Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/Backdoor Instability


  • This topic is locked This topic is locked
9 replies to this topic

#1 RoboPan

RoboPan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 08 June 2013 - 09:49 PM

Mod edit: moved to appropriate forum  ~~boopme

 

Edit: Thank you for moving this to the appropriate forum.

 

.Hello everyone, I am afraid this is a long tale, but I do require help!
 
A few days ago, I tried to start up my computer, to immediately encounter the screen asking me to run Windows Startup Repair (or start normally) - I was confused, but ran startup repair.  Following the "starting windows" screen, I ran into a black screen with a white cursor.  I restarted, and picked "start normally" - it refused to advance beyond the windows screen.  These two things happened every single time.  Upon trying to start in safe mode, it froze halfway, bluescreened, and upon startup, informed me that the BCD was broken.  I started up windows windows recovery with an install disc, but it could not run startup repair or system restore, because it could not detect an OS (or the partition that contained it).  I was not able to rebuild the BCD through the command prompt.
 
This continued for some time - programs like Lazesoft and Hirens Boot CD failed to detect the C:\ partition or any OS attached to the computer, so every scan failed.  Eventually, nothing would boot from CD except Hirens and the miniXP function (or the DOS programs) - All attempts to reach the windows recovery screen (or any other) would reach a black screen with white cursor, just like if I had picked "repair windows" on startup (I should mention that at some point, the "BCD is missing" screen went away, replaced with the two options presented earlier).
 
Eventually, I discovered in the DOS of Hirens, a hard drive scanner - a surface scan reported numerous errors and froze.  Testdisk could not access the C:\ partition.  I ran DRevitalize from DOS and, about 36 hours later, it had discovered and repaired 8 damaged sectors.  I could boot again!
 
However, things were noticeably laggy.  I figured this was a result of the repair, and ran Spybot S&D, Malwarebytes, Avast Anti-Virus, and SuperAntiSpyware.  The first three detected nothing, but the last detected numerous tracking cookies (pretty normal, sadly) and one very high threat, unnamed, Trojan.  At that time I figured I'd need to wipe the computer, and was backing up files (windows stated that there were corrupted files, so that I could not create a system image, so I simply backed up my media files and large program files), and went into Users - and encountered a user that never existed.  In it, I found only a folder labeled HRUPPROG.DIE.NOW.   Obviously, this was something very bad, and deleted it.  I've restarted a few more times since then, found another trojan through a deep scan with Superantispyware (I have found nothing with the other programs) - I have also run RKill, and then Combifix.  I am admittedly unsure if they found anything, but I do have the logs.
 
I am not sure how to proceed.  I am strongly tempted just to reformat the HDD, because I'm not sure if I've eliminated the trojan or not.  I am also worried that it may have spread in some way to my backup externals simply by being connected (though my programs detected nothing in deep scans of them), and my older HP computer (which runs Vista) just last night restarted, and is having much trouble restarting, out of nowhere (It keeps restarting halfway through boot, although there is no sign of hard drive damage).
 
I would appreciate any assistance, both with the problems on my Win7 Toshiba, as well as any assistance regarding the new problems with the Vista HP computer, or even how I can check my externals for signs of the malware.  Thank you.
 
Attached is the Combifix and TDSSKiller logs (the latter having just been run a moment ago)

Attached Files


Edited by RoboPan, 08 June 2013 - 09:56 PM.


BC AdBot (Login to Remove)

 


#2 RoboPan

RoboPan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 08 June 2013 - 10:02 PM

Here is the combifx log posted:

 

