Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHost.exe Trojan & Google Hijacking


  • Please log in to reply
9 replies to this topic

#1 nwofoxhound

nwofoxhound

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 18 December 2012 - 11:40 PM

Hello,

I'm new to this forum and wanted to start off by thanking you for the help.

I recently started having problems with the Google Hijacking problem, where my Google results are redirected to random malicious websites. I also had an issue with the Moneypak FBI Ransomware, but took care of it. To add ontop of all this, MalwareByes and my avira Antivirus report an trojan attached to svchost.exe. Is there a way to remove these? Help would be much appreciated.

Thanks

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:01 AM

Posted 19 December 2012 - 03:13 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 nwofoxhound

nwofoxhound
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 19 December 2012 - 11:06 PM

Here is the TDSS Log

18:02:27.0422 2900 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:02:27.0890 2900 ============================================================
18:02:27.0890 2900 Current date / time: 2012/12/19 18:02:27.0890
18:02:27.0890 2900 SystemInfo:
18:02:27.0890 2900
18:02:27.0890 2900 OS Version: 6.1.7600 ServicePack: 0.0
18:02:27.0890 2900 Product type: Workstation
18:02:27.0890 2900 ComputerName: DAVID-PC
18:02:27.0890 2900 UserName: David
18:02:27.0890 2900 Windows directory: C:\Windows
18:02:27.0890 2900 System windows directory: C:\Windows
18:02:27.0890 2900 Running under WOW64
18:02:27.0890 2900 Processor architecture: Intel x64
18:02:27.0890 2900 Number of processors: 2
18:02:27.0890 2900 Page size: 0x1000
18:02:27.0890 2900 Boot type: Normal boot
18:02:27.0890 2900 ============================================================
18:02:30.0090 2900 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:02:30.0090 2900 ============================================================
18:02:30.0090 2900 \Device\Harddisk0\DR0:
18:02:30.0090 2900 MBR partitions:
18:02:30.0090 2900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:02:30.0090 2900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
18:02:30.0090 2900 ============================================================
18:02:30.0121 2900 C: <-> \Device\Harddisk0\DR0\Partition2
18:02:30.0121 2900 ============================================================
18:02:30.0121 2900 Initialize success
18:02:30.0121 2900 ============================================================
18:02:46.0033 1888 ============================================================
18:02:46.0033 1888 Scan started
18:02:46.0033 1888 Mode: Manual; TDLFS;
18:02:46.0033 1888 ============================================================
18:02:47.0764 1888 ================ Scan system memory ========================
18:02:47.0764 1888 System memory - ok
18:02:47.0764 1888 ================ Scan services =============================
18:02:47.0889 1888 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:02:47.0905 1888 1394ohci - ok
18:02:47.0967 1888 A2DDA - ok
18:02:48.0014 1888 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:02:48.0014 1888 ACPI - ok
18:02:48.0045 1888 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:02:48.0045 1888 AcpiPmi - ok
18:02:48.0186 1888 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:02:48.0201 1888 AdobeFlashPlayerUpdateSvc - ok
18:02:48.0232 1888 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:02:48.0248 1888 adp94xx - ok
18:02:48.0248 1888 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:02:48.0264 1888 adpahci - ok
18:02:48.0279 1888 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:02:48.0279 1888 adpu320 - ok
18:02:48.0310 1888 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:02:48.0310 1888 AeLookupSvc - ok
18:02:48.0357 1888 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
18:02:48.0373 1888 AFD - ok
18:02:48.0404 1888 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:02:48.0404 1888 agp440 - ok
18:02:48.0420 1888 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:02:48.0420 1888 ALG - ok
18:02:48.0451 1888 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:02:48.0466 1888 aliide - ok
18:02:48.0513 1888 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:02:48.0513 1888 AMD External Events Utility - ok
18:02:48.0622 1888 AMD FUEL Service - ok
18:02:48.0622 1888 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:02:48.0622 1888 amdide - ok
18:02:48.0669 1888 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
18:02:48.0669 1888 amdiox64 - ok
18:02:48.0700 1888 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:02:48.0700 1888 AmdK8 - ok
18:02:48.0934 1888 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:02:49.0215 1888 amdkmdag - ok
18:02:49.0262 1888 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:02:49.0262 1888 amdkmdap - ok
18:02:49.0293 1888 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:02:49.0293 1888 AmdPPM - ok
18:02:49.0293 1888 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
18:02:49.0309 1888 amdsata - ok
18:02:49.0309 1888 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:02:49.0324 1888 amdsbs - ok
18:02:49.0340 1888 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
18:02:49.0340 1888 amdxata - ok
18:02:49.0402 1888 [ 9015BC03F62940527EC92D45EE89E46F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:02:49.0402 1888 AntiVirSchedulerService - ok
18:02:49.0418 1888 [ B8720A787C1223492E6F319465E996CE ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:02:49.0434 1888 AntiVirService - ok
18:02:49.0527 1888 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:02:49.0527 1888 AODDriver4.01 - ok
18:02:49.0558 1888 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:02:49.0558 1888 AODDriver4.1 - ok
18:02:49.0574 1888 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
18:02:49.0590 1888 AppID - ok
18:02:49.0621 1888 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:02:49.0621 1888 AppIDSvc - ok
18:02:49.0636 1888 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
18:02:49.0636 1888 Appinfo - ok
18:02:49.0730 1888 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:02:49.0730 1888 Apple Mobile Device - ok
18:02:49.0777 1888 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:02:49.0777 1888 AppMgmt - ok
18:02:49.0824 1888 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:02:49.0824 1888 arc - ok
18:02:49.0839 1888 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:02:49.0839 1888 arcsas - ok
18:02:49.0886 1888 aspnet_state - ok
18:02:49.0917 1888 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:02:49.0917 1888 AsyncMac - ok
18:02:49.0933 1888 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:02:49.0933 1888 atapi - ok
18:02:50.0167 1888 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:02:50.0214 1888 atikmdag - ok
18:02:50.0260 1888 [ A6FAD7A5ADA4675BA9C9FEAF4E0542BA ] ATITool C:\Windows\system32\DRIVERS\ATITool64.sys
18:02:50.0260 1888 ATITool - ok
18:02:50.0307 1888 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:02:50.0323 1888 AudioEndpointBuilder - ok
18:02:50.0338 1888 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:02:50.0338 1888 AudioSrv - ok
18:02:50.0370 1888 [ C30B5FC0ADCDFBA7668E99BAF0CBF58E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:02:50.0385 1888 avgntflt - ok
18:02:50.0401 1888 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:02:50.0416 1888 AxInstSV - ok
18:02:50.0463 1888 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:02:50.0463 1888 b06bdrv - ok
18:02:50.0494 1888 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:02:50.0510 1888 b57nd60a - ok
18:02:50.0526 1888 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:02:50.0526 1888 BDESVC - ok
18:02:50.0541 1888 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:02:50.0557 1888 Beep - ok
18:02:50.0604 1888 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
18:02:50.0635 1888 BFE - ok
18:02:50.0666 1888 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
18:02:50.0682 1888 BITS - ok
18:02:50.0713 1888 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:02:50.0713 1888 blbdrive - ok
18:02:50.0791 1888 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:02:50.0791 1888 Bonjour Service - ok
18:02:50.0822 1888 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:02:50.0838 1888 bowser - ok
18:02:50.0869 1888 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:02:50.0869 1888 BrFiltLo - ok
18:02:50.0884 1888 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:02:50.0884 1888 BrFiltUp - ok
18:02:50.0916 1888 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
18:02:50.0916 1888 Browser - ok
18:02:50.0947 1888 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:02:50.0947 1888 Brserid - ok
18:02:50.0962 1888 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:02:50.0978 1888 BrSerWdm - ok
18:02:50.0978 1888 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:02:50.0978 1888 BrUsbMdm - ok
18:02:50.0994 1888 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:02:50.0994 1888 BrUsbSer - ok
18:02:51.0025 1888 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:02:51.0056 1888 BTHMODEM - ok
18:02:51.0072 1888 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:02:51.0072 1888 bthserv - ok
18:02:51.0087 1888 catchme - ok
18:02:51.0118 1888 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:02:51.0118 1888 cdfs - ok
18:02:51.0150 1888 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:02:51.0150 1888 cdrom - ok
18:02:51.0196 1888 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
18:02:51.0212 1888 CertPropSvc - ok
18:02:51.0228 1888 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:02:51.0243 1888 circlass - ok
18:02:51.0259 1888 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:02:51.0259 1888 CLFS - ok
18:02:51.0290 1888 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:51.0290 1888 clr_optimization_v2.0.50727_32 - ok
18:02:51.0352 1888 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:02:51.0352 1888 clr_optimization_v2.0.50727_64 - ok
18:02:51.0462 1888 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:02:51.0462 1888 clr_optimization_v4.0.30319_32 - ok
18:02:51.0477 1888 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:02:51.0493 1888 clr_optimization_v4.0.30319_64 - ok
18:02:51.0540 1888 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:02:51.0540 1888 CmBatt - ok
18:02:51.0540 1888 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:02:51.0540 1888 cmdide - ok
18:02:51.0571 1888 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
18:02:51.0571 1888 CNG - ok
18:02:51.0586 1888 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:02:51.0602 1888 Compbatt - ok
18:02:51.0633 1888 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:02:51.0633 1888 CompositeBus - ok
18:02:51.0649 1888 COMSysApp - ok
18:02:51.0680 1888 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:02:51.0680 1888 crcdisk - ok
18:02:51.0727 1888 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:02:51.0727 1888 CryptSvc - ok
18:02:51.0758 1888 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
18:02:51.0789 1888 CSC - ok
18:02:51.0805 1888 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
18:02:51.0820 1888 CscService - ok
18:02:51.0867 1888 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:02:51.0883 1888 DcomLaunch - ok
18:02:51.0914 1888 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:02:51.0930 1888 defragsvc - ok
18:02:51.0976 1888 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:02:51.0992 1888 DfsC - ok
18:02:52.0039 1888 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
18:02:52.0070 1888 Dhcp - ok
18:02:52.0086 1888 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:02:52.0086 1888 discache - ok
18:02:52.0179 1888 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:02:52.0179 1888 Disk - ok
18:02:52.0210 1888 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:02:52.0226 1888 Dnscache - ok
18:02:52.0242 1888 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
18:02:52.0257 1888 dot3svc - ok
18:02:52.0273 1888 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
18:02:52.0288 1888 DPS - ok
18:02:52.0335 1888 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:02:52.0335 1888 drmkaud - ok
18:02:52.0382 1888 [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:02:52.0413 1888 DXGKrnl - ok
18:02:52.0444 1888 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:02:52.0444 1888 EapHost - ok
18:02:52.0600 1888 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:02:52.0725 1888 ebdrv - ok
18:02:52.0756 1888 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
18:02:52.0772 1888 EFS - ok
18:02:52.0834 1888 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:02:52.0928 1888 ehRecvr - ok
18:02:52.0944 1888 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:02:52.0959 1888 ehSched - ok
18:02:53.0037 1888 [ 4360D0DDBC501A7DF418E93ED235D848 ] ElRawDisk C:\Windows\system32\drivers\elrawdsk.sys
18:02:53.0037 1888 ElRawDisk - ok
18:02:53.0100 1888 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:02:53.0146 1888 elxstor - ok
18:02:53.0162 1888 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:02:53.0162 1888 ErrDev - ok
18:02:53.0256 1888 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:02:53.0318 1888 EventSystem - ok
18:02:53.0365 1888 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:02:53.0380 1888 exfat - ok
18:02:53.0412 1888 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:02:53.0412 1888 fastfat - ok
18:02:53.0474 1888 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
18:02:53.0490 1888 Fax - ok
18:02:53.0505 1888 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:02:53.0521 1888 fdc - ok
18:02:53.0583 1888 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:02:53.0583 1888 fdPHost - ok
18:02:53.0599 1888 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:02:53.0599 1888 FDResPub - ok
18:02:53.0661 1888 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:02:53.0677 1888 FileInfo - ok
18:02:53.0677 1888 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:02:53.0692 1888 Filetrace - ok
18:02:53.0708 1888 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:02:53.0724 1888 flpydisk - ok
18:02:53.0802 1888 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:02:53.0817 1888 FltMgr - ok
18:02:53.0911 1888 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
18:02:53.0958 1888 FontCache - ok
18:02:53.0989 1888 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:02:53.0989 1888 FontCache3.0.0.0 - ok
18:02:54.0004 1888 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:02:54.0004 1888 FsDepends - ok
18:02:54.0020 1888 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:02:54.0020 1888 Fs_Rec - ok
18:02:54.0067 1888 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:02:54.0082 1888 fvevol - ok
18:02:54.0098 1888 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:02:54.0114 1888 gagp30kx - ok
18:02:54.0176 1888 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:02:54.0176 1888 GEARAspiWDM - ok
18:02:54.0207 1888 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
18:02:54.0238 1888 gpsvc - ok
18:02:54.0254 1888 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:02:54.0254 1888 hcw85cir - ok
18:02:54.0301 1888 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:02:54.0316 1888 HdAudAddService - ok
18:02:54.0348 1888 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:02:54.0348 1888 HDAudBus - ok
18:02:54.0363 1888 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:02:54.0363 1888 HidBatt - ok
18:02:54.0379 1888 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:02:54.0379 1888 HidBth - ok
18:02:54.0394 1888 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:02:54.0394 1888 HidIr - ok
18:02:54.0410 1888 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:02:54.0410 1888 hidserv - ok
18:02:54.0441 1888 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:02:54.0441 1888 HidUsb - ok
18:02:54.0550 1888 [ A68E6B53BBA0F546821E1586DD4F1CDF ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
18:02:54.0550 1888 HiPatchService - ok
18:02:54.0566 1888 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:02:54.0597 1888 hkmsvc - ok
18:02:54.0628 1888 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:02:54.0628 1888 HomeGroupListener - ok
18:02:54.0706 1888 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:02:54.0722 1888 HomeGroupProvider - ok
18:02:54.0753 1888 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:02:54.0769 1888 HpSAMD - ok
18:02:54.0800 1888 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:02:54.0847 1888 HTTP - ok
18:02:54.0847 1888 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:02:54.0862 1888 hwpolicy - ok
18:02:54.0894 1888 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:02:54.0894 1888 i8042prt - ok
18:02:54.0925 1888 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
18:02:54.0925 1888 iaStorV - ok
18:02:55.0018 1888 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:02:55.0018 1888 IDriverT - ok
18:02:55.0112 1888 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:02:55.0299 1888 idsvc - ok
18:02:55.0346 1888 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:02:55.0346 1888 iirsp - ok
18:02:55.0393 1888 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
18:02:55.0424 1888 IKEEXT - ok
18:02:55.0424 1888 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:02:55.0440 1888 intelide - ok
18:02:55.0455 1888 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:02:55.0455 1888 intelppm - ok
18:02:55.0658 1888 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:02:55.0767 1888 IntuitUpdateService - ok
18:02:55.0970 1888 [ 1F652D8E2AB4E9677F2162967BFE7FE6 ] iPAHelper.exe C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
18:02:56.0032 1888 iPAHelper.exe - ok
18:02:56.0048 1888 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:02:56.0064 1888 IPBusEnum - ok
18:02:56.0079 1888 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:02:56.0079 1888 IpFilterDriver - ok
18:02:56.0095 1888 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:02:56.0110 1888 iphlpsvc - ok
18:02:56.0126 1888 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:02:56.0142 1888 IPMIDRV - ok
18:02:56.0142 1888 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:02:56.0142 1888 IPNAT - ok
18:02:56.0220 1888 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:02:56.0235 1888 iPod Service - ok
18:02:56.0266 1888 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:02:56.0266 1888 IRENUM - ok
18:02:56.0298 1888 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:02:56.0298 1888 isapnp - ok
18:02:56.0329 1888 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:02:56.0329 1888 iScsiPrt - ok
18:02:56.0360 1888 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:02:56.0360 1888 kbdclass - ok
18:02:56.0391 1888 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:02:56.0391 1888 kbdhid - ok
18:02:56.0422 1888 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
18:02:56.0422 1888 KeyIso - ok
18:02:56.0422 1888 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:02:56.0438 1888 KSecDD - ok
18:02:56.0454 1888 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:02:56.0454 1888 KSecPkg - ok
18:02:56.0469 1888 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:02:56.0469 1888 ksthunk - ok
18:02:56.0485 1888 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:02:56.0500 1888 KtmRm - ok
18:02:56.0547 1888 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:02:56.0563 1888 LanmanServer - ok
18:02:56.0578 1888 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:02:56.0594 1888 LanmanWorkstation - ok
18:02:56.0625 1888 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:02:56.0688 1888 lltdio - ok
18:02:56.0781 1888 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:02:56.0812 1888 lltdsvc - ok
18:02:56.0828 1888 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:02:56.0828 1888 lmhosts - ok
18:02:56.0875 1888 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:02:56.0875 1888 LSI_FC - ok
18:02:56.0890 1888 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:02:56.0906 1888 LSI_SAS - ok
18:02:56.0906 1888 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:02:56.0922 1888 LSI_SAS2 - ok
18:02:56.0922 1888 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:02:56.0922 1888 LSI_SCSI - ok
18:02:56.0953 1888 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:02:56.0968 1888 luafv - ok
18:02:57.0046 1888 [ DBC08862A71459E74F7538B432C114CC ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:02:57.0046 1888 MBAMProtector - ok
18:02:57.0109 1888 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:02:57.0124 1888 MBAMService - ok
18:02:57.0171 1888 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
18:02:57.0171 1888 mcdbus - ok
18:02:57.0187 1888 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:02:57.0187 1888 Mcx2Svc - ok
18:02:57.0202 1888 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:02:57.0218 1888 megasas - ok
18:02:57.0249 1888 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:02:57.0249 1888 MegaSR - ok
18:02:57.0358 1888 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:02:57.0358 1888 Microsoft Office Groove Audit Service - ok
18:02:57.0374 1888 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:02:57.0374 1888 MMCSS - ok
18:02:57.0390 1888 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:02:57.0390 1888 Modem - ok
18:02:57.0421 1888 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:02:57.0421 1888 monitor - ok
18:02:57.0452 1888 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:02:57.0452 1888 mouclass - ok
18:02:57.0483 1888 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:02:57.0483 1888 mouhid - ok
18:02:57.0483 1888 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:02:57.0483 1888 mountmgr - ok
18:02:57.0561 1888 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:02:57.0561 1888 MozillaMaintenance - ok
18:02:57.0577 1888 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:02:57.0592 1888 mpio - ok
18:02:57.0592 1888 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:02:57.0608 1888 mpsdrv - ok
18:02:57.0639 1888 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:02:57.0670 1888 MpsSvc - ok
18:02:57.0686 1888 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:02:57.0702 1888 MRxDAV - ok
18:02:57.0717 1888 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:02:57.0717 1888 mrxsmb - ok
18:02:57.0733 1888 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:02:57.0733 1888 mrxsmb10 - ok
18:02:57.0764 1888 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:02:57.0764 1888 mrxsmb20 - ok
18:02:57.0795 1888 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:02:57.0795 1888 msahci - ok
18:02:57.0858 1888 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:02:57.0873 1888 msdsm - ok
18:02:57.0889 1888 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:02:57.0889 1888 MSDTC - ok
18:02:57.0920 1888 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:02:57.0936 1888 Msfs - ok
18:02:57.0936 1888 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:02:57.0936 1888 mshidkmdf - ok
18:02:57.0951 1888 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:02:57.0967 1888 msisadrv - ok
18:02:57.0998 1888 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:02:57.0998 1888 MSiSCSI - ok
18:02:57.0998 1888 msiserver - ok
18:02:58.0029 1888 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:02:58.0029 1888 MSKSSRV - ok
18:02:58.0045 1888 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:02:58.0045 1888 MSPCLOCK - ok
18:02:58.0045 1888 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:02:58.0045 1888 MSPQM - ok
18:02:58.0060 1888 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:02:58.0076 1888 MsRPC - ok
18:02:58.0092 1888 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:02:58.0092 1888 mssmbios - ok
18:02:58.0092 1888 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:02:58.0092 1888 MSTEE - ok
18:02:58.0107 1888 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:02:58.0107 1888 MTConfig - ok
18:02:58.0123 1888 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:02:58.0123 1888 Mup - ok
18:02:58.0154 1888 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
18:02:58.0170 1888 napagent - ok
18:02:58.0216 1888 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:02:58.0232 1888 NativeWifiP - ok
18:02:58.0279 1888 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:02:58.0294 1888 NDIS - ok
