . 2012-04-18 19:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:59 . 2012-04-18 19:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-30 02:54 . 2012-10-06 01:59 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2007-03-08 212992]
"FTPWRENV"="c:\windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe" [2007-10-17 45056]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-11-13 79136]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2009-03-02 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2009-03-02 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]
"DR-2010C CaptureOnTouch"="c:\program files (x86)\Canon Electronics\DR2010C\TouchDR.exe" [2010-03-29 778240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files (x86)\Microsoft Office97\Office\OSA.EXE [1997-7-10 51984]
Service Manager.lnk - c:\program files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 19:10 18744 ----a-w- c:\windows\System32\PCANotify.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 SQLAgent$JJKA_KDS;SQLAgent$JJKA_KDS;c:\program files (x86)\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlagent.EXE [2002-12-18 311872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 MSSQL$JJKA_KDS;MSSQL$JJKA_KDS;c:\program files (x86)\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe [2002-12-18 7520337]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-06-24 69904]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 13898489
*NewlyCreated* - 47016976
*NewlyCreated* - 59813175
*NewlyCreated* - 76295656
*Deregistered* - 13898489
*Deregistered* - 47016976
*Deregistered* - 59813175
*Deregistered* - 76295656
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 17:59]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 20:44]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 20:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-18 219480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"CANON DR2010C SVC"="DR201SVC.dll" [2009-09-15 158720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel
TCP: DhcpNameServer = 192.168.40.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-31355901.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-04 09:59:25
ComboFix-quarantined-files.txt 2012-12-04 17:59
.
Pre-Run: 241,399,476,224 bytes free
Post-Run: 241,457,524,736 bytes free
.
- - End Of File - - 2A28E2734C3F8807AB5DD59472DFF37D

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:02 PM

Posted 05 December 2012 - 09:12 AM

Nothing suspicious was found.

Please run this Eset scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Let me know if the problem persist.

#7 W76

W76
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 05 December 2012 - 01:28 PM

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric10.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric11.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric12.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric13.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm unable to clean
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric9.zip Win32/Bagle.gen.zip worm unable to clean
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric10.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric11.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric12.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric13.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:02 PM

Posted 05 December 2012 - 02:15 PM

How is it now?

#9 W76

W76
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 05 December 2012 - 02:24 PM

Seems to be running fine...

Thank you.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:02 PM

Posted 06 December 2012 - 08:59 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#11 W76

W76
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 10 December 2012 - 12:34 PM

Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users