ComboFix 13-06-08.02 - Panda Hero Z 06/08/2013 18:36:05.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1511.527 [GMT -7:00]
Running from: c:\users\Panda Hero Z\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Panda Hero Z\AppData\Roaming\Love
c:\users\Panda Hero Z\AppData\Roaming\Love\not_pacman\highscoreA
c:\users\Panda Hero Z\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\Panda Hero Z\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\Panda Hero Z\AppData\Roaming\Love\not_tetris_2\options.txt
c:\windows\SysWow64\tmpB60C.tmp
c:\windows\SysWow64\tmpB716.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 )))))))))))))))))))))))))))))))
.
.
2013-06-09 01:50 . 2013-06-09 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-08 15:30 . 2013-06-08 15:30 -------- d-----w- c:\program files (x86)\Magical Jelly Bean
2013-06-08 09:48 . 2013-06-08 09:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F72DE75-532E-45A9-A617-3E72D59ABCEF}\offreg.dll
2013-05-31 23:55 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F72DE75-532E-45A9-A617-3E72D59ABCEF}\mpengine.dll
2013-05-30 16:15 . 2013-05-30 16:25 -------- d-----w- c:\users\Panda Hero Z\AppData\Roaming\Vessel
2013-05-28 05:00 . 2013-05-28 05:00 -------- d-----w- c:\users\Panda Hero Z\AppData\Local\Conexant
2013-05-24 18:52 . 2013-05-24 18:54 -------- d-----w- c:\program files (x86)\SkywardDemo
2013-05-23 08:41 . 2013-05-23 13:31 -------- d-----w- c:\users\Panda Hero Z\AppData\Roaming\RIFT
2013-05-23 08:41 . 2013-06-02 07:36 -------- d-----w- c:\program files (x86)\RIFT
2013-05-23 06:46 . 2013-06-02 11:58 -------- d-----w- c:\users\Panda Hero Z\AppData\Roaming\Raptr
2013-05-23 06:46 . 2013-05-23 06:47 -------- d-----w- c:\program files (x86)\Raptr
2013-05-22 16:30 . 2013-05-22 16:30 -------- d-----w- c:\users\Panda Hero Z\AppData\Roaming\Ubisoft
2013-05-22 16:30 . 2013-05-22 16:30 -------- d-----w- c:\programdata\Ubisoft
2013-05-22 16:28 . 2013-05-22 16:28 -------- d-----w- c:\program files (x86)\Ubisoft
2013-05-22 01:13 . 2013-05-22 01:14 -------- d-----w- c:\program files (x86)\Leviathan Warships
2013-05-19 15:34 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-17 21:42 . 2013-05-17 21:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-05-17 18:00 . 2013-05-17 18:00 -------- d-----w- c:\users\Panda Hero Z\AppData\Local\Opera
2013-05-17 18:00 . 2013-05-17 18:00 -------- d-----w- c:\program files (x86)\Opera
2013-05-17 09:31 . 2012-06-09 00:07 201376 ----a-w- c:\windows\system32\CxAudMsg64.exe
2013-05-17 07:00 . 2013-05-17 07:00 -------- d-----w- c:\programdata\Malwarebytes
2013-05-17 07:00 . 2013-05-19 15:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-17 05:48 . 2013-05-17 05:48 -------- d-----w- c:\windows\system32\SRSLabs
2013-05-16 13:40 . 2013-05-19 09:17 -------- d-----w- c:\users\Panda Hero Z\AppData\Roaming\Scoregasm
2013-05-16 13:01 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 13:01 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 13:01 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 13:01 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 12:59 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 12:59 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 12:59 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 12:59 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 12:59 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 12:59 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 01:17 . 2013-05-16 01:17 -------- d-----w- c:\program files (x86)\BESMCG
2013-05-14 14:33 . 2013-05-14 14:33 -------- d-----w- C:\SearchProtect
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 13:32 . 2013-04-12 01:03 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 17:19 . 2013-04-10 09:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 17:19 . 2013-04-10 09:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-04-10 07:00 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-04-10 07:00 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-04-10 07:00 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-10 07:00 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-04-10 07:00 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-04-10 06:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-04-10 07:00 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-04-10 06:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-04-10 06:57 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-04-10 06:59 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 09:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-23 14:32 . 2013-04-22 15:58 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-23 14:32 . 2013-04-22 15:58 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-23 14:32 . 2013-04-22 15:58 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-04-23 14:32 . 2013-04-22 15:58 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-04-13 05:49 . 2013-05-16 13:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 13:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 13:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 13:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 13:00 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 13:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-27 13:10 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-12 00:17 . 2013-04-10 09:07 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-12 00:17 . 2011-04-29 05:09 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-12 00:14 . 2013-04-12 00:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-12 00:14 . 2013-04-12 00:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-12 00:14 . 2013-04-12 00:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-04-12 00:14 . 2013-04-12 00:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-12 00:14 . 2013-04-12 00:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-12 00:14 . 2013-04-12 00:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-12 00:14 . 2013-04-12 00:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-12 00:14 . 2013-04-12 00:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-12 00:14 . 2013-04-12 00:14 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-04-12 00:14 . 2013-04-12 00:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-04-12 00:14 . 2013-04-12 00:14 82432 ----a-w- c:\windows\system32\icardie.dll