18:02:58.0310 1888 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:02:58.0310 1888 NdisCap - ok
18:02:58.0341 1888 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:02:58.0341 1888 NdisTapi - ok
18:02:58.0357 1888 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:02:58.0357 1888 Ndisuio - ok
18:02:58.0372 1888 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:02:58.0388 1888 NdisWan - ok
18:02:58.0404 1888 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:02:58.0404 1888 NDProxy - ok
18:02:58.0435 1888 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:02:58.0435 1888 NetBIOS - ok
18:02:58.0450 1888 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:02:58.0466 1888 NetBT - ok
18:02:58.0482 1888 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
18:02:58.0482 1888 Netlogon - ok
18:02:58.0528 1888 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:02:58.0544 1888 Netman - ok
18:02:58.0560 1888 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:02:58.0575 1888 netprofm - ok
18:02:58.0606 1888 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:02:58.0606 1888 NetTcpPortSharing - ok
18:02:58.0638 1888 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:02:58.0638 1888 nfrd960 - ok
18:02:58.0653 1888 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:02:58.0731 1888 NlaSvc - ok
18:02:58.0731 1888 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:02:58.0731 1888 Npfs - ok
18:02:58.0747 1888 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:02:58.0747 1888 nsi - ok
18:02:58.0762 1888 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:02:58.0762 1888 nsiproxy - ok
18:02:58.0809 1888 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:02:58.0856 1888 Ntfs - ok
18:02:58.0872 1888 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:02:58.0887 1888 Null - ok
18:02:58.0903 1888 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
18:02:58.0918 1888 nvraid - ok
18:02:58.0918 1888 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
18:02:58.0918 1888 nvstor - ok
18:02:58.0950 1888 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:02:58.0965 1888 nv_agp - ok
18:02:59.0168 1888 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:02:59.0184 1888 odserv - ok
18:02:59.0199 1888 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:02:59.0215 1888 ohci1394 - ok
18:02:59.0262 1888 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:02:59.0277 1888 ose - ok
18:02:59.0293 1888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:02:59.0308 1888 p2pimsvc - ok
18:02:59.0324 1888 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:02:59.0340 1888 p2psvc - ok
18:02:59.0371 1888 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:02:59.0371 1888 Parport - ok
18:02:59.0386 1888 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:02:59.0386 1888 partmgr - ok
18:02:59.0402 1888 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:02:59.0418 1888 PcaSvc - ok
18:02:59.0433 1888 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
18:02:59.0433 1888 pci - ok
18:02:59.0433 1888 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:02:59.0433 1888 pciide - ok
18:02:59.0464 1888 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:02:59.0464 1888 pcmcia - ok
18:02:59.0496 1888 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:02:59.0511 1888 pcw - ok
18:02:59.0558 1888 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:02:59.0620 1888 PEAUTH - ok
18:02:59.0917 1888 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:03:00.0010 1888 PeerDistSvc - ok
18:03:00.0104 1888 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:03:00.0135 1888 PerfHost - ok
18:03:00.0276 1888 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
18:03:00.0338 1888 pla - ok
18:03:00.0385 1888 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:03:00.0385 1888 PlugPlay - ok
18:03:00.0463 1888 PnkBstrA - ok
18:03:00.0478 1888 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:03:00.0510 1888 PNRPAutoReg - ok
18:03:00.0525 1888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:03:00.0525 1888 PNRPsvc - ok
18:03:00.0572 1888 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:03:00.0588 1888 PolicyAgent - ok
18:03:00.0650 1888 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:03:00.0681 1888 Power - ok
18:03:00.0759 1888 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:03:00.0806 1888 PptpMiniport - ok
18:03:00.0822 1888 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:03:00.0822 1888 Processor - ok
18:03:00.0853 1888 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
18:03:00.0868 1888 ProfSvc - ok
18:03:00.0884 1888 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
18:03:00.0884 1888 ProtectedStorage - ok
18:03:00.0915 1888 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:03:00.0915 1888 Psched - ok
18:03:00.0962 1888 [ 05F46042208E515B9C240AAFC54E7AA2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:03:00.0978 1888 PxHlpa64 - ok
18:03:01.0040 1888 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:03:01.0134 1888 ql2300 - ok
18:03:01.0149 1888 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:03:01.0165 1888 ql40xx - ok
18:03:01.0196 1888 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:03:01.0212 1888 QWAVE - ok
18:03:01.0227 1888 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:03:01.0243 1888 QWAVEdrv - ok
18:03:01.0258 1888 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:03:01.0258 1888 RasAcd - ok
18:03:01.0321 1888 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:03:01.0336 1888 RasAgileVpn - ok
18:03:01.0352 1888 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:03:01.0383 1888 RasAuto - ok
18:03:01.0414 1888 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:03:01.0430 1888 Rasl2tp - ok
18:03:01.0477 1888 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
18:03:01.0492 1888 RasMan - ok
18:03:01.0539 1888 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:03:01.0539 1888 RasPppoe - ok
18:03:01.0555 1888 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:03:01.0555 1888 RasSstp - ok
18:03:01.0602 1888 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:03:01.0617 1888 rdbss - ok
18:03:01.0617 1888 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:03:01.0633 1888 rdpbus - ok
18:03:01.0633 1888 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:03:01.0633 1888 RDPCDD - ok
18:03:01.0664 1888 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:03:01.0664 1888 RDPDR - ok
18:03:01.0711 1888 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:03:01.0711 1888 RDPENCDD - ok
18:03:01.0711 1888 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:03:01.0711 1888 RDPREFMP - ok
18:03:01.0726 1888 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:03:01.0742 1888 RDPWD - ok
18:03:01.0773 1888 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:03:01.0773 1888 rdyboost - ok
18:03:01.0804 1888 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:03:01.0820 1888 RemoteAccess - ok
18:03:01.0867 1888 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:03:01.0867 1888 RemoteRegistry - ok
18:03:01.0976 1888 [ 85B5159D86AC06AD744EE9D3C288AEEE ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
18:03:01.0976 1888 Roxio UPnP Renderer 10 - ok
18:03:01.0992 1888 [ 0DB43CAF2D77B809A86E9D7E1BCC6D76 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
18:03:02.0007 1888 Roxio Upnp Server 10 - ok
18:03:02.0116 1888 [ 7958AFFC64E4F284068EB6575CC64DCF ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
18:03:02.0179 1888 RoxLiveShare10 - ok
18:03:02.0288 1888 [ ED69CD4AB4BE607ABF768A60E4AC79DA ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:03:02.0335 1888 RoxMediaDB10 - ok
18:03:02.0382 1888 [ 0DA14EE2C0E274FEA5A6545181851C16 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
18:03:02.0397 1888 RoxWatch10 - ok
18:03:02.0413 1888 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:03:02.0444 1888 RpcEptMapper - ok
18:03:02.0460 1888 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:03:02.0475 1888 RpcLocator - ok
18:03:02.0491 1888 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
18:03:02.0491 1888 RpcSs - ok
18:03:02.0522 1888 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:03:02.0538 1888 rspndr - ok
18:03:02.0569 1888 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:03:02.0584 1888 RTL8167 - ok
18:03:02.0600 1888 RxFilter - ok
18:03:02.0631 1888 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
18:03:02.0631 1888 s3cap - ok
18:03:02.0647 1888 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
18:03:02.0647 1888 SamSs - ok
18:03:02.0678 1888 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:03:02.0678 1888 sbp2port - ok
18:03:02.0803 1888 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:03:02.0881 1888 SBSDWSCService - ok
18:03:02.0912 1888 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:03:02.0912 1888 SCardSvr - ok
18:03:02.0928 1888 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:03:02.0928 1888 scfilter - ok
18:03:02.0959 1888 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
18:03:03.0037 1888 Schedule - ok
18:03:03.0068 1888 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:03:03.0068 1888 SCPolicySvc - ok
18:03:03.0068 1888 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:03:03.0099 1888 SDRSVC - ok
18:03:03.0130 1888 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:03:03.0146 1888 secdrv - ok
18:03:03.0162 1888 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
18:03:03.0162 1888 seclogon - ok
18:03:03.0193 1888 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:03:03.0208 1888 SENS - ok
18:03:03.0224 1888 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:03:03.0240 1888 SensrSvc - ok
18:03:03.0271 1888 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:03:03.0318 1888 Serenum - ok
18:03:03.0349 1888 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:03:03.0396 1888 Serial - ok
18:03:03.0411 1888 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:03:03.0458 1888 sermouse - ok
18:03:03.0489 1888 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
18:03:03.0505 1888 SessionEnv - ok
18:03:03.0520 1888 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:03:03.0536 1888 sffdisk - ok
18:03:03.0552 1888 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:03:03.0567 1888 sffp_mmc - ok
18:03:03.0583 1888 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:03:03.0614 1888 sffp_sd - ok
18:03:03.0645 1888 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:03:03.0645 1888 sfloppy - ok
18:03:03.0739 1888 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:03:03.0770 1888 SharedAccess - ok
18:03:03.0817 1888 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:03:03.0832 1888 ShellHWDetection - ok
18:03:03.0879 1888 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:03:03.0910 1888 SiSRaid2 - ok
18:03:03.0942 1888 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:03:03.0942 1888 SiSRaid4 - ok
18:03:03.0973 1888 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:03:04.0020 1888 Smb - ok
18:03:04.0082 1888 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:03:04.0098 1888 SNMPTRAP - ok
18:03:04.0129 1888 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:03:04.0144 1888 spldr - ok
18:03:04.0176 1888 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
18:03:04.0207 1888 Spooler - ok
18:03:04.0317 1888 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
18:03:04.0395 1888 sppsvc - ok
18:03:04.0426 1888 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:03:04.0442 1888 sppuinotify - ok
18:03:04.0489 1888 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:03:04.0504 1888 srv - ok
18:03:04.0567 1888 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:03:04.0598 1888 srv2 - ok
18:03:04.0629 1888 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:03:04.0645 1888 srvnet - ok
18:03:04.0676 1888 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:03:04.0691 1888 SSDPSRV - ok
18:03:04.0723 1888 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:03:04.0723 1888 SstpSvc - ok
18:03:04.0754 1888 Steam Client Service - ok
18:03:04.0769 1888 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:03:04.0769 1888 stexstor - ok
18:03:04.0816 1888 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
18:03:04.0879 1888 stisvc - ok
18:03:04.0925 1888 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
18:03:04.0925 1888 storflt - ok
18:03:04.0972 1888 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
18:03:04.0972 1888 storvsc - ok
18:03:04.0988 1888 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:03:04.0988 1888 swenum - ok
18:03:05.0206 1888 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:03:05.0269 1888 SwitchBoard - ok
18:03:05.0300 1888 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:03:05.0348 1888 swprv - ok
18:03:05.0488 1888 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
18:03:05.0613 1888 SysMain - ok
18:03:05.0628 1888 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:03:05.0738 1888 TabletInputService - ok
18:03:05.0800 1888 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
18:03:05.0831 1888 TapiSrv - ok
18:03:05.0847 1888 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:03:05.0862 1888 TBS - ok
18:03:06.0237 1888 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:03:06.0315 1888 Tcpip - ok
18:03:06.0487 1888 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:03:06.0503 1888 TCPIP6 - ok
18:03:06.0519 1888 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:03:06.0550 1888 tcpipreg - ok
18:03:06.0581 1888 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:03:06.0581 1888 TDPIPE - ok
18:03:06.0612 1888 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:03:06.0643 1888 TDTCP - ok
18:03:06.0643 1888 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:03:06.0659 1888 tdx - ok
18:03:06.0675 1888 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:03:06.0675 1888 TermDD - ok
18:03:06.0721 1888 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
18:03:06.0846 1888 TermService - ok
18:03:06.0862 1888 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:03:06.0877 1888 Themes - ok
18:03:06.0893 1888 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:03:06.0893 1888 THREADORDER - ok
18:03:06.0909 1888 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:03:06.0924 1888 TrkWks - ok
18:03:07.0018 1888 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:03:07.0018 1888 TrustedInstaller - ok
18:03:07.0033 1888 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:03:07.0033 1888 tssecsrv - ok
18:03:07.0143 1888 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:03:07.0174 1888 tunnel - ok
18:03:07.0174 1888 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:03:07.0189 1888 uagp35 - ok
18:03:07.0236 1888 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:03:07.0345 1888 udfs - ok
18:03:07.0383 1888 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:03:07.0386 1888 UI0Detect - ok
18:03:07.0402 1888 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:03:07.0417 1888 uliagpkx - ok
18:03:07.0448 1888 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:03:07.0464 1888 umbus - ok
18:03:07.0495 1888 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:03:07.0495 1888 UmPass - ok
18:03:07.0573 1888 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
18:03:07.0620 1888 UmRdpService - ok
18:03:07.0698 1888 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:03:07.0714 1888 upnphost - ok
18:03:07.0760 1888 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:03:07.0760 1888 USBAAPL64 - ok
18:03:07.0792 1888 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:03:07.0792 1888 usbccgp - ok
18:03:07.0792 1888 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:03:07.0807 1888 usbcir - ok
18:03:07.0823 1888 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:03:07.0823 1888 usbehci - ok
18:03:07.0870 1888 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:03:07.0901 1888 usbhub - ok
18:03:07.0948 1888 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:03:07.0948 1888 usbohci - ok
18:03:07.0979 1888 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:03:07.0994 1888 usbprint - ok
18:03:08.0026 1888 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:03:08.0041 1888 USBSTOR - ok
18:03:08.0041 1888 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:03:08.0057 1888 usbuhci - ok
18:03:08.0072 1888 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:03:08.0072 1888 UxSms - ok
18:03:08.0088 1888 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
18:03:08.0088 1888 VaultSvc - ok
18:03:08.0135 1888 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:03:08.0135 1888 vdrvroot - ok
18:03:08.0182 1888 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
18:03:08.0228 1888 vds - ok
18:03:08.0275 1888 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:03:08.0306 1888 vga - ok
18:03:08.0322 1888 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:03:08.0322 1888 VgaSave - ok
18:03:08.0369 1888 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:03:08.0369 1888 vhdmp - ok
18:03:08.0478 1888 [ 8F69C38A8BA725F891F26AAC8888696E ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
18:03:08.0494 1888 VIAHdAudAddService - ok
18:03:08.0509 1888 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:03:08.0509 1888 viaide - ok
18:03:08.0572 1888 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
18:03:08.0587 1888 vmbus - ok
18:03:08.0618 1888 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
18:03:08.0634 1888 VMBusHID - ok
18:03:08.0774 1888 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:03:08.0790 1888 volmgr - ok
18:03:08.0806 1888 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:03:08.0806 1888 volmgrx - ok
18:03:08.0852 1888 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
18:03:08.0852 1888 volsnap - ok
18:03:08.0899 1888 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:03:08.0899 1888 vsmraid - ok
18:03:08.0962 1888 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
18:03:08.0993 1888 VSS - ok
18:03:09.0008 1888 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:03:09.0024 1888 vwifibus - ok
18:03:09.0040 1888 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:03:09.0055 1888 W32Time - ok
18:03:09.0071 1888 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:03:09.0071 1888 WacomPen - ok
18:03:09.0102 1888 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:03:09.0118 1888 WANARP - ok
18:03:09.0133 1888 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:03:09.0133 1888 Wanarpv6 - ok
18:03:09.0164 1888 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
18:03:09.0211 1888 wbengine - ok
18:03:09.0227 1888 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:03:09.0242 1888 WbioSrvc - ok
18:03:09.0274 1888 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:03:09.0274 1888 wcncsvc - ok
18:03:09.0289 1888 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:03:09.0289 1888 WcsPlugInService - ok
18:03:09.0305 1888 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:03:09.0320 1888 Wd - ok
18:03:09.0336 1888 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:03:09.0367 1888 Wdf01000 - ok
18:03:09.0383 1888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:03:09.0383 1888 WdiServiceHost - ok
18:03:09.0398 1888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:03:09.0398 1888 WdiSystemHost - ok
18:03:09.0414 1888 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
18:03:09.0430 1888 WebClient - ok
18:03:09.0445 1888 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:03:09.0461 1888 Wecsvc - ok
18:03:09.0476 1888 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:03:09.0476 1888 wercplsupport - ok
18:03:09.0508 1888 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:03:09.0508 1888 WerSvc - ok
18:03:09.0539 1888 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:03:09.0539 1888 WfpLwf - ok
18:03:09.0554 1888 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:03:09.0554 1888 WIMMount - ok
18:03:09.0554 1888 WinHttpAutoProxySvc - ok
18:03:09.0601 1888 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:03:09.0617 1888 Winmgmt - ok
18:03:09.0695 1888 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
18:03:09.0757 1888 WinRM - ok
18:03:09.0820 1888 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:03:09.0820 1888 WinUsb - ok
18:03:09.0882 1888 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:03:09.0960 1888 Wlansvc - ok
18:03:09.0991 1888 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:03:09.0991 1888 WmiAcpi - ok
18:03:10.0054 1888 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:03:10.0085 1888 wmiApSrv - ok
18:03:10.0163 1888 WMPNetworkSvc - ok
18:03:10.0178 1888 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:03:10.0194 1888 WPCSvc - ok
18:03:10.0210 1888 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:03:10.0225 1888 WPDBusEnum - ok
18:03:10.0241 1888 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:03:10.0241 1888 ws2ifsl - ok
18:03:10.0241 1888 WSearch - ok
18:03:10.0460 1888 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:03:10.0523 1888 wuauserv - ok
18:03:10.0538 1888 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:03:10.0538 1888 WudfPf - ok
18:03:10.0585 1888 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:03:10.0585 1888 WUDFRd - ok
18:03:10.0663 1888 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:03:10.0679 1888 wudfsvc - ok
18:03:10.0788 1888 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:03:10.0835 1888 WwanSvc - ok
18:03:10.0835 1888 ================ Scan global ===============================
18:03:10.0850 1888 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:03:10.0881 1888 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
18:03:10.0913 1888 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
18:03:10.0913 1888 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:03:10.0944 1888 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:03:10.0959 1888 [Global] - ok
18:03:10.0959 1888 ================ Scan MBR ==================================
18:03:10.0959 1888 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:03:10.0959 1888 Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:03:11.0022 1888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:03:11.0022 1888 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:03:11.0069 1888 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:03:11.0069 1888 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:03:11.0069 1888 ================ Scan VBR ==================================
18:03:11.0069 1888 [ 4EFD2A7BC0CE2CB616E25C763BFDDCC2 ] \Device\Harddisk0\DR0\Partition1
18:03:11.0069 1888 \Device\Harddisk0\DR0\Partition1 - ok
18:03:11.0100 1888 [ 17E0428092345BACAA5C413CA8DB57B7 ] \Device\Harddisk0\DR0\Partition2
18:03:11.0100 1888 \Device\Harddisk0\DR0\Partition2 - ok
18:03:11.0100 1888 ============================================================
18:03:11.0100 1888 Scan finished
18:03:11.0100 1888 ============================================================
18:03:11.0115 4344 Detected object count: 2
18:03:11.0115 4344 Actual detected object count: 2
18:03:21.0022 4344 \Device\Harddisk0\DR0\# - copied to quarantine
18:03:21.0022 4344 \Device\Harddisk0\DR0 - copied to quarantine
18:03:21.0054 4344 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:03:21.0054 4344 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:03:21.0069 4344 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:03:21.0069 4344 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:03:21.0069 4344 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:03:21.0069 4344 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:03:21.0069 4344 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:03:21.0069 4344 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:03:21.0069 4344 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:03:21.0069 4344 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:03:21.0085 4344 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:03:21.0085 4344 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:03:21.0100 4344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:03:21.0116 4344 \Device\Harddisk0\DR0 - ok
18:03:21.0116 4344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:03:21.0116 4344 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:03:21.0116 4344 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:03:25.0063 3720 Deinitialize success


HERE IS THE aswMBR LOG
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-19 18:03:50
-----------------------------
18:03:50.725 OS Version: Windows x64 6.1.7600
18:03:50.725 Number of processors: 2 586 0x403
18:03:50.741 ComputerName: DAVID-PC UserName: David
18:03:51.521 Initialize success
18:04:38.104 AVAST engine defs: 12121901
18:04:39.586 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
18:04:39.586 Disk 0 Vendor: ST3250410AS 4.AAA Size: 238475MB BusType: 3
18:04:39.586 Device \Driver\atapi -> MajorFunction fffffa8004c945e8
18:04:39.601 Disk 0 MBR read successfully
18:04:39.601 Disk 0 MBR scan
18:04:39.601 Disk 0 Windows 7 default MBR code
18:04:39.601 Disk 0 MBR hidden
18:04:39.617 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:04:39.648 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
18:04:39.726 Disk 0 scanning C:\Windows\system32\drivers
18:04:52.627 Service scanning
18:04:54.016 Service 66990228 C:\Windows\system32\drivers\02635398.sys **HIDDEN**
18:05:12.798 Modules scanning
18:05:12.798 Disk 0 trace - called modules:
18:05:12.798 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800592e710]<<87148956.sys >>UNKNOWN [0xfffffa8004c945e8]<<
18:05:12.798 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048f96f0]
18:05:12.814 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80047a8520]
18:05:12.814 5 ACPI.sys[fffff88000f17781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0xfffffa8004794060]
18:05:12.814 \Driver\atapi[0xfffffa80047aeaa0] -> IRP_MJ_CREATE -> 0xfffffa8004c945e8
18:05:13.641 AVAST engine scan C:\Windows
18:05:18.336 AVAST engine scan C:\Windows\system32
18:09:10.989 AVAST engine scan C:\Windows\system32\drivers
18:09:23.216 AVAST engine scan C:\Users\David
18:15:03.260 AVAST engine scan C:\ProgramData
18:17:05.550 Scan finished successfully
18:17:28.622 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
18:17:28.638 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

Here is the ESET Info / Threats Found:

C:\TDSSKiller_Quarantine\19.12.2012_18.02.27\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\19.12.2012_18.02.27\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\19.12.2012_18.02.27\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan
C:\TDSSKiller_Quarantine\19.12.2012_18.02.27\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\19.12.2012_18.02.27\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\19.12.2012_18.02.27\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\25ac915d-4294901c a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\530d44e1-77e7fc77 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\4d01d587-790b0458 a variant of Java/Exploit.Blacole.AN trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:01 AM

Posted 21 December 2012 - 03:34 AM

Run ESET online scanner and make sure to select REMOVE THREATS option,post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 nwofoxhound

nwofoxhound
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 21 December 2012 - 10:34 PM

Here's my Malware log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.21.16

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
David :: DAVID-PC [administrator]

Protection: Enabled

12/21/2012 6:23:56 PM
mbam-log-2012-12-21 (18-23-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 518869
Time elapsed: 48 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\David\BitTorrent\Sid Meiers Civilization V-SKIDROW\7Loader Release 5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Mini Toolbox Log:

MiniToolBox by Farbar Version: 25-11-2012
Ran by David (administrator) on 21-12-2012 at 19:17:27
Running from "C:\Users\David\Desktop"
Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:60566

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15266 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : David-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : socal.rr.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : socal.rr.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E0-CB-4E-DF-35-A0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d528:2ed1:181c:aac3%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, December 21, 2012 7:15:06 PM
Lease Expires . . . . . . . . . . : Sunday, December 23, 2012 7:15:06 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 249613134
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-6B-96-63-E0-CB-4E-DF-35-A0
DNS Servers . . . . . . . . . . . : 66.75.160.63
66.75.160.64
209.18.47.61
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2ca6:2f01:b351:b8a9(Preferred)
Link-local IPv6 Address . . . . . : fe80::2ca6:2f01:b351:b8a9%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.socal.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : socal.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: rdns-lb-01.orange.rr.com
Address: 66.75.160.63

Name: google.com
Addresses: 2607:f8b0:4007:801::1001
74.125.224.164
74.125.224.165
74.125.224.166
74.125.224.167
74.125.224.168
74.125.224.169
74.125.224.174
74.125.224.160
74.125.224.161
74.125.224.162
74.125.224.163


Pinging google.com [74.125.224.201] with 32 bytes of data:
Reply from 74.125.224.201: bytes=32 time=15ms TTL=55
Reply from 74.125.224.201: bytes=32 time=16ms TTL=55

Ping statistics for 74.125.224.201:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 16ms, Average = 15ms
Server: rdns-lb-01.orange.rr.com
Address: 66.75.160.63

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=32ms TTL=53
Reply from 72.30.38.140: bytes=32 time=25ms TTL=53

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 32ms, Average = 28ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 4ms, Average = 2ms
===========================================================================
Interface List
11...e0 cb 4e df 35 a0 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:953c:2ca6:2f01:b351:b8a9/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2ca6:2f01:b351:b8a9/128
On-link
11 276 fe80::d528:2ed1:181c:aac3/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/21/2012 05:06:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (12/21/2012 05:06:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (12/21/2012 01:28:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (12/21/2012 01:25:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error: (12/21/2012 01:24:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/20/2012 09:03:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (12/20/2012 09:02:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error: (12/20/2012 09:01:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/19/2012 09:35:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: vlc.exe, version: 2.0.0.0, time stamp: 0x4f3e9873
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb3b
Exception code: 0xc0000374
Fault offset: 0x000cdcbb
Faulting process id: 0xed0
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (12/19/2012 08:48:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (12/21/2012 07:15:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (12/21/2012 07:15:13 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (12/21/2012 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%2

Error: (12/21/2012 00:32:26 PM) (Source: DCOM) (User: David-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}David-PCGuestS-1-5-21-1568863059-3908087026-3796040905-501LocalHost (Using LRPC)

Error: (12/21/2012 00:32:23 PM) (Source: DCOM) (User: David-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}David-PCGuestS-1-5-21-1568863059-3908087026-3796040905-501LocalHost (Using LRPC)

Error: (12/21/2012 00:32:06 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%2

Error: (12/21/2012 00:32:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (12/21/2012 00:32:01 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (12/21/2012 00:31:47 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%2

Error: (12/20/2012 06:49:08 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2011-08-24 18:02:16.325
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-08-24 18:02:16.309
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 9.3 (Version: 9.3.0)
Alien Swarm
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0405.2205.37728)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
AMD VISION Engine Control Center (Version: 2012.0405.2205.37728)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATITool Overclocking Utility (Version: 0.26)
Audacity 1.3.14 (Unicode)
Audiosurf
Battlefield: Bad Company 2
Battlelog Web Plugins (Version: 0.80.0)
Beat Hazard
BIT.TRIP BEAT
BitTorrent
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728)
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728)
ccc-utility64 (Version: 2012.0405.2205.37728)
CCC Help Chinese Standard (Version: 2012.0405.2204.37728)
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728)
CCC Help Czech (Version: 2012.0405.2204.37728)
CCC Help Danish (Version: 2012.0405.2204.37728)
CCC Help Dutch (Version: 2012.0405.2204.37728)
CCC Help English (Version: 2012.0405.2204.37728)
CCC Help Finnish (Version: 2012.0405.2204.37728)
CCC Help French (Version: 2012.0405.2204.37728)
CCC Help German (Version: 2012.0405.2204.37728)
CCC Help Greek (Version: 2012.0405.2204.37728)
CCC Help Hungarian (Version: 2012.0405.2204.37728)
CCC Help Italian (Version: 2012.0405.2204.37728)
CCC Help Japanese (Version: 2012.0405.2204.37728)
CCC Help Korean (Version: 2012.0405.2204.37728)
CCC Help Norwegian (Version: 2012.0405.2204.37728)
CCC Help Polish (Version: 2012.0405.2204.37728)
CCC Help Portuguese (Version: 2012.0405.2204.37728)
CCC Help Russian (Version: 2012.0405.2204.37728)
CCC Help Spanish (Version: 2012.0405.2204.37728)
CCC Help Swedish (Version: 2012.0405.2204.37728)
CCC Help Thai (Version: 2012.0405.2204.37728)
CCC Help Turkish (Version: 2012.0405.2204.37728)
CCleaner (remove only)
Chime
Chivalry: Medieval Warfare
Company of Heroes Online Launcher (THQ) (Version: 1.1.0.0)
CopyTrans Suite Remove Only (Version: 2.08)
Corona Visualization Plug-in for WMP (Version: 1.0.0)
Counter-Strike: Source
dBpoweramp [Arrange Audio] Codec (Version: Release 3)
dBpoweramp [Audio Info] Codec (Version: Release 1)
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec (Version: Release 3)
dBpoweramp [ReplayGain] Codec (Version: Release 2)
dBpoweramp [Tag From Filename] Codec (Version: Release 1)
dBpoweramp DSP Effects (Version: Release 4)
dBpoweramp m4a Codec (Version: Release 14)
dBpoweramp Music Converter (Version: Release 13.2)
DirectXInstallService (Version: 9.0.0)
EMC 10 Content (Version: 1.0.015)
EMCGadgets64 (Version: 1.0.020)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.0)
Eufloria
G-Force (Version: 3.7.1)
GEAR driver installer for AMD64 and Intel EM64T (Version: 2.003.1)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
iPod Access for Windows v4.2.2
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
LAME v3.98.3 for Audacity
Left 4 Dead 2
LIMBO
Live 8.2
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE (Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.1.99.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MixMeister Fusion 7.2.2
Mount and Blade: Warband
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
NVIDIA PhysX (Version: 9.10.0222)
OpenAL
oZone3D.Net FurMark v1.6.5
PDF Settings CS5 (Version: 10.0)
Platform (Version: 1.34)
Portal
Portal 2
PunkBuster Services (Version: 0.991)
QuickTime (Version: 7.69.80.9)
Rapture3D 2.3.22 Game
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
Rhythm Zone
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.1.0)
Roxio Central Audio (Version: 3.6.0)
Roxio Central Copy (Version: 3.6.0)
Roxio Central Core (Version: 3.6.0)
Roxio Central Data (Version: 3.6.0)
Roxio Central Tools (Version: 3.6.0)
Roxio CinePlayer (Version: 3.9)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Disc Gallery (Version: 3.1)
Roxio Easy Media Creator 10 Suite (Version: 1.0.044)
Roxio File Backup (Version: 1.1.0)
Space Pirates and Zombies
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Team Fortress 2
The Witcher: Enhanced Edition
Torchlight II
Tribes Ascend (Version: 1.0.1004.1)
Turba
TurboTax 2010
TurboTax 2010 wcaiper (Version: 010.000.1393)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
VIA Platform Device Manager (Version: 1.34)
Virtual DJ Pro Full - Atomix Productions
VLC media player 2.0.0 (Version: 2.0.0)
VVVVVV
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
World of Goo
Xfire (remove only)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 4095.18 MB
Available physical RAM: 2068.16 MB
Total Pagefile: 8188.5 MB
Available Pagefile: 5642.11 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.35 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:25.9 GB) NTFS
3 Drive f: (Civilization V) (CDROM) (Total:3.1 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\DAVID-PC

Administrator ASPNET David
Guest Pamela

========================= Restore Points ==================================

21-12-2012 05:07:32 Scheduled Checkpoint

**** End of log ****

FSS LOG:

Farbar Service Scanner Version: 10-12-2012
Ran by David (administrator) on 21-12-2012 at 19:21:25
Running from "C:\Users\David\Desktop"
Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 15:25] - [2009-07-13 17:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

AdwCleaner Log:

# AdwCleaner v2.101 - Logfile created 12/21/2012 at 19:21:53
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : David - DAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\y3mfx51w.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\04f03zpz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1865 octets] - [21/12/2012 19:21:53]

########## EOF - C:\AdwCleaner[R1].txt - [1925 octets] ##########

RKill Log:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/21/2012 07:29:24 PM in x64 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WinDefend [Missing Service]
* wscsvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 15286 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 12/21/2012 07:29:36 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.3 (12.21.2012:2)
OS: Windows 7 Ultimate x64
Ran by David on Fri 12/21/2012 at 19:22:36.41
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\y3mfx51w.default\extensions\rezyaqlnxd@rezyaqlnxd.org.xpi [Tracur]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/21/2012 at 19:28:41.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Autoruns Log:


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AdobeCS5ServiceManager" "Adobe CS5 Service Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe"
+ "AMD AVT" "" "" "File not found: start"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "HDAudDeck" "VIA HD Audio CPL" "VIA" "c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "ROC_roc_ssl_v12" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe"
+ "RoxWatchTray" "RoxMMTrayApp Module" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\roxwatchtray10.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ISUSScheduler" "Macrovision Software Manager Scheduler" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\updateservice\issch.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Evidence Eliminator" "" "" "File not found: C:\PROGRA~2\EVIDEN~1\EEShellExt.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip32.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip32.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip32.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "dBpShell Class" "Provides dBpoweramp Shell Interaction" "Illustrate" "c:\program files (x86)\illustrate\dbpoweramp\dbshell.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "aspnet_state" "Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start." "" "File not found: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "HiPatchService" "HiPatchService" "Hi-Rez Studios" "c:\program files (x86)\hi-rez studios\hipatchservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "IntuitUpdateService" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe"
+ "iPAHelper.exe" "iPod Access Helper Module" "" "c:\program files (x86)\ipod access for windows\ipahelper.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "PnkBstrA" "PunkBuster Service Component [v1034] http://www.evenbalance.com" "" "c:\windows\syswow64\pnkbstra.exe"
+ "Roxio UPnP Renderer 10" "Roxio UPnP PRenderer Service" "Sonic Solutions" "c:\program files (x86)\roxio\digital home 10\roxioupnprenderer10.exe"
+ "Roxio Upnp Server 10" "RoxioUpnpService10 Module" "Sonic Solutions" "c:\program files (x86)\roxio\digital home 10\roxioupnpservice10.exe"
+ "RoxLiveShare10" "Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager9." "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe"
+ "RoxMediaDB10" "Roxio RoxMediaDB10 Service" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\roxmediadb10.exe"
+ "RoxWatch10" "RoxSniffer10 Module" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\roxwatch10.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files (x86)\spybot - search & destroy\sdwinsec.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe"
+ "SwitchBoard" "Adobe SwitchBoard" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "A2DDA" "" "" "File not found: C:\Users\David\Desktop\e\Run\a2ddax64.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdiox64" "AMD IO Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdiox64.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "AODDriver4.01" "AMD OverDrive Service Driver" "Advanced Micro Devices" "c:\program files\ati technologies\ati.ace\fuel\amd64\aoddriver2.sys"
+ "AODDriver4.1" "AMD OverDrive Service Driver" "Advanced Micro Devices" "c:\program files\ati technologies\ati.ace\fuel\amd64\aoddriver2.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "ATITool" "Low-Level Driver" "" "c:\windows\system32\drivers\atitool64.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "ElRawDisk" "RawDisk Driver. Allows write-access to raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista." "EldoS Corporation" "c:\windows\system32\drivers\elrawdsk.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mcdbus" "MagicISO SCSI Host Controller" "MagicISO, Inc." "c:\windows\system32\drivers\mcdbus.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "RxFilter" "RxFilter mini-filter driver" "" "File not found: system32\DRIVERS\RxFilter.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "VIAHdAudAddService" "VIA High Definition Audio Function Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viahduaa.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "VIDC.XFR1" "Xfire Video Codec" "" "c:\windows\system32\xfcodec64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.XFR1" "Xfire Video Codec" "" "c:\windows\syswow64\xfcodec.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Sonic AMR Decoder" "AMR Decoder" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7amrd.ax"
+ "Sonic MP4 Demultiplexer" "MPEG-4 Demultiplexer Direct Show Filter" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7mp4demux.ax"
+ "Sonic MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7mpgdmx.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AAudioRipper" "" "" "c:\program files (x86)\ableton\live 8.2\program\audioripper.ax"
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "AMR Writer" "Roxio AMR Writer Filter" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\rxdsamrwriter.dll"
+ "AsyncEx" "VisioForge AsyncEx Filter" "VisioForge" "c:\users\david\appdata\roaming\windsolutions\copytransmanager\copytransmanager.ax"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "DivX Demux 0001" "DivXDemux" " " "c:\program files (x86)\common files\roxio shared\dllshared\divxdemux.ax"
+ "DivX ReSync 0001" "ReSync" "DivX, Inc." "c:\program files (x86)\common files\roxio shared\9.0\divx\resync.ax"
+ "DivX Subtitle Decoder 0001" "DivXSubDec" " " "c:\program files (x86)\common files\roxio shared\dllshared\divxsubdec.ax"
+ "DivX Video Decoder 0001" "DivX® Decoder Filter" "DivX, Inc." "c:\program files (x86)\common files\roxio shared\dllshared\divxdec.ax"
+ "LVMWriter" "LVMWriter" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\lvmwriter.ax"
+ "MainConcept (Sonic) DV Video Decoder" "DirectShow DV Video Encoder and Decoder" "MainConcept AG (Sonic)" "c:\program files (x86)\roxio\videocore 10\sonicmcdsdv.ax"
+ "MainConcept (Sonic) DV Video Encoder" "DirectShow DV Video Encoder and Decoder" "MainConcept AG (Sonic)" "c:\program files (x86)\roxio\videocore 10\sonicmcdsdv.ax"
+ "Media Analyser" "analyse Filter (Sample)" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\mediaanalyser.ax"
+ "Menu Source Bitmap Filter" "" "" "c:\program files (x86)\roxio\video convert 10\menudshowsource10.ax"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "PSI Parser" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO AC3 (5.1) Encoder" "AC3Encoder Filter" "Sonic Solutions, Inc." "c:\program files (x86)\common files\sonic shared\plugincodecs\roxioac3enc.dll"
+ "Roxio AMR Splitter" "Roxio AMR Splitter Filter" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\rxdsamrsplitter.ax"
+ "ROXIO Audio Source 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxaudio.ax"
+ "Roxio Audio Source Filter" "Roxio Audio Source Filter" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\rxdsaudiosource.ax"
+ "Roxio Audio Stream Reader Filter" "Roxio Audio Stream Reader Filter" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\rxdsaudiostreamreader.ax"
+ "Roxio Audio Stream Writer Filter" "Roxio Audio Stream Writer Filter" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\rxdsaudiostreamwriter.ax"
+ "ROXIO Audio VCFChunker 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxaudio.ax"
+ "ROXIO Audio VCFLooper 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxaudio.ax"
+ "ROXIO AudioConvert 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxaudio.ax"
+ "ROXIO AudioGrabber 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO ColorSpace Converter 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO CPU Regulator" "CPURegulator.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\cpuregulator.ax"
+ "ROXIO CrossGraphEx Renderer 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO CrossGraphEx Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "roxio DCFilters Audio Sync Filter 2 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\dllshared\dcfilters10.dll"
+ "roxio DCFilters Dragons Lair 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\dllshared\dcfilters10.dll"
+ "roxio DCFilters DVD Muxer 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\dllshared\dcfilters10.dll"
+ "roxio DCFilters DVDStream Reader 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\dllshared\dcfilters10.dll"
+ "roxio DCFilters DVDStream Splitter 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\dllshared\dcfilters10.dll"
+ "roxio DCFilters Mpeg I/II Decoder 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\dllshared\dcfilters10.dll"
+ "roxio DCFilters Smart Resizer 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\dllshared\dcfilters10.dll"
+ "roxio DCFilters Subpicture Mixer 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\dllshared\dcfilters10.dll"
+ "ROXIO Deinterlace 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO DV Scene Detector Tee 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO DVDCrossGraphEx Renderer 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO DVDCrossGraphEx Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO Field Combiner 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO Field Splitter 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO Image/Colour Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO ListImage Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO LPCMSyncFilter" "LPCMSync Filter" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\lpcmsyncfilter.dll"
+ "Roxio LVM File Source (Async.)" "LVMAsync" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\lvmasync.ax"
+ "Roxio Mp3 Encoder (SC)" "Roxio Audio Codec DLL" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\rxdsmp3encoder.ax"
+ "Roxio MPEG Analyzer Filter" "MPEG File Analyzer Dynamic Link Library" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\roxiompegprop.dll"
+ "Roxio MPEG Stream Analyzer" "Roxio MPEG Stream Splitter" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\mpegstreamanalyzer.dll"
+ "Roxio MPEG1 Audio Encoder" "ROXIO MPEG Audio Encoder" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\roxioaudioenc.dll"
+ "Roxio MPEG1 Encoder" "ROXIO MPEG1 Codec" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\mpeg1vidcodec.dll"
+ "Roxio MPEG1 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\mpeg1muxer.dll"
+ "Roxio MPEG2 Demuxer" "ROXIO MPEG Demuxer" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\roxiompegdemuxer.dll"
+ "Roxio MPEG2 Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio MPEG2 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\mpeg2muxer.dll"
+ "Roxio MPEG2 Video Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO Pan Zoom 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO Pin Tee" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "Roxio Plasma CrossGraph Renderer" "MGICGFilter.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\plasmacgfilter.ax"
+ "Roxio Plasma CrossGraph Source" "MGICGFilter.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\plasmacgfilter.ax"
+ "ROXIO QT Source" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO QuickGrabber 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO Raw Writer" "ROXIO Raw Writer" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\mgirawwriter.dll"
+ "Roxio Repack Filter" "Repack Filter" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\repackfilter.dll"
+ "ROXIO Scene Detector 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO SceneRecorder 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "Roxio Smart Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio Smart Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO SpyPos 3.0" "Null-In-Place (Sample)" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\mginullip.ax"
+ "ROXIO ThumbnailGrabber 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "Roxio Transport Stream Source" "ListFrameSource" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\tsmpegsource.dll"
+ "ROXIO VCFAlphaSplitter 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO VCFAudioMixer 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxaudio.ax"
+ "ROXIO VCFDvrSupport 3.0" "DVR support filter" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\dvrsupportfilt.ax"
+ "ROXIO VCFDVSceneDetect 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO VCFLatency 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxaudio.ax"
+ "ROXIO VCFpeakmeter 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxaudio.ax"
+ "ROXIO VCFStationLogo 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO VCFVideoCutList 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO VCFWaveform 1.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxaudio.ax"
+ "ROXIO Video Effect 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO Video Resampler 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO Video VCFLooper 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "ROXIO VideoCombine 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "Roxio VOB Formatter" "VOBFormatter" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\vobformatter.ax"
+ "Roxio Vob Loader" "VOBLoader" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\vobloader.ax"
+ "Sewer" "MVWcDSutil" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\mvwcdsutil.dll"
+ "Sonic AAC Decoder" "AAC audio decoder filter" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7daac.ax"
+ "Sonic AMR Decoder" "AMR Decoder" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7amrd.ax"
+ "Sonic AVC/H.264 Video Decoder" "AVC/H.264 Video Decoder" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7avcvd.ax"
+ "Sonic Cinemaster?VCD Navigator" "Sonic Cinemaster ® DS VCD Navigator" "Sonic Solutions" "c:\program files (x86)\roxio\cineplayer\filters\cinemastervcdnav.dll"
+ "Sonic Cinemaster® Audio Decoder 4.3" "SonicHDAudio" "Sonic Solutions" "c:\program files (x86)\common files\sonic shared\cinemasteraudio.dll"
+ "Sonic Cinemaster® VideoDecoder 4.3" "CinemasterVideo" "Sonic Solutions" "c:\program files (x86)\common files\sonic shared\cinemastervideo.dll"
+ "Sonic DVD-VR Navigator" "Sonic Cinemaster ® DVD-VR Navigator" "Sonic Solutions" "c:\program files (x86)\roxio\cineplayer\filters\sonicdvddashvrnav.dll"
+ "Sonic HD Demuxer" "Sonic HD Demuxer" "" "c:\program files (x86)\common files\sonic shared\sonichddemuxer.dll"
+ "Sonic HD Nav" "SonicHDNav" "" "c:\program files (x86)\common files\sonic shared\sonichdnav.dll"
+ "Sonic MP4 Demultiplexer" "MPEG-4 Demultiplexer Direct Show Filter" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7mp4demux.ax"
+ "Sonic MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7mpgdmx.ax"
+ "Sonic MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7m2vd.ax"
+ "Sonic MPEG-4 Video Decoder" "MPEG-4 Video Decoder Direct Show Filter" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7m4vd.ax"
+ "Sonic Stream Parser" "MPEG-1/2 Demultiplexer" "Sonic Solutions Inc." "c:\program files (x86)\common files\sonic shared\sonicmc02\sonic7mpgdmx.ax"
+ "SubPicture Encoder" "ROXIO SubPicture Encoder" "Sonic Solutions" "c:\program files (x86)\common files\roxio shared\10.0\mpeg\subpictenc.dll"
+ "VCG Null Renderer 3.0" "VideoCompositing Module" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\videocompositing.ax"
+ "VCG Video Mixer 3.0" "VideoCompositing Module" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\videocompositing.ax"
+ "VCGImageSource" "VideoCompositing Module" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\videocompositing.ax"
+ "VMR9 Wrapper 3.0" "VideoCompositing Module" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\videocompositing.ax"
+ "VW Input Selector" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "VW Video Transition" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
+ "VW Video Transition" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files (x86)\roxio\videocore 10\roxvideo.ax"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Epson Inbox Language Monitor01" "Epson Printer Driver" "SEIKO EPSON CORPORATION" "c:\windows\system32\ep0slm01.dll"
+ "PCL hpz3lwn7" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3lwn7.dll"
"C:\Users\David\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "CPU Meter" "See the current computer CPU and system memory (RAM)." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\Gadget.xml"

I think that was it!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:01 AM

Posted 23 December 2012 - 09:55 PM

Run TDSSkiller again and post the new log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

#7 nwofoxhound

nwofoxhound
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 24 December 2012 - 02:33 PM

TDS KILLER LOG

11:22:30.0936 5052 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:22:31.0526 5052 ============================================================
11:22:31.0526 5052 Current date / time: 2012/12/24 11:22:31.0526
11:22:31.0526 5052 SystemInfo:
11:22:31.0526 5052
11:22:31.0526 5052 OS Version: 6.1.7600 ServicePack: 0.0
11:22:31.0526 5052 Product type: Workstation
11:22:31.0526 5052 ComputerName: DAVID-PC
11:22:31.0526 5052 UserName: David
11:22:31.0526 5052 Windows directory: C:\Windows
11:22:31.0526 5052 System windows directory: C:\Windows
11:22:31.0526 5052 Running under WOW64
11:22:31.0526 5052 Processor architecture: Intel x64
11:22:31.0526 5052 Number of processors: 2
11:22:31.0526 5052 Page size: 0x1000
11:22:31.0526 5052 Boot type: Normal boot
11:22:31.0526 5052 ============================================================
11:22:32.0881 5052 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:22:32.0886 5052 ============================================================
11:22:32.0886 5052 \Device\Harddisk0\DR0:
11:22:32.0886 5052 MBR partitions:
11:22:32.0886 5052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:22:32.0886 5052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
11:22:32.0886 5052 ============================================================
11:22:32.0911 5052 C: <-> \Device\Harddisk0\DR0\Partition2
11:22:32.0911 5052 ============================================================
11:22:32.0911 5052 Initialize success
11:22:32.0911 5052 ============================================================
11:22:51.0561 5088 ============================================================
11:22:51.0561 5088 Scan started
11:22:51.0561 5088 Mode: Manual; TDLFS;
11:22:51.0561 5088 ============================================================
11:22:52.0971 5088 ================ Scan system memory ========================
11:22:52.0971 5088 System memory - ok
11:22:52.0971 5088 ================ Scan services =============================
11:22:53.0271 5088 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:22:53.0271 5088 1394ohci - ok
11:22:53.0321 5088 A2DDA - ok
11:22:53.0341 5088 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
11:22:53.0351 5088 ACPI - ok
11:22:53.0361 5088 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
11:22:53.0361 5088 AcpiPmi - ok
11:22:53.0481 5088 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:22:53.0481 5088 AdobeFlashPlayerUpdateSvc - ok
11:22:53.0511 5088 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:22:53.0521 5088 adp94xx - ok
11:22:53.0551 5088 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:22:53.0561 5088 adpahci - ok
11:22:53.0581 5088 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:22:53.0581 5088 adpu320 - ok
11:22:53.0601 5088 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:22:53.0601 5088 AeLookupSvc - ok
11:22:53.0641 5088 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
11:22:53.0641 5088 AFD - ok
11:22:53.0661 5088 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
11:22:53.0661 5088 agp440 - ok
11:22:53.0671 5088 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:22:53.0671 5088 ALG - ok
11:22:53.0691 5088 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
11:22:53.0691 5088 aliide - ok
11:22:53.0751 5088 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:22:53.0751 5088 AMD External Events Utility - ok
11:22:53.0841 5088 AMD FUEL Service - ok
11:22:53.0841 5088 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
11:22:53.0841 5088 amdide - ok
11:22:53.0871 5088 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
11:22:53.0871 5088 amdiox64 - ok
11:22:53.0891 5088 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:22:53.0901 5088 AmdK8 - ok
11:22:54.0121 5088 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:22:54.0321 5088 amdkmdag - ok
11:22:54.0331 5088 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:22:54.0341 5088 amdkmdap - ok
11:22:54.0361 5088 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:22:54.0361 5088 AmdPPM - ok
11:22:54.0371 5088 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
11:22:54.0371 5088 amdsata - ok
11:22:54.0381 5088 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:22:54.0381 5088 amdsbs - ok
11:22:54.0401 5088 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
11:22:54.0401 5088 amdxata - ok
11:22:54.0451 5088 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:22:54.0451 5088 AODDriver4.01 - ok
11:22:54.0471 5088 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:22:54.0471 5088 AODDriver4.1 - ok
11:22:54.0491 5088 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
11:22:54.0491 5088 AppID - ok
11:22:54.0511 5088 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:22:54.0511 5088 AppIDSvc - ok
11:22:54.0531 5088 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
11:22:54.0531 5088 Appinfo - ok
11:22:54.0631 5088 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:22:54.0631 5088 Apple Mobile Device - ok
11:22:54.0661 5088 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:22:54.0661 5088 AppMgmt - ok
11:22:54.0701 5088 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:22:54.0701 5088 arc - ok
11:22:54.0711 5088 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:22:54.0711 5088 arcsas - ok
11:22:54.0751 5088 aspnet_state - ok
11:22:54.0771 5088 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:22:54.0771 5088 AsyncMac - ok
11:22:54.0781 5088 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
11:22:54.0781 5088 atapi - ok
11:22:55.0001 5088 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:22:55.0051 5088 atikmdag - ok
11:22:55.0091 5088 [ A6FAD7A5ADA4675BA9C9FEAF4E0542BA ] ATITool C:\Windows\system32\DRIVERS\ATITool64.sys
11:22:55.0091 5088 ATITool - ok
11:22:55.0131 5088 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:22:55.0151 5088 AudioEndpointBuilder - ok
11:22:55.0161 5088 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:22:55.0171 5088 AudioSrv - ok
11:22:55.0191 5088 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:22:55.0191 5088 AxInstSV - ok
11:22:55.0211 5088 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:22:55.0221 5088 b06bdrv - ok
11:22:55.0241 5088 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:22:55.0241 5088 b57nd60a - ok
11:22:55.0271 5088 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:22:55.0271 5088 BDESVC - ok
11:22:55.0291 5088 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:22:55.0291 5088 Beep - ok
11:22:55.0341 5088 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
11:22:55.0361 5088 BFE - ok
11:22:55.0391 5088 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
11:22:55.0411 5088 BITS - ok
11:22:55.0421 5088 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:22:55.0421 5088 blbdrive - ok
11:22:55.0481 5088 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:22:55.0481 5088 Bonjour Service - ok
11:22:55.0502 5088 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:22:55.0502 5088 bowser - ok
11:22:55.0512 5088 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:22:55.0512 5088 BrFiltLo - ok
11:22:55.0522 5088 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:22:55.0522 5088 BrFiltUp - ok
11:22:55.0542 5088 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
11:22:55.0542 5088 Browser - ok
11:22:55.0552 5088 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:22:55.0562 5088 Brserid - ok
11:22:55.0572 5088 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:22:55.0572 5088 BrSerWdm - ok
11:22:55.0582 5088 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:22:55.0582 5088 BrUsbMdm - ok
11:22:55.0592 5088 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:22:55.0592 5088 BrUsbSer - ok
11:22:55.0602 5088 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:22:55.0602 5088 BTHMODEM - ok
11:22:55.0612 5088 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:22:55.0622 5088 bthserv - ok
11:22:55.0632 5088 catchme - ok
11:22:55.0652 5088 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:22:55.0652 5088 cdfs - ok
11:22:55.0672 5088 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:22:55.0672 5088 cdrom - ok
11:22:55.0692 5088 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
11:22:55.0702 5088 CertPropSvc - ok
11:22:55.0722 5088 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:22:55.0722 5088 circlass - ok
11:22:55.0732 5088 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:22:55.0742 5088 CLFS - ok
11:22:55.0762 5088 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:22:55.0762 5088 clr_optimization_v2.0.50727_32 - ok
11:22:55.0822 5088 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:22:55.0822 5088 clr_optimization_v2.0.50727_64 - ok
11:22:55.0922 5088 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:22:55.0922 5088 clr_optimization_v4.0.30319_32 - ok
11:22:55.0942 5088 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:22:55.0942 5088 clr_optimization_v4.0.30319_64 - ok
11:22:55.0972 5088 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:22:55.0972 5088 CmBatt - ok
11:22:55.0982 5088 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
11:22:55.0982 5088 cmdide - ok
11:22:56.0002 5088 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
11:22:56.0002 5088 CNG - ok
11:22:56.0072 5088 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:22:56.0072 5088 Compbatt - ok
11:22:56.0082 5088 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:22:56.0082 5088 CompositeBus - ok
11:22:56.0092 5088 COMSysApp - ok
11:22:56.0102 5088 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:22:56.0102 5088 crcdisk - ok
11:22:56.0132 5088 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:22:56.0132 5088 CryptSvc - ok
11:22:56.0162 5088 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
11:22:56.0172 5088 CSC - ok
11:22:56.0192 5088 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
11:22:56.0202 5088 CscService - ok
11:22:56.0232 5088 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:22:56.0232 5088 DcomLaunch - ok
11:22:56.0272 5088 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:22:56.0272 5088 defragsvc - ok
11:22:56.0282 5088 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:22:56.0282 5088 DfsC - ok
11:22:56.0312 5088 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
11:22:56.0312 5088 Dhcp - ok
11:22:56.0322 5088 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:22:56.0322 5088 discache - ok
11:22:56.0382 5088 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:22:56.0382 5088 Disk - ok
11:22:56.0402 5088 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:22:56.0412 5088 Dnscache - ok
11:22:56.0422 5088 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
11:22:56.0422 5088 dot3svc - ok
11:22:56.0452 5088 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
11:22:56.0452 5088 DPS - ok
11:22:56.0472 5088 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:22:56.0472 5088 drmkaud - ok
11:22:56.0502 5088 [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:22:56.0532 5088 DXGKrnl - ok
11:22:56.0562 5088 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:22:56.0562 5088 EapHost - ok
11:22:56.0822 5088 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:22:56.0922 5088 ebdrv - ok
11:22:56.0962 5088 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
11:22:56.0962 5088 EFS - ok
11:22:57.0002 5088 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:22:57.0012 5088 ehRecvr - ok
11:22:57.0042 5088 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:22:57.0052 5088 ehSched - ok
11:22:57.0082 5088 [ 4360D0DDBC501A7DF418E93ED235D848 ] ElRawDisk C:\Windows\system32\drivers\elrawdsk.sys
11:22:57.0082 5088 ElRawDisk - ok
11:22:57.0122 5088 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:22:57.0132 5088 elxstor - ok
11:22:57.0162 5088 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
11:22:57.0162 5088 ErrDev - ok
11:22:57.0202 5088 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:22:57.0202 5088 EventSystem - ok
11:22:57.0212 5088 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:22:57.0222 5088 exfat - ok
11:22:57.0232 5088 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:22:57.0232 5088 fastfat - ok
11:22:57.0272 5088 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
11:22:57.0292 5088 Fax - ok
11:22:57.0292 5088 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:22:57.0292 5088 fdc - ok
11:22:57.0312 5088 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:22:57.0312 5088 fdPHost - ok
11:22:57.0322 5088 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:22:57.0322 5088 FDResPub - ok
11:22:57.0342 5088 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:22:57.0342 5088 FileInfo - ok
11:22:57.0342 5088 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:22:57.0342 5088 Filetrace - ok
11:22:57.0362 5088 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:22:57.0362 5088 flpydisk - ok
11:22:57.0372 5088 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:22:57.0372 5088 FltMgr - ok
11:22:57.0422 5088 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
11:22:57.0442 5088 FontCache - ok
11:22:57.0492 5088 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:22:57.0492 5088 FontCache3.0.0.0 - ok
11:22:57.0502 5088 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:22:57.0502 5088 FsDepends - ok
11:22:57.0522 5088 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:22:57.0522 5088 Fs_Rec - ok
11:22:57.0542 5088 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:22:57.0542 5088 fvevol - ok
11:22:57.0552 5088 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:22:57.0552 5088 gagp30kx - ok
11:22:57.0612 5088 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
11:22:57.0612 5088 GEARAspiWDM - ok
11:22:57.0642 5088 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
11:22:57.0682 5088 gpsvc - ok
11:22:57.0682 5088 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:22:57.0692 5088 hcw85cir - ok
11:22:57.0712 5088 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:22:57.0722 5088 HdAudAddService - ok
11:22:57.0742 5088 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:22:57.0742 5088 HDAudBus - ok
11:22:57.0752 5088 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:22:57.0752 5088 HidBatt - ok
11:22:57.0762 5088 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:22:57.0762 5088 HidBth - ok
11:22:57.0772 5088 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:22:57.0772 5088 HidIr - ok
11:22:57.0792 5088 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:22:57.0792 5088 hidserv - ok
11:22:57.0822 5088 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:22:57.0822 5088 HidUsb - ok
11:22:57.0922 5088 [ A68E6B53BBA0F546821E1586DD4F1CDF ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
11:22:57.0922 5088 HiPatchService - ok
11:22:57.0952 5088 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:22:57.0952 5088 hkmsvc - ok
11:22:57.0972 5088 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:22:57.0972 5088 HomeGroupListener - ok
11:22:57.0992 5088 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:22:58.0002 5088 HomeGroupProvider - ok
11:22:58.0002 5088 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
11:22:58.0012 5088 HpSAMD - ok
11:22:58.0032 5088 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:22:58.0102 5088 HTTP - ok
11:22:58.0112 5088 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:22:58.0112 5088 hwpolicy - ok
11:22:58.0142 5088 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:22:58.0142 5088 i8042prt - ok
11:22:58.0152 5088 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
11:22:58.0162 5088 iaStorV - ok
11:22:58.0222 5088 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:22:58.0222 5088 IDriverT - ok
11:22:58.0272 5088 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:22:58.0282 5088 idsvc - ok
11:22:58.0302 5088 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:22:58.0302 5088 iirsp - ok
11:22:58.0332 5088 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
11:22:58.0352 5088 IKEEXT - ok
11:22:58.0362 5088 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
11:22:58.0362 5088 intelide - ok
11:22:58.0382 5088 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:22:58.0392 5088 intelppm - ok
11:22:58.0522 5088 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:22:58.0522 5088 IntuitUpdateService - ok
11:22:58.0632 5088 [ 1F652D8E2AB4E9677F2162967BFE7FE6 ] iPAHelper.exe C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
11:22:58.0662 5088 iPAHelper.exe - ok
11:22:58.0682 5088 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:22:58.0682 5088 IPBusEnum - ok
11:22:58.0702 5088 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:22:58.0702 5088 IpFilterDriver - ok
11:22:58.0782 5088 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:22:58.0792 5088 iphlpsvc - ok
11:22:58.0812 5088 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:22:58.0812 5088 IPMIDRV - ok
11:22:58.0822 5088 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:22:58.0832 5088 IPNAT - ok
11:22:58.0902 5088 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:22:58.0902 5088 iPod Service - ok
11:22:58.0922 5088 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:22:58.0922 5088 IRENUM - ok
11:22:58.0942 5088 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
11:22:58.0942 5088 isapnp - ok
11:22:58.0962 5088 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:22:58.0962 5088 iScsiPrt - ok
11:22:58.0972 5088 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:22:58.0972 5088 kbdclass - ok
11:22:58.0992 5088 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:22:58.0992 5088 kbdhid - ok
11:22:59.0002 5088 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
11:22:59.0002 5088 KeyIso - ok
11:22:59.0012 5088 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:22:59.0012 5088 KSecDD - ok
11:22:59.0022 5088 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:22:59.0022 5088 KSecPkg - ok
11:22:59.0032 5088 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:22:59.0032 5088 ksthunk - ok
11:22:59.0052 5088 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:22:59.0052 5088 KtmRm - ok
11:22:59.0082 5088 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:22:59.0092 5088 LanmanServer - ok
11:22:59.0112 5088 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:22:59.0112 5088 LanmanWorkstation - ok
11:22:59.0142 5088 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:22:59.0142 5088 lltdio - ok
11:22:59.0162 5088 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:22:59.0172 5088 lltdsvc - ok
11:22:59.0182 5088 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:22:59.0182 5088 lmhosts - ok
11:22:59.0202 5088 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:22:59.0212 5088 LSI_FC - ok
11:22:59.0222 5088 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:22:59.0222 5088 LSI_SAS - ok
11:22:59.0232 5088 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:22:59.0232 5088 LSI_SAS2 - ok
11:22:59.0242 5088 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:22:59.0242 5088 LSI_SCSI - ok
11:22:59.0262 5088 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:22:59.0262 5088 luafv - ok
11:22:59.0332 5088 [ DBC08862A71459E74F7538B432C114CC ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:22:59.0332 5088 MBAMProtector - ok
11:22:59.0562 5088 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:22:59.0612 5088 MBAMService - ok
11:22:59.0712 5088 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
11:22:59.0712 5088 mcdbus - ok
11:22:59.0792 5088 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:22:59.0812 5088 Mcx2Svc - ok
11:22:59.0842 5088 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:22:59.0842 5088 megasas - ok
11:22:59.0932 5088 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:22:59.0932 5088 MegaSR - ok
11:23:00.0022 5088 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:23:00.0022 5088 Microsoft Office Groove Audit Service - ok
11:23:00.0042 5088 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:23:00.0042 5088 MMCSS - ok
11:23:00.0052 5088 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:23:00.0052 5088 Modem - ok
11:23:00.0062 5088 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:23:00.0072 5088 monitor - ok
11:23:00.0082 5088 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:23:00.0082 5088 mouclass - ok
11:23:00.0102 5088 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:23:00.0112 5088 mouhid - ok
11:23:00.0112 5088 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:23:00.0112 5088 mountmgr - ok
11:23:00.0192 5088 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:23:00.0192 5088 MozillaMaintenance - ok
11:23:00.0202 5088 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
11:23:00.0202 5088 mpio - ok
11:23:00.0212 5088 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:23:00.0212 5088 mpsdrv - ok
11:23:00.0252 5088 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:23:00.0322 5088 MpsSvc - ok
11:23:00.0352 5088 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:23:00.0352 5088 MRxDAV - ok
11:23:00.0372 5088 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:23:00.0372 5088 mrxsmb - ok
11:23:00.0382 5088 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:23:00.0392 5088 mrxsmb10 - ok
11:23:00.0402 5088 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:23:00.0402 5088 mrxsmb20 - ok
11:23:00.0412 5088 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
11:23:00.0412 5088 msahci - ok
11:23:00.0422 5088 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
11:23:00.0422 5088 msdsm - ok
11:23:00.0442 5088 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:23:00.0442 5088 MSDTC - ok
11:23:00.0452 5088 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:23:00.0452 5088 Msfs - ok
11:23:00.0472 5088 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:23:00.0472 5088 mshidkmdf - ok
11:23:00.0482 5088 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
11:23:00.0482 5088 msisadrv - ok
11:23:00.0512 5088 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:23:00.0522 5088 MSiSCSI - ok
11:23:00.0522 5088 msiserver - ok
11:23:00.0542 5088 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:23:00.0542 5088 MSKSSRV - ok
11:23:00.0572 5088 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:23:00.0572 5088 MSPCLOCK - ok
11:23:00.0572 5088 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:23:00.0572 5088 MSPQM - ok
11:23:00.0582 5088 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:23:00.0592 5088 MsRPC - ok
11:23:00.0602 5088 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:23:00.0602 5088 mssmbios - ok
11:23:00.0602 5088 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:23:00.0612 5088 MSTEE - ok
11:23:00.0622 5088 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:23:00.0632 5088 MTConfig - ok
11:23:00.0652 5088 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:23:00.0652 5088 Mup - ok
11:23:00.0682 5088 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
11:23:00.0682 5088 napagent - ok
11:23:00.0712 5088 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:23:00.0722 5088 NativeWifiP - ok
11:23:00.0762 5088 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:23:00.0792 5088 NDIS - ok
11:23:00.0822 5088 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:23:00.0822 5088 NdisCap - ok
11:23:00.0842 5088 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:23:00.0842 5088 NdisTapi - ok
11:23:00.0862 5088 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:23:00.0862 5088 Ndisuio - ok
11:23:00.0872 5088 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:23:00.0872 5088 NdisWan - ok
11:23:00.0872 5088 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:23:00.0872 5088 NDProxy - ok
11:23:00.0902 5088 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:23:00.0902 5088 NetBIOS - ok
11:23:00.0912 5088 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:23:00.0922 5088 NetBT - ok
11:23:00.0952 5088 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
11:23:00.0952 5088 Netlogon - ok
11:23:00.0992 5088 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:23:00.0992 5088 Netman - ok
11:23:01.0042 5088 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:23:01.0042 5088 netprofm - ok
11:23:01.0072 5088 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:23:01.0072 5088 NetTcpPortSharing - ok
11:23:01.0102 5088 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:23:01.0102 5088 nfrd960 - ok
11:23:01.0112 5088 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:23:01.0122 5088 NlaSvc - ok
11:23:01.0142 5088 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:23:01.0152 5088 Npfs - ok
11:23:01.0162 5088 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:23:01.0162 5088 nsi - ok
11:23:01.0162 5088 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:23:01.0162 5088 nsiproxy - ok
11:23:01.0212 5088 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:23:01.0252 5088 Ntfs - ok
11:23:01.0262 5088 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:23:01.0262 5088 Null - ok
11:23:01.0272 5088 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
11:23:01.0272 5088 nvraid - ok
11:23:01.0322 5088 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
11:23:01.0322 5088 nvstor - ok
11:23:01.0362 5088 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
11:23:01.0362 5088 nv_agp - ok
11:23:01.0482 5088 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:23:01.0492 5088 odserv - ok
11:23:01.0512 5088 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:23:01.0512 5088 ohci1394 - ok
11:23:01.0562 5088 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:23:01.0562 5088 ose - ok
11:23:01.0582 5088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:23:01.0592 5088 p2pimsvc - ok
11:23:01.0612 5088 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:23:01.0622 5088 p2psvc - ok
11:23:01.0642 5088 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:23:01.0642 5088 Parport - ok
11:23:01.0652 5088 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:23:01.0652 5088 partmgr - ok
11:23:01.0672 5088 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:23:01.0672 5088 PcaSvc - ok
11:23:01.0742 5088 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
11:23:01.0752 5088 pci - ok
11:23:01.0762 5088 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
11:23:01.0762 5088 pciide - ok
11:23:01.0772 5088 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:23:01.0772 5088 pcmcia - ok
11:23:01.0782 5088 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:23:01.0782 5088 pcw - ok
11:23:01.0802 5088 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:23:01.0802 5088 PEAUTH - ok
11:23:01.0852 5088 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:23:01.0892 5088 PeerDistSvc - ok
11:23:01.0942 5088 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:23:01.0942 5088 PerfHost - ok
11:23:01.0982 5088 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
11:23:02.0012 5088 pla - ok
11:23:02.0042 5088 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:23:02.0042 5088 PlugPlay - ok
11:23:02.0062 5088 PnkBstrA - ok
11:23:02.0072 5088 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:23:02.0072 5088 PNRPAutoReg - ok
11:23:02.0082 5088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:23:02.0092 5088 PNRPsvc - ok
11:23:02.0122 5088 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:23:02.0132 5088 PolicyAgent - ok
11:23:02.0142 5088 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:23:02.0142 5088 Power - ok
11:23:02.0182 5088 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:23:02.0182 5088 PptpMiniport - ok
11:23:02.0192 5088 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:23:02.0192 5088 Processor - ok
11:23:02.0202 5088 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
11:23:02.0212 5088 ProfSvc - ok
11:23:02.0222 5088 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
11:23:02.0222 5088 ProtectedStorage - ok
11:23:02.0252 5088 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:23:02.0252 5088 Psched - ok
11:23:02.0302 5088 [ 05F46042208E515B9C240AAFC54E7AA2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:23:02.0302 5088 PxHlpa64 - ok
11:23:02.0342 5088 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:23:02.0382 5088 ql2300 - ok
11:23:02.0392 5088 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:23:02.0392 5088 ql40xx - ok
11:23:02.0412 5088 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:23:02.0412 5088 QWAVE - ok
11:23:02.0422 5088 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:23:02.0422 5088 QWAVEdrv - ok
11:23:02.0432 5088 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:23:02.0432 5088 RasAcd - ok
11:23:02.0442 5088 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:23:02.0452 5088 RasAgileVpn - ok
11:23:02.0452 5088 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:23:02.0462 5088 RasAuto - ok
11:23:02.0472 5088 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:23:02.0472 5088 Rasl2tp - ok
11:23:02.0482 5088 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
11:23:02.0492 5088 RasMan - ok
11:23:02.0502 5088 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:23:02.0502 5088 RasPppoe - ok
11:23:02.0522 5088 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:23:02.0522 5088 RasSstp - ok
11:23:02.0532 5088 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:23:02.0532 5088 rdbss - ok
11:23:02.0542 5088 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:23:02.0542 5088 rdpbus - ok
11:23:02.0562 5088 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:23:02.0562 5088 RDPCDD - ok
11:23:02.0582 5088 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:23:02.0592 5088 RDPDR - ok
11:23:02.0612 5088 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:23:02.0612 5088 RDPENCDD - ok
11:23:02.0632 5088 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:23:02.0632 5088 RDPREFMP - ok
11:23:02.0652 5088 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:23:02.0652 5088 RDPWD - ok
11:23:02.0672 5088 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:23:02.0672 5088 rdyboost - ok
11:23:02.0712 5088 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:23:02.0712 5088 RemoteAccess - ok
11:23:02.0742 5088 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:23:02.0752 5088 RemoteRegistry - ok
11:23:02.0832 5088 [ 85B5159D86AC06AD744EE9D3C288AEEE ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
11:23:02.0832 5088 Roxio UPnP Renderer 10 - ok
11:23:02.0892 5088 [ 0DB43CAF2D77B809A86E9D7E1BCC6D76 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
11:23:02.0902 5088 Roxio Upnp Server 10 - ok
11:23:02.0992 5088 [ 7958AFFC64E4F284068EB6575CC64DCF ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
11:23:02.0992 5088 RoxLiveShare10 - ok
11:23:03.0062 5088 [ ED69CD4AB4BE607ABF768A60E4AC79DA ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
11:23:03.0072 5088 RoxMediaDB10 - ok
11:23:03.0112 5088 [ 0DA14EE2C0E274FEA5A6545181851C16 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
11:23:03.0112 5088 RoxWatch10 - ok
11:23:03.0122 5088 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:23:03.0122 5088 RpcEptMapper - ok
11:23:03.0142 5088 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:23:03.0152 5088 RpcLocator - ok
11:23:03.0172 5088 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
11:23:03.0182 5088 RpcSs - ok
11:23:03.0202 5088 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:23:03.0212 5088 rspndr - ok
11:23:03.0242 5088 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:23:03.0252 5088 RTL8167 - ok
11:23:03.0252 5088 RxFilter - ok
11:23:03.0282 5088 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
11:23:03.0282 5088 s3cap - ok
11:23:03.0292 5088 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
11:23:03.0292 5088 SamSs - ok
11:23:03.0312 5088 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
11:23:03.0312 5088 sbp2port - ok
11:23:03.0372 5088 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:23:03.0402 5088 SBSDWSCService - ok
11:23:03.0432 5088 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:23:03.0432 5088 SCardSvr - ok
11:23:03.0442 5088 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:23:03.0442 5088 scfilter - ok
11:23:03.0482 5088 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
11:23:03.0512 5088 Schedule - ok
11:23:03.0522 5088 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:23:03.0522 5088 SCPolicySvc - ok
11:23:03.0542 5088 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:23:03.0542 5088 SDRSVC - ok
11:23:03.0562 5088 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:23:03.0562 5088 secdrv - ok
11:23:03.0572 5088 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
11:23:03.0572 5088 seclogon - ok
11:23:03.0602 5088 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:23:03.0602 5088 SENS - ok
11:23:03.0612 5088 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:23:03.0612 5088 SensrSvc - ok
11:23:03.0642 5088 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:23:03.0642 5088 Serenum - ok
11:23:03.0712 5088 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:23:03.0712 5088 Serial - ok
11:23:03.0722 5088 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:23:03.0722 5088 sermouse - ok
11:23:03.0732 5088 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
11:23:03.0742 5088 SessionEnv - ok
11:23:03.0752 5088 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:23:03.0752 5088 sffdisk - ok
11:23:03.0752 5088 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:23:03.0752 5088 sffp_mmc - ok
11:23:03.0752 5088 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:23:03.0762 5088 sffp_sd - ok
11:23:03.0762 5088 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:23:03.0772 5088 sfloppy - ok
11:23:03.0792 5088 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:23:03.0792 5088 SharedAccess - ok
11:23:03.0822 5088 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:23:03.0822 5088 ShellHWDetection - ok
11:23:03.0832 5088 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:23:03.0832 5088 SiSRaid2 - ok
11:23:03.0852 5088 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:23:03.0852 5088 SiSRaid4 - ok
11:23:03.0862 5088 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:23:03.0872 5088 Smb - ok
11:23:03.0902 5088 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:23:03.0902 5088 SNMPTRAP - ok
11:23:03.0912 5088 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:23:03.0912 5088 spldr - ok
11:23:03.0932 5088 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
11:23:03.0932 5088 Spooler - ok
11:23:04.0012 5088 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
11:23:04.0082 5088 sppsvc - ok
11:23:04.0092 5088 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:23:04.0092 5088 sppuinotify - ok
11:23:04.0112 5088 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:23:04.0122 5088 srv - ok
11:23:04.0132 5088 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:23:04.0132 5088 srv2 - ok
11:23:04.0152 5088 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:23:04.0152 5088 srvnet - ok
11:23:04.0182 5088 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:23:04.0182 5088 SSDPSRV - ok
11:23:04.0202 5088 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:23:04.0202 5088 SstpSvc - ok
11:23:04.0222 5088 Steam Client Service - ok
11:23:04.0232 5088 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:23:04.0232 5088 stexstor - ok
11:23:04.0262 5088 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
11:23:04.0272 5088 stisvc - ok
11:23:04.0282 5088 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
11:23:04.0282 5088 storflt - ok
11:23:04.0292 5088 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
11:23:04.0292 5088 storvsc - ok
11:23:04.0302 5088 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:23:04.0302 5088 swenum - ok
11:23:04.0392 5088 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:23:04.0402 5088 SwitchBoard - ok
11:23:04.0422 5088 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:23:04.0432 5088 swprv - ok
11:23:04.0482 5088 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
11:23:04.0532 5088 SysMain - ok
11:23:04.0552 5088 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:23:04.0552 5088 TabletInputService - ok
11:23:04.0572 5088 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
11:23:04.0582 5088 TapiSrv - ok
11:23:04.0592 5088 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:23:04.0592 5088 TBS - ok
11:23:04.0642 5088 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:23:04.0712 5088 Tcpip - ok
11:23:04.0782 5088 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:23:04.0782 5088 TCPIP6 - ok
11:23:04.0842 5088 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:23:04.0842 5088 tcpipreg - ok
11:23:04.0852 5088 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:23:04.0852 5088 TDPIPE - ok
11:23:04.0862 5088 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:23:04.0862 5088 TDTCP - ok
11:23:04.0882 5088 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:23:04.0882 5088 tdx - ok
11:23:04.0892 5088 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:23:04.0892 5088 TermDD - ok
11:23:04.0922 5088 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
11:23:04.0932 5088 TermService - ok
11:23:04.0952 5088 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:23:04.0952 5088 Themes - ok
11:23:04.0962 5088 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:23:04.0962 5088 THREADORDER - ok
11:23:04.0982 5088 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:23:04.0982 5088 TrkWks - ok
11:23:05.0022 5088 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:23:05.0022 5088 TrustedInstaller - ok
11:23:05.0032 5088 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:23:05.0032 5088 tssecsrv - ok
11:23:05.0052 5088 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:23:05.0052 5088 tunnel - ok
11:23:05.0062 5088 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:23:05.0062 5088 uagp35 - ok
11:23:05.0072 5088 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:23:05.0072 5088 udfs - ok
11:23:05.0092 5088 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:23:05.0092 5088 UI0Detect - ok
11:23:05.0102 5088 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
11:23:05.0112 5088 uliagpkx - ok
11:23:05.0122 5088 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:23:05.0132 5088 umbus - ok
11:23:05.0132 5088 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:23:05.0142 5088 UmPass - ok
11:23:05.0162 5088 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
11:23:05.0162 5088 UmRdpService - ok
11:23:05.0182 5088 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:23:05.0192 5088 upnphost - ok
11:23:05.0232 5088 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:23:05.0242 5088 USBAAPL64 - ok
11:23:05.0252 5088 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:23:05.0252 5088 usbccgp - ok
11:23:05.0272 5088 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
11:23:05.0272 5088 usbcir - ok
11:23:05.0272 5088 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:23:05.0272 5088 usbehci - ok
11:23:05.0292 5088 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:23:05.0302 5088 usbhub - ok
11:23:05.0332 5088 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:23:05.0332 5088 usbohci - ok
11:23:05.0342 5088 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:23:05.0342 5088 usbprint - ok
11:23:05.0392 5088 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:23:05.0392 5088 USBSTOR - ok
11:23:05.0412 5088 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:23:05.0412 5088 usbuhci - ok
11:23:05.0422 5088 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:23:05.0422 5088 UxSms - ok
11:23:05.0432 5088 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
11:23:05.0432 5088 VaultSvc - ok
11:23:05.0452 5088 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
11:23:05.0452 5088 vdrvroot - ok
11:23:05.0462 5088 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
11:23:05.0472 5088 vds - ok
11:23:05.0492 5088 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:23:05.0492 5088 vga - ok
11:23:05.0492 5088 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:23:05.0502 5088 VgaSave - ok
11:23:05.0512 5088 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
11:23:05.0522 5088 vhdmp - ok
11:23:05.0612 5088 [ 8F69C38A8BA725F891F26AAC8888696E ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
11:23:05.0612 5088 VIAHdAudAddService - ok
11:23:05.0682 5088 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
11:23:05.0682 5088 viaide - ok
11:23:05.0702 5088 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
11:23:05.0702 5088 vmbus - ok
11:23:05.0712 5088 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
11:23:05.0712 5088 VMBusHID - ok
11:23:05.0722 5088 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
11:23:05.0722 5088 volmgr - ok
11:23:05.0732 5088 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:23:05.0742 5088 volmgrx - ok
11:23:05.0782 5088 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
11:23:05.0782 5088 volsnap - ok
11:23:05.0802 5088 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:23:05.0802 5088 vsmraid - ok
11:23:05.0852 5088 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
11:23:05.0882 5088 VSS - ok
11:23:05.0902 5088 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:23:05.0902 5088 vwifibus - ok
11:23:05.0912 5088 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:23:05.0922 5088 W32Time - ok
11:23:05.0922 5088 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:23:05.0932 5088 WacomPen - ok
11:23:05.0952 5088 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:23:05.0952 5088 WANARP - ok
11:23:05.0962 5088 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:23:05.0962 5088 Wanarpv6 - ok
11:23:06.0002 5088 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
11:23:06.0042 5088 wbengine - ok
11:23:06.0052 5088 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:23:06.0052 5088 WbioSrvc - ok
11:23:06.0062 5088 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:23:06.0072 5088 wcncsvc - ok
11:23:06.0082 5088 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:23:06.0082 5088 WcsPlugInService - ok
11:23:06.0102 5088 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:23:06.0102 5088 Wd - ok
11:23:06.0122 5088 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:23:06.0132 5088 Wdf01000 - ok
11:23:06.0142 5088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:23:06.0152 5088 WdiServiceHost - ok
11:23:06.0152 5088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:23:06.0152 5088 WdiSystemHost - ok
11:23:06.0162 5088 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
11:23:06.0172 5088 WebClient - ok
11:23:06.0182 5088 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:23:06.0182 5088 Wecsvc - ok
11:23:06.0192 5088 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:23:06.0192 5088 wercplsupport - ok
11:23:06.0202 5088 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:23:06.0212 5088 WerSvc - ok
11:23:06.0222 5088 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:23:06.0222 5088 WfpLwf - ok
11:23:06.0222 5088 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:23:06.0232 5088 WIMMount - ok
11:23:06.0232 5088 WinHttpAutoProxySvc - ok
11:23:06.0282 5088 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:23:06.0282 5088 Winmgmt - ok
11:23:06.0332 5088 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
11:23:06.0362 5088 WinRM - ok
11:23:06.0422 5088 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:23:06.0422 5088 WinUsb - ok
11:23:06.0452 5088 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:23:06.0462 5088 Wlansvc - ok
11:23:06.0472 5088 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:23:06.0472 5088 WmiAcpi - ok
11:23:06.0492 5088 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:23:06.0492 5088 wmiApSrv - ok
11:23:06.0512 5088 WMPNetworkSvc - ok
11:23:06.0532 5088 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:23:06.0532 5088 WPCSvc - ok
11:23:06.0542 5088 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:23:06.0542 5088 WPDBusEnum - ok
11:23:06.0562 5088 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:23:06.0562 5088 ws2ifsl - ok
11:23:06.0572 5088 WSearch - ok
11:23:06.0662 5088 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:23:06.0732 5088 wuauserv - ok
11:23:06.0752 5088 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:23:06.0752 5088 WudfPf - ok
11:23:06.0782 5088 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:23:06.0782 5088 WUDFRd - ok
11:23:06.0812 5088 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:23:06.0812 5088 wudfsvc - ok
11:23:06.0822 5088 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:23:06.0832 5088 WwanSvc - ok
11:23:06.0862 5088 ================ Scan global ===============================
11:23:06.0872 5088 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:23:06.0912 5088 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
11:23:06.0942 5088 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
11:23:06.0972 5088 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:23:06.0982 5088 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:23:06.0992 5088 [Global] - ok
11:23:06.0992 5088 ================ Scan MBR ==================================
11:23:07.0052 5088 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:23:07.0342 5088 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:23:07.0342 5088 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:23:07.0342 5088 ================ Scan VBR ==================================
11:23:07.0352 5088 [ 4EFD2A7BC0CE2CB616E25C763BFDDCC2 ] \Device\Harddisk0\DR0\Partition1
11:23:07.0352 5088 \Device\Harddisk0\DR0\Partition1 - ok
11:23:07.0372 5088 [ 17E0428092345BACAA5C413CA8DB57B7 ] \Device\Harddisk0\DR0\Partition2
11:23:07.0372 5088 \Device\Harddisk0\DR0\Partition2 - ok
11:23:07.0372 5088 ============================================================
11:23:07.0372 5088 Scan finished
11:23:07.0372 5088 ============================================================
11:23:07.0382 5080 Detected object count: 1
11:23:07.0382 5080 Actual detected object count: 1
11:23:19.0203 5080 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:23:19.0203 5080 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:23:48.0031 4936 Deinitialize success

SVCES REPAIR LOG:

Log Opened: 2012-12-24 @ 11:24:37
11:24:37 - -----------------
11:24:37 - | Begin Logging |
11:24:37 - -----------------
11:24:37 - Fix started on a WIN_7 X64 computer
11:24:37 - Prep in progress. Please Wait.
11:24:38 - Prep complete
11:24:38 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
11:24:39 - Services Repair Complete.
11:24:53 - Reboot Initiated

FSS LOG:

Farbar Service Scanner Version: 10-12-2012
Ran by David (administrator) on 24-12-2012 at 11:32:25
Running from "C:\Users\David\Desktop"
Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 15:25] - [2009-07-13 17:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Merry Xmas!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:01 AM

Posted 25 December 2012 - 12:34 AM

Happy christmas :)

Run TDSSkiller again and select DELETE for this entry

11:23:19.0203 5080 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Farbar service scanner log looks incomplete.Please post the entire log

#9 nwofoxhound

nwofoxhound
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 31 December 2012 - 02:48 PM

Happy New Year!

Here's the final logs:

FSS

Farbar Service Scanner Version: 10-12-2012
Ran by David (administrator) on 31-12-2012 at 11:43:55
Running from "C:\Users\David\Desktop"
Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 15:25] - [2009-07-13 17:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

TDS KILLER deleted the one threat that was found:

11:44:09.0023 4116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:44:09.0647 4116 ============================================================
11:44:09.0647 4116 Current date / time: 2012/12/31 11:44:09.0647
11:44:09.0647 4116 SystemInfo:
11:44:09.0647 4116
11:44:09.0647 4116 OS Version: 6.1.7600 ServicePack: 0.0
11:44:09.0647 4116 Product type: Workstation
11:44:09.0647 4116 ComputerName: DAVID-PC
11:44:09.0647 4116 UserName: David
11:44:09.0647 4116 Windows directory: C:\Windows
11:44:09.0647 4116 System windows directory: C:\Windows
11:44:09.0647 4116 Running under WOW64
11:44:09.0647 4116 Processor architecture: Intel x64
11:44:09.0647 4116 Number of processors: 2
11:44:09.0647 4116 Page size: 0x1000
11:44:09.0647 4116 Boot type: Normal boot
11:44:09.0647 4116 ============================================================
11:44:11.0785 4116 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:11.0785 4116 ============================================================
11:44:11.0785 4116 \Device\Harddisk0\DR0:
11:44:11.0785 4116 MBR partitions:
11:44:11.0785 4116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:44:11.0785 4116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
11:44:11.0785 4116 ============================================================
11:44:11.0816 4116 C: <-> \Device\Harddisk0\DR0\Partition2
11:44:11.0816 4116 ============================================================
11:44:11.0816 4116 Initialize success
11:44:11.0816 4116 ============================================================
11:44:18.0961 2168 ============================================================
11:44:18.0961 2168 Scan started
11:44:18.0961 2168 Mode: Manual; TDLFS;
11:44:18.0961 2168 ============================================================
11:44:20.0350 2168 ================ Scan system memory ========================
11:44:20.0350 2168 System memory - ok
11:44:20.0350 2168 ================ Scan services =============================
11:44:20.0475 2168 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:44:20.0475 2168 1394ohci - ok
11:44:20.0522 2168 A2DDA - ok
11:44:20.0537 2168 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
11:44:20.0553 2168 ACPI - ok
11:44:20.0553 2168 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
11:44:20.0553 2168 AcpiPmi - ok
11:44:20.0678 2168 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:44:20.0678 2168 AdobeFlashPlayerUpdateSvc - ok
11:44:20.0709 2168 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:44:20.0724 2168 adp94xx - ok
11:44:20.0724 2168 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:44:20.0724 2168 adpahci - ok
11:44:20.0756 2168 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:44:20.0756 2168 adpu320 - ok
11:44:20.0771 2168 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:44:20.0771 2168 AeLookupSvc - ok
11:44:20.0802 2168 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
11:44:20.0802 2168 AFD - ok
11:44:20.0818 2168 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
11:44:20.0818 2168 agp440 - ok
11:44:20.0834 2168 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:44:20.0834 2168 ALG - ok
11:44:20.0834 2168 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
11:44:20.0849 2168 aliide - ok
11:44:20.0927 2168 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:44:20.0927 2168 AMD External Events Utility - ok
11:44:21.0083 2168 AMD FUEL Service - ok
11:44:21.0083 2168 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
11:44:21.0083 2168 amdide - ok
11:44:21.0099 2168 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
11:44:21.0099 2168 amdiox64 - ok
11:44:21.0130 2168 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:44:21.0130 2168 AmdK8 - ok
11:44:21.0317 2168 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:44:21.0489 2168 amdkmdag - ok
11:44:21.0504 2168 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:44:21.0504 2168 amdkmdap - ok
11:44:21.0536 2168 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:44:21.0536 2168 AmdPPM - ok
11:44:21.0536 2168 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
11:44:21.0536 2168 amdsata - ok
11:44:21.0551 2168 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:44:21.0551 2168 amdsbs - ok
11:44:21.0567 2168 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
11:44:21.0567 2168 amdxata - ok
11:44:21.0645 2168 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:44:21.0660 2168 AODDriver4.01 - ok
11:44:21.0660 2168 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:44:21.0660 2168 AODDriver4.1 - ok
11:44:21.0676 2168 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
11:44:21.0676 2168 AppID - ok
11:44:21.0692 2168 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:44:21.0692 2168 AppIDSvc - ok
11:44:21.0707 2168 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
11:44:21.0707 2168 Appinfo - ok
11:44:21.0770 2168 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:44:21.0785 2168 Apple Mobile Device - ok
11:44:21.0801 2168 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:44:21.0801 2168 AppMgmt - ok
11:44:21.0832 2168 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:44:21.0832 2168 arc - ok
11:44:21.0848 2168 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:44:21.0848 2168 arcsas - ok
11:44:21.0894 2168 aspnet_state - ok
11:44:21.0910 2168 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:44:21.0910 2168 AsyncMac - ok
11:44:21.0926 2168 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
11:44:21.0926 2168 atapi - ok
11:44:22.0191 2168 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:44:22.0238 2168 atikmdag - ok
11:44:22.0284 2168 [ A6FAD7A5ADA4675BA9C9FEAF4E0542BA ] ATITool C:\Windows\system32\DRIVERS\ATITool64.sys
11:44:22.0284 2168 ATITool - ok
11:44:22.0316 2168 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:44:22.0331 2168 AudioEndpointBuilder - ok
11:44:22.0347 2168 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:44:22.0362 2168 AudioSrv - ok
11:44:22.0378 2168 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:44:22.0378 2168 AxInstSV - ok
11:44:22.0409 2168 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:44:22.0409 2168 b06bdrv - ok
11:44:22.0440 2168 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:44:22.0456 2168 b57nd60a - ok
11:44:22.0472 2168 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:44:22.0472 2168 BDESVC - ok
11:44:22.0487 2168 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:44:22.0487 2168 Beep - ok
11:44:22.0518 2168 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
11:44:22.0518 2168 BFE - ok
11:44:22.0565 2168 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
11:44:22.0565 2168 BITS - ok
11:44:22.0581 2168 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:44:22.0581 2168 blbdrive - ok
11:44:22.0643 2168 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:44:22.0659 2168 Bonjour Service - ok
11:44:22.0674 2168 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:44:22.0674 2168 bowser - ok
11:44:22.0690 2168 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:44:22.0690 2168 BrFiltLo - ok
11:44:22.0706 2168 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:44:22.0706 2168 BrFiltUp - ok
11:44:22.0721 2168 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
11:44:22.0721 2168 Browser - ok
11:44:22.0752 2168 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:44:22.0752 2168 Brserid - ok
11:44:22.0768 2168 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:44:22.0768 2168 BrSerWdm - ok
11:44:22.0784 2168 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:44:22.0784 2168 BrUsbMdm - ok
11:44:22.0799 2168 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:44:22.0799 2168 BrUsbSer - ok
11:44:22.0815 2168 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:44:22.0815 2168 BTHMODEM - ok
11:44:22.0830 2168 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:44:22.0830 2168 bthserv - ok
11:44:22.0846 2168 catchme - ok
11:44:22.0862 2168 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:44:22.0862 2168 cdfs - ok
11:44:22.0877 2168 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:44:22.0893 2168 cdrom - ok
11:44:22.0908 2168 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
11:44:22.0908 2168 CertPropSvc - ok
11:44:22.0924 2168 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:44:22.0924 2168 circlass - ok
11:44:22.0940 2168 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:44:22.0955 2168 CLFS - ok
11:44:22.0986 2168 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:44:23.0002 2168 clr_optimization_v2.0.50727_32 - ok
11:44:23.0314 2168 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:44:23.0314 2168 clr_optimization_v2.0.50727_64 - ok
11:44:23.0408 2168 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:44:23.0408 2168 clr_optimization_v4.0.30319_32 - ok
11:44:23.0439 2168 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:44:23.0439 2168 clr_optimization_v4.0.30319_64 - ok
11:44:23.0470 2168 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:44:23.0470 2168 CmBatt - ok
11:44:23.0470 2168 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
11:44:23.0470 2168 cmdide - ok
11:44:23.0486 2168 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
11:44:23.0501 2168 CNG - ok
11:44:23.0501 2168 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:44:23.0501 2168 Compbatt - ok
11:44:23.0517 2168 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:44:23.0517 2168 CompositeBus - ok
11:44:23.0517 2168 COMSysApp - ok
11:44:23.0532 2168 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:44:23.0532 2168 crcdisk - ok
11:44:23.0564 2168 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:44:23.0579 2168 CryptSvc - ok
11:44:23.0610 2168 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
11:44:23.0626 2168 CSC - ok
11:44:23.0642 2168 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
11:44:23.0642 2168 CscService - ok
11:44:23.0673 2168 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:44:23.0673 2168 DcomLaunch - ok
11:44:23.0704 2168 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:44:23.0704 2168 defragsvc - ok
11:44:23.0720 2168 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:44:23.0720 2168 DfsC - ok
11:44:23.0751 2168 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
11:44:23.0751 2168 Dhcp - ok
11:44:23.0751 2168 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:44:23.0751 2168 discache - ok
11:44:23.0813 2168 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:44:23.0813 2168 Disk - ok
11:44:23.0829 2168 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:44:23.0829 2168 Dnscache - ok
11:44:23.0844 2168 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
11:44:23.0860 2168 dot3svc - ok
11:44:23.0860 2168 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
11:44:23.0860 2168 DPS - ok
11:44:23.0891 2168 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:44:23.0891 2168 drmkaud - ok
11:44:23.0907 2168 [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:44:23.0938 2168 DXGKrnl - ok
11:44:23.0954 2168 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:44:23.0954 2168 EapHost - ok
11:44:24.0047 2168 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:44:24.0125 2168 ebdrv - ok
11:44:24.0156 2168 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
11:44:24.0156 2168 EFS - ok
11:44:24.0203 2168 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:44:24.0219 2168 ehRecvr - ok
11:44:24.0281 2168 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:44:24.0281 2168 ehSched - ok
11:44:24.0344 2168 [ 4360D0DDBC501A7DF418E93ED235D848 ] ElRawDisk C:\Windows\system32\drivers\elrawdsk.sys
11:44:24.0344 2168 ElRawDisk - ok
11:44:24.0375 2168 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:44:24.0375 2168 elxstor - ok
11:44:24.0390 2168 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
11:44:24.0390 2168 ErrDev - ok
11:44:24.0422 2168 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:44:24.0422 2168 EventSystem - ok
11:44:24.0437 2168 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:44:24.0437 2168 exfat - ok
11:44:24.0453 2168 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:44:24.0453 2168 fastfat - ok
11:44:24.0484 2168 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
11:44:24.0500 2168 Fax - ok
11:44:24.0515 2168 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:44:24.0515 2168 fdc - ok
11:44:24.0531 2168 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:44:24.0531 2168 fdPHost - ok
11:44:24.0546 2168 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:44:24.0546 2168 FDResPub - ok
11:44:24.0546 2168 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:44:24.0562 2168 FileInfo - ok
11:44:24.0562 2168 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:44:24.0562 2168 Filetrace - ok
11:44:24.0578 2168 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:44:24.0578 2168 flpydisk - ok
11:44:24.0593 2168 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:44:24.0609 2168 FltMgr - ok
11:44:24.0624 2168 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
11:44:24.0656 2168 FontCache - ok
11:44:24.0702 2168 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:44:24.0702 2168 FontCache3.0.0.0 - ok
11:44:24.0718 2168 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:44:24.0718 2168 FsDepends - ok
11:44:24.0734 2168 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:44:24.0734 2168 Fs_Rec - ok
11:44:24.0749 2168 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:44:24.0749 2168 fvevol - ok
11:44:24.0780 2168 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:44:24.0780 2168 gagp30kx - ok
11:44:24.0827 2168 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
11:44:24.0827 2168 GEARAspiWDM - ok
11:44:24.0874 2168 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
11:44:24.0890 2168 gpsvc - ok
11:44:24.0905 2168 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:44:24.0905 2168 hcw85cir - ok
11:44:24.0936 2168 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:44:24.0952 2168 HdAudAddService - ok
11:44:24.0968 2168 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:44:24.0968 2168 HDAudBus - ok
11:44:24.0983 2168 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:44:24.0983 2168 HidBatt - ok
11:44:24.0999 2168 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:44:24.0999 2168 HidBth - ok
11:44:24.0999 2168 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:44:24.0999 2168 HidIr - ok
11:44:25.0014 2168 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:44:25.0014 2168 hidserv - ok
11:44:25.0030 2168 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:44:25.0030 2168 HidUsb - ok
11:44:25.0139 2168 [ A68E6B53BBA0F546821E1586DD4F1CDF ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
11:44:25.0139 2168 HiPatchService - ok
11:44:25.0155 2168 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:44:25.0155 2168 hkmsvc - ok
11:44:25.0186 2168 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:44:25.0186 2168 HomeGroupListener - ok
11:44:25.0202 2168 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:44:25.0202 2168 HomeGroupProvider - ok
11:44:25.0217 2168 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
11:44:25.0233 2168 HpSAMD - ok
11:44:25.0248 2168 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:44:25.0264 2168 HTTP - ok
11:44:25.0280 2168 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:44:25.0280 2168 hwpolicy - ok
11:44:25.0311 2168 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:44:25.0311 2168 i8042prt - ok
11:44:25.0389 2168 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
11:44:25.0420 2168 iaStorV - ok
11:44:25.0545 2168 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:44:25.0576 2168 IDriverT - ok
11:44:25.0685 2168 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:44:25.0716 2168 idsvc - ok
11:44:25.0748 2168 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:44:25.0763 2168 iirsp - ok
11:44:25.0794 2168 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
11:44:25.0794 2168 IKEEXT - ok
11:44:25.0810 2168 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
11:44:25.0810 2168 intelide - ok
11:44:25.0826 2168 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:44:25.0826 2168 intelppm - ok
11:44:25.0982 2168 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:44:25.0982 2168 IntuitUpdateService - ok
11:44:26.0106 2168 [ 1F652D8E2AB4E9677F2162967BFE7FE6 ] iPAHelper.exe C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
11:44:26.0122 2168 iPAHelper.exe - ok
11:44:26.0138 2168 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:44:26.0138 2168 IPBusEnum - ok
11:44:26.0153 2168 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:44:26.0153 2168 IpFilterDriver - ok
11:44:26.0169 2168 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:44:26.0169 2168 iphlpsvc - ok
11:44:26.0169 2168 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:44:26.0169 2168 IPMIDRV - ok
11:44:26.0184 2168 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:44:26.0184 2168 IPNAT - ok
11:44:26.0247 2168 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:44:26.0262 2168 iPod Service - ok
11:44:26.0294 2168 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:44:26.0294 2168 IRENUM - ok
11:44:26.0309 2168 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
11:44:26.0309 2168 isapnp - ok
11:44:26.0325 2168 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:44:26.0325 2168 iScsiPrt - ok
11:44:26.0340 2168 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:44:26.0340 2168 kbdclass - ok
11:44:26.0356 2168 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:44:26.0356 2168 kbdhid - ok
11:44:26.0372 2168 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
11:44:26.0372 2168 KeyIso - ok
11:44:26.0403 2168 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:44:26.0403 2168 KSecDD - ok
11:44:26.0403 2168 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:44:26.0403 2168 KSecPkg - ok
11:44:26.0418 2168 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:44:26.0418 2168 ksthunk - ok
11:44:26.0450 2168 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:44:26.0450 2168 KtmRm - ok
11:44:26.0481 2168 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:44:26.0481 2168 LanmanServer - ok
11:44:26.0512 2168 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:44:26.0512 2168 LanmanWorkstation - ok
11:44:26.0543 2168 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:44:26.0543 2168 lltdio - ok
11:44:26.0559 2168 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:44:26.0559 2168 lltdsvc - ok
11:44:26.0574 2168 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:44:26.0574 2168 lmhosts - ok
11:44:26.0606 2168 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:44:26.0606 2168 LSI_FC - ok
11:44:26.0606 2168 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:44:26.0606 2168 LSI_SAS - ok
11:44:26.0606 2168 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:44:26.0606 2168 LSI_SAS2 - ok
11:44:26.0621 2168 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:44:26.0621 2168 LSI_SCSI - ok
11:44:26.0637 2168 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:44:26.0637 2168 luafv - ok
11:44:26.0699 2168 [ DBC08862A71459E74F7538B432C114CC ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:44:26.0699 2168 MBAMProtector - ok
11:44:26.0777 2168 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:44:26.0793 2168 MBAMService - ok
11:44:26.0824 2168 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
11:44:26.0824 2168 mcdbus - ok
11:44:26.0840 2168 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:44:26.0840 2168 Mcx2Svc - ok
11:44:26.0855 2168 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:44:26.0855 2168 megasas - ok
11:44:26.0871 2168 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:44:26.0871 2168 MegaSR - ok
11:44:26.0980 2168 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:44:26.0980 2168 Microsoft Office Groove Audit Service - ok
11:44:26.0996 2168 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:44:26.0996 2168 MMCSS - ok
11:44:27.0011 2168 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:44:27.0011 2168 Modem - ok
11:44:27.0027 2168 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:44:27.0027 2168 monitor - ok
11:44:27.0042 2168 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:44:27.0042 2168 mouclass - ok
11:44:27.0074 2168 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:44:27.0074 2168 mouhid - ok
11:44:27.0074 2168 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:44:27.0074 2168 mountmgr - ok
11:44:27.0167 2168 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:44:27.0167 2168 MozillaMaintenance - ok
11:44:27.0167 2168 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
11:44:27.0167 2168 mpio - ok
11:44:27.0230 2168 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:44:27.0230 2168 mpsdrv - ok
11:44:27.0261 2168 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:44:27.0276 2168 MpsSvc - ok
11:44:27.0276 2168 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:44:27.0276 2168 MRxDAV - ok
11:44:27.0292 2168 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:44:27.0292 2168 mrxsmb - ok
11:44:27.0308 2168 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:44:27.0308 2168 mrxsmb10 - ok
11:44:27.0323 2168 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:44:27.0323 2168 mrxsmb20 - ok
11:44:27.0339 2168 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
11:44:27.0339 2168 msahci - ok
11:44:27.0339 2168 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
11:44:27.0354 2168 msdsm - ok
11:44:27.0354 2168 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:44:27.0370 2168 MSDTC - ok
11:44:27.0386 2168 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:44:27.0386 2168 Msfs - ok
11:44:27.0386 2168 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:44:27.0386 2168 mshidkmdf - ok
11:44:27.0401 2168 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
11:44:27.0401 2168 msisadrv - ok
11:44:27.0432 2168 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:44:27.0432 2168 MSiSCSI - ok
11:44:27.0448 2168 msiserver - ok
11:44:27.0464 2168 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:44:27.0464 2168 MSKSSRV - ok
11:44:27.0479 2168 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:44:27.0479 2168 MSPCLOCK - ok
11:44:27.0479 2168 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:44:27.0479 2168 MSPQM - ok
11:44:27.0495 2168 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:44:27.0510 2168 MsRPC - ok
11:44:27.0526 2168 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:44:27.0526 2168 mssmbios - ok
11:44:27.0542 2168 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:44:27.0542 2168 MSTEE - ok
11:44:27.0557 2168 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:44:27.0557 2168 MTConfig - ok
11:44:27.0573 2168 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:44:27.0573 2168 Mup - ok
11:44:27.0604 2168 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
11:44:27.0620 2168 napagent - ok
11:44:27.0651 2168 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:44:27.0666 2168 NativeWifiP - ok
11:44:27.0698 2168 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:44:27.0729 2168 NDIS - ok
11:44:27.0744 2168 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:44:27.0744 2168 NdisCap - ok
11:44:27.0760 2168 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:44:27.0760 2168 NdisTapi - ok
11:44:27.0760 2168 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:44:27.0760 2168 Ndisuio - ok
11:44:27.0791 2168 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:44:27.0807 2168 NdisWan - ok
11:44:27.0807 2168 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:44:27.0807 2168 NDProxy - ok
11:44:27.0822 2168 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:44:27.0822 2168 NetBIOS - ok
11:44:27.0838 2168 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:44:27.0838 2168 NetBT - ok
11:44:27.0854 2168 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
11:44:27.0854 2168 Netlogon - ok
11:44:27.0885 2168 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:44:27.0885 2168 Netman - ok
11:44:27.0900 2168 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:44:27.0916 2168 netprofm - ok
11:44:27.0932 2168 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:44:27.0932 2168 NetTcpPortSharing - ok
11:44:27.0947 2168 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:44:27.0963 2168 nfrd960 - ok
11:44:27.0978 2168 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:44:27.0978 2168 NlaSvc - ok
11:44:27.0994 2168 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:44:27.0994 2168 Npfs - ok
11:44:27.0994 2168 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:44:27.0994 2168 nsi - ok
11:44:28.0010 2168 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:44:28.0010 2168 nsiproxy - ok
11:44:28.0072 2168 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:44:28.0103 2168 Ntfs - ok
11:44:28.0119 2168 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:44:28.0119 2168 Null - ok
11:44:28.0119 2168 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
11:44:28.0119 2168 nvraid - ok
11:44:28.0134 2168 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
11:44:28.0134 2168 nvstor - ok
11:44:28.0150 2168 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
11:44:28.0150 2168 nv_agp - ok
11:44:28.0244 2168 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:44:28.0244 2168 odserv - ok
11:44:28.0259 2168 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:44:28.0259 2168 ohci1394 - ok
11:44:28.0322 2168 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:44:28.0322 2168 ose - ok
11:44:28.0337 2168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:44:28.0353 2168 p2pimsvc - ok
11:44:28.0368 2168 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:44:28.0368 2168 p2psvc - ok
11:44:28.0384 2168 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:44:28.0400 2168 Parport - ok
11:44:28.0400 2168 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:44:28.0400 2168 partmgr - ok
11:44:28.0415 2168 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:44:28.0415 2168 PcaSvc - ok
11:44:28.0431 2168 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
11:44:28.0431 2168 pci - ok
11:44:28.0446 2168 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
11:44:28.0446 2168 pciide - ok
11:44:28.0462 2168 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:44:28.0462 2168 pcmcia - ok
11:44:28.0478 2168 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:44:28.0478 2168 pcw - ok
11:44:28.0493 2168 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:44:28.0493 2168 PEAUTH - ok
11:44:28.0540 2168 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:44:28.0571 2168 PeerDistSvc - ok
11:44:28.0634 2168 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:44:28.0634 2168 PerfHost - ok
11:44:28.0696 2168 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
11:44:28.0790 2168 pla - ok
11:44:28.0805 2168 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:44:28.0805 2168 PlugPlay - ok
11:44:28.0821 2168 PnkBstrA - ok
11:44:28.0836 2168 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:44:28.0836 2168 PNRPAutoReg - ok
11:44:28.0852 2168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:44:28.0868 2168 PNRPsvc - ok
11:44:28.0883 2168 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:44:28.0899 2168 PolicyAgent - ok
11:44:28.0914 2168 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:44:28.0914 2168 Power - ok
11:44:28.0946 2168 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:44:28.0946 2168 PptpMiniport - ok
11:44:28.0961 2168 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:44:28.0961 2168 Processor - ok
11:44:28.0977 2168 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
11:44:28.0977 2168 ProfSvc - ok
11:44:28.0992 2168 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
11:44:28.0992 2168 ProtectedStorage - ok
11:44:29.0008 2168 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:44:29.0008 2168 Psched - ok
11:44:29.0070 2168 [ 05F46042208E515B9C240AAFC54E7AA2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:44:29.0070 2168 PxHlpa64 - ok
11:44:29.0102 2168 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:44:29.0133 2168 ql2300 - ok
11:44:29.0133 2168 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:44:29.0148 2168 ql40xx - ok
11:44:29.0148 2168 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:44:29.0148 2168 QWAVE - ok
11:44:29.0164 2168 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:44:29.0164 2168 QWAVEdrv - ok
11:44:29.0164 2168 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:44:29.0164 2168 RasAcd - ok
11:44:29.0180 2168 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:44:29.0195 2168 RasAgileVpn - ok
11:44:29.0211 2168 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:44:29.0211 2168 RasAuto - ok
11:44:29.0211 2168 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:44:29.0226 2168 Rasl2tp - ok
11:44:29.0226 2168 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
11:44:29.0242 2168 RasMan - ok
11:44:29.0258 2168 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:44:29.0258 2168 RasPppoe - ok
11:44:29.0273 2168 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:44:29.0273 2168 RasSstp - ok
11:44:29.0289 2168 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:44:29.0289 2168 rdbss - ok
11:44:29.0304 2168 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:44:29.0304 2168 rdpbus - ok
11:44:29.0320 2168 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:44:29.0320 2168 RDPCDD - ok
11:44:29.0336 2168 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:44:29.0351 2168 RDPDR - ok
11:44:29.0367 2168 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:44:29.0367 2168 RDPENCDD - ok
11:44:29.0382 2168 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:44:29.0382 2168 RDPREFMP - ok
11:44:29.0398 2168 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:44:29.0398 2168 RDPWD - ok
11:44:29.0414 2168 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:44:29.0414 2168 rdyboost - ok
11:44:29.0445 2168 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:44:29.0445 2168 RemoteAccess - ok
11:44:29.0476 2168 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:44:29.0476 2168 RemoteRegistry - ok
11:44:29.0570 2168 [ 85B5159D86AC06AD744EE9D3C288AEEE ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
11:44:29.0570 2168 Roxio UPnP Renderer 10 - ok
11:44:29.0585 2168 [ 0DB43CAF2D77B809A86E9D7E1BCC6D76 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
11:44:29.0585 2168 Roxio Upnp Server 10 - ok
11:44:29.0694 2168 [ 7958AFFC64E4F284068EB6575CC64DCF ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
11:44:29.0694 2168 RoxLiveShare10 - ok
11:44:29.0804 2168 [ ED69CD4AB4BE607ABF768A60E4AC79DA ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
11:44:29.0819 2168 RoxMediaDB10 - ok
11:44:29.0882 2168 [ 0DA14EE2C0E274FEA5A6545181851C16 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
11:44:29.0882 2168 RoxWatch10 - ok
11:44:29.0928 2168 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:44:29.0928 2168 RpcEptMapper - ok
11:44:29.0960 2168 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:44:29.0975 2168 RpcLocator - ok
11:44:30.0022 2168 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
11:44:30.0022 2168 RpcSs - ok
11:44:30.0053 2168 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:44:30.0053 2168 rspndr - ok
11:44:30.0069 2168 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:44:30.0084 2168 RTL8167 - ok
11:44:30.0084 2168 RxFilter - ok
11:44:30.0116 2168 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
11:44:30.0116 2168 s3cap - ok
11:44:30.0116 2168 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
11:44:30.0116 2168 SamSs - ok
11:44:30.0147 2168 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
11:44:30.0147 2168 sbp2port - ok
11:44:30.0209 2168 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:44:30.0209 2168 SBSDWSCService - ok
11:44:30.0225 2168 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:44:30.0240 2168 SCardSvr - ok
11:44:30.0240 2168 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:44:30.0240 2168 scfilter - ok
11:44:30.0256 2168 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
11:44:30.0287 2168 Schedule - ok
11:44:30.0303 2168 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:44:30.0303 2168 SCPolicySvc - ok
11:44:30.0318 2168 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:44:30.0318 2168 SDRSVC - ok
11:44:30.0334 2168 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:44:30.0334 2168 secdrv - ok
11:44:30.0350 2168 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
11:44:30.0350 2168 seclogon - ok
11:44:30.0365 2168 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:44:30.0381 2168 SENS - ok
11:44:30.0381 2168 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:44:30.0381 2168 SensrSvc - ok
11:44:30.0396 2168 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:44:30.0412 2168 Serenum - ok
11:44:30.0412 2168 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:44:30.0412 2168 Serial - ok
11:44:30.0428 2168 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:44:30.0428 2168 sermouse - ok
11:44:30.0443 2168 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
11:44:30.0443 2168 SessionEnv - ok
11:44:30.0459 2168 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:44:30.0459 2168 sffdisk - ok
11:44:30.0459 2168 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:44:30.0459 2168 sffp_mmc - ok
11:44:30.0459 2168 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:44:30.0459 2168 sffp_sd - ok
11:44:30.0474 2168 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:44:30.0474 2168 sfloppy - ok
11:44:30.0506 2168 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:44:30.0506 2168 SharedAccess - ok
11:44:30.0537 2168 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:44:30.0537 2168 ShellHWDetection - ok
11:44:30.0552 2168 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:44:30.0552 2168 SiSRaid2 - ok
11:44:30.0552 2168 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:44:30.0552 2168 SiSRaid4 - ok
11:44:30.0568 2168 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:44:30.0568 2168 Smb - ok
11:44:30.0599 2168 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:44:30.0599 2168 SNMPTRAP - ok
11:44:30.0599 2168 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:44:30.0599 2168 spldr - ok
11:44:30.0630 2168 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
11:44:30.0646 2168 Spooler - ok
11:44:30.0724 2168 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
11:44:30.0786 2168 sppsvc - ok
11:44:30.0802 2168 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:44:30.0802 2168 sppuinotify - ok
11:44:30.0833 2168 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:44:30.0833 2168 srv - ok
11:44:30.0849 2168 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:44:30.0849 2168 srv2 - ok
11:44:30.0864 2168 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:44:30.0864 2168 srvnet - ok
11:44:30.0911 2168 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:44:30.0911 2168 SSDPSRV - ok
11:44:30.0927 2168 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:44:30.0927 2168 SstpSvc - ok
11:44:30.0942 2168 Steam Client Service - ok
11:44:30.0958 2168 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:44:30.0958 2168 stexstor - ok
11:44:30.0989 2168 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
11:44:30.0989 2168 stisvc - ok
11:44:31.0005 2168 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
11:44:31.0005 2168 storflt - ok
11:44:31.0020 2168 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
11:44:31.0020 2168 storvsc - ok
11:44:31.0036 2168 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:44:31.0036 2168 swenum - ok
11:44:31.0130 2168 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:44:31.0130 2168 SwitchBoard - ok
11:44:31.0161 2168 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:44:31.0176 2168 swprv - ok
11:44:31.0223 2168 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
11:44:31.0270 2168 SysMain - ok
11:44:31.0286 2168 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:44:31.0286 2168 TabletInputService - ok
11:44:31.0317 2168 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
11:44:31.0317 2168 TapiSrv - ok
11:44:31.0332 2168 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:44:31.0332 2168 TBS - ok
11:44:31.0395 2168 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:44:31.0395 2168 Tcpip - ok
11:44:31.0457 2168 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:44:31.0473 2168 TCPIP6 - ok
11:44:31.0473 2168 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:44:31.0473 2168 tcpipreg - ok
11:44:31.0488 2168 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:44:31.0488 2168 TDPIPE - ok
11:44:31.0504 2168 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:44:31.0504 2168 TDTCP - ok
11:44:31.0520 2168 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:44:31.0520 2168 tdx - ok
11:44:31.0520 2168 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:44:31.0520 2168 TermDD - ok
11:44:31.0551 2168 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
11:44:31.0551 2168 TermService - ok
11:44:31.0566 2168 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:44:31.0566 2168 Themes - ok
11:44:31.0566 2168 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:44:31.0582 2168 THREADORDER - ok
11:44:31.0598 2168 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:44:31.0598 2168 TrkWks - ok
11:44:31.0644 2168 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:44:31.0644 2168 TrustedInstaller - ok
11:44:31.0644 2168 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:44:31.0644 2168 tssecsrv - ok
11:44:31.0676 2168 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:44:31.0676 2168 tunnel - ok
11:44:31.0676 2168 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:44:31.0676 2168 uagp35 - ok
11:44:31.0738 2168 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:44:31.0754 2168 udfs - ok
11:44:31.0769 2168 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:44:31.0769 2168 UI0Detect - ok
11:44:31.0785 2168 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
11:44:31.0785 2168 uliagpkx - ok
11:44:31.0816 2168 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:44:31.0816 2168 umbus - ok
11:44:31.0816 2168 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:44:31.0816 2168 UmPass - ok
11:44:31.0847 2168 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
11:44:31.0847 2168 UmRdpService - ok
11:44:31.0863 2168 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:44:31.0878 2168 upnphost - ok
11:44:31.0910 2168 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:44:31.0910 2168 USBAAPL64 - ok
11:44:31.0925 2168 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:44:31.0941 2168 usbccgp - ok
11:44:31.0941 2168 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
11:44:31.0941 2168 usbcir - ok
11:44:31.0941 2168 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:44:31.0941 2168 usbehci - ok
11:44:31.0956 2168 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:44:31.0972 2168 usbhub - ok
11:44:31.0972 2168 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:44:31.0972 2168 usbohci - ok
11:44:31.0988 2168 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:44:31.0988 2168 usbprint - ok
11:44:32.0034 2168 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:44:32.0050 2168 USBSTOR - ok
11:44:32.0050 2168 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:44:32.0050 2168 usbuhci - ok
11:44:32.0066 2168 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:44:32.0081 2168 UxSms - ok
11:44:32.0097 2168 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
11:44:32.0097 2168 VaultSvc - ok
11:44:32.0144 2168 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
11:44:32.0144 2168 vdrvroot - ok
11:44:32.0190 2168 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
11:44:32.0206 2168 vds - ok
11:44:32.0237 2168 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:44:32.0237 2168 vga - ok
11:44:32.0253 2168 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:44:32.0253 2168 VgaSave - ok
11:44:32.0300 2168 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
11:44:32.0300 2168 vhdmp - ok
11:44:32.0393 2168 [ 8F69C38A8BA725F891F26AAC8888696E ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
11:44:32.0409 2168 VIAHdAudAddService - ok
11:44:32.0409 2168 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
11:44:32.0409 2168 viaide - ok
11:44:32.0440 2168 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
11:44:32.0440 2168 vmbus - ok
11:44:32.0456 2168 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
11:44:32.0456 2168 VMBusHID - ok
11:44:32.0471 2168 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
11:44:32.0471 2168 volmgr - ok
11:44:32.0502 2168 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:44:32.0502 2168 volmgrx - ok
11:44:32.0549 2168 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
11:44:32.0549 2168 volsnap - ok
11:44:32.0565 2168 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:44:32.0565 2168 vsmraid - ok
11:44:32.0627 2168 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
11:44:32.0643 2168 VSS - ok
11:44:32.0643 2168 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:44:32.0643 2168 vwifibus - ok
11:44:32.0674 2168 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:44:32.0674 2168 W32Time - ok
11:44:32.0674 2168 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:44:32.0674 2168 WacomPen - ok
11:44:32.0705 2168 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:44:32.0705 2168 WANARP - ok
11:44:32.0721 2168 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:44:32.0721 2168 Wanarpv6 - ok
11:44:32.0768 2168 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
11:44:32.0814 2168 wbengine - ok
11:44:32.0861 2168 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:44:32.0861 2168 WbioSrvc - ok
11:44:32.0924 2168 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:44:32.0939 2168 wcncsvc - ok
11:44:32.0955 2168 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:44:32.0955 2168 WcsPlugInService - ok
11:44:32.0955 2168 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:44:32.0955 2168 Wd - ok
11:44:32.0970 2168 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:44:32.0986 2168 Wdf01000 - ok
11:44:33.0002 2168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:44:33.0002 2168 WdiServiceHost - ok
11:44:33.0002 2168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:44:33.0017 2168 WdiSystemHost - ok
11:44:33.0033 2168 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
11:44:33.0033 2168 WebClient - ok
11:44:33.0048 2168 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:44:33.0048 2168 Wecsvc - ok
11:44:33.0064 2168 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:44:33.0064 2168 wercplsupport - ok
11:44:33.0080 2168 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:44:33.0080 2168 WerSvc - ok
11:44:33.0095 2168 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:44:33.0095 2168 WfpLwf - ok
11:44:33.0095 2168 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:44:33.0095 2168 WIMMount - ok
11:44:33.0142 2168 WinDefend - ok
11:44:33.0142 2168 WinHttpAutoProxySvc - ok
11:44:33.0189 2168 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:44:33.0189 2168 Winmgmt - ok
11:44:33.0251 2168 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
11:44:33.0298 2168 WinRM - ok
11:44:33.0345 2168 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:44:33.0360 2168 WinUsb - ok
11:44:33.0392 2168 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:44:33.0392 2168 Wlansvc - ok
11:44:33.0407 2168 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:44:33.0407 2168 WmiAcpi - ok
11:44:33.0438 2168 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:44:33.0438 2168 wmiApSrv - ok
11:44:33.0454 2168 WMPNetworkSvc - ok
11:44:33.0470 2168 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:44:33.0470 2168 WPCSvc - ok
11:44:33.0485 2168 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:44:33.0485 2168 WPDBusEnum - ok
11:44:33.0516 2168 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:44:33.0516 2168 ws2ifsl - ok
11:44:33.0548 2168 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:44:33.0563 2168 wscsvc - ok
11:44:33.0563 2168 WSearch - ok
11:44:33.0672 2168 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:44:33.0672 2168 wuauserv - ok
11:44:33.0719 2168 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:44:33.0719 2168 WudfPf - ok
11:44:33.0750 2168 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:44:33.0766 2168 WUDFRd - ok
11:44:33.0782 2168 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:44:33.0782 2168 wudfsvc - ok
11:44:33.0797 2168 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:44:33.0797 2168 WwanSvc - ok
11:44:33.0813 2168 ================ Scan global ===============================
11:44:33.0828 2168 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:44:33.0844 2168 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
11:44:33.0860 2168 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
11:44:33.0875 2168 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:44:33.0906 2168 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:44:33.0906 2168 [Global] - ok
11:44:33.0906 2168 ================ Scan MBR ==================================
11:44:33.0906 2168 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:44:34.0640 2168 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:44:34.0640 2168 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:44:34.0640 2168 ================ Scan VBR ==================================
11:44:34.0655 2168 [ 4EFD2A7BC0CE2CB616E25C763BFDDCC2 ] \Device\Harddisk0\DR0\Partition1
11:44:34.0671 2168 \Device\Harddisk0\DR0\Partition1 - ok
11:44:34.0686 2168 [ 17E0428092345BACAA5C413CA8DB57B7 ] \Device\Harddisk0\DR0\Partition2
11:44:34.0702 2168 \Device\Harddisk0\DR0\Partition2 - ok
11:44:34.0702 2168 ============================================================
11:44:34.0702 2168 Scan finished
11:44:34.0702 2168 ============================================================
11:44:34.0702 2108 Detected object count: 1
11:44:34.0702 2108 Actual detected object count: 1
11:46:47.0926 2108 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:46:47.0926 2108 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:46:47.0926 2108 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:46:47.0926 2108 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:46:47.0942 2108 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:46:47.0942 2108 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:46:47.0942 2108 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:46:47.0942 2108 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:46:47.0942 2108 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:46:47.0942 2108 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:46:47.0942 2108 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:46:47.0942 2108 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:46:47.0942 2108 \Device\Harddisk0\DR0\TDLFS - deleted
11:46:47.0942 2108 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
11:46:54.0291 1744 Deinitialize success

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:01 AM

Posted 01 January 2013 - 08:55 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users