2013-04-12 00:14 . 2013-04-12 00:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-04-12 00:14 . 2013-04-12 00:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-04-12 00:14 . 2013-04-12 00:14 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-12 00:14 . 2013-04-12 00:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-12 00:14 . 2013-04-12 00:14 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-12 00:14 . 2013-04-12 00:14 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-12 00:14 . 2013-04-12 00:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-04-12 00:14 . 2013-04-12 00:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-12 00:14 . 2013-04-12 00:14 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-12 00:14 . 2013-04-12 00:14 448512 ----a-w- c:\windows\system32\html.iec
2013-04-12 00:14 . 2013-04-12 00:14 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-12 00:14 . 2013-04-12 00:14 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-04-12 00:14 . 2013-04-12 00:14 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-12 00:14 . 2013-04-12 00:14 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-04-12 00:14 . 2013-04-12 00:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-12 00:14 . 2013-04-12 00:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-12 00:14 . 2013-04-12 00:14 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-12 00:14 . 2013-04-12 00:14 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-04-12 00:14 . 2013-04-12 00:14 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-04-12 00:14 . 2013-04-12 00:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-12 00:14 . 2013-04-12 00:14 222208 ----a-w- c:\windows\system32\msls31.dll
2013-04-12 00:14 . 2013-04-12 00:14 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-12 00:14 . 2013-04-12 00:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-04-12 00:14 . 2013-04-12 00:14 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-04-12 00:14 . 2013-04-12 00:14 160256 ----a-w- c:\windows\system32\wextract.exe
2013-04-12 00:14 . 2013-04-12 00:14 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-04-12 00:14 . 2013-04-12 00:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-12 00:14 . 2013-04-12 00:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-12 00:14 . 2013-04-12 00:14 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-12 00:14 . 2013-04-12 00:14 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-04-12 00:14 . 2013-04-12 00:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-12 00:14 . 2013-04-12 00:14 12288 ----a-w- c:\windows\system32\mshta.exe
2013-04-12 00:14 . 2013-04-12 00:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-12 00:14 . 2013-04-12 00:14 114176 ----a-w- c:\windows\system32\admparse.dll
2013-04-12 00:14 . 2013-04-12 00:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-12 00:14 . 2013-04-12 00:14 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-12 00:14 . 2013-04-12 00:14 103936 ----a-w- c:\windows\system32\inseng.dll
2013-04-12 00:14 . 2013-04-12 00:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-04-11 14:22 . 2011-06-11 08:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-04-11 14:22 . 2011-06-11 08:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-04-10 14:35 . 2013-04-10 12:22 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-04 12:35 . 2013-04-25 23:28 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04 . 2013-04-11 21:57 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 21:57 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 21:57 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 21:57 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 21:57 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 21:57 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1E13846C-21EC-4478-85D8-5C60D0429C66}]
2013-04-10 10:40 78648 ----a-w- c:\users\Panda Hero Z\AppData\Local\getsavin\ie\getsavin_1365590401.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Panda Hero Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-08 05:23 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-10 17:19]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 04:39]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 04:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Panda Hero Z\AppData\Roaming\Mozilla\Firefox\Profiles\d0i4ncam.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-04-09 23:58; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-04-10 03:45; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-GetSavin - c:\users\Panda Hero Z\AppData\Local\getsavin\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2013-06-08 19:07:56 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-09 02:07
.
Pre-Run: 107,448,733,696 bytes free
Post-Run: 107,921,932,288 bytes free
.
- - End Of File - - 3C97F4F9D86587C4C4348E4874B0453D
BB441980712A18C200EA4D03CE446819

 



#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:15 AM

Posted 10 June 2013 - 01:57 PM

Hello RoboPan and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)




-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#4 RoboPan

RoboPan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 11 June 2013 - 06:38 PM

I tried to submit earlier, but it just infinitely said, "Saving post".

Since the post above, I have run every scan I can think of at least half a dozen times.  TDSSKiller and Combifix wiped out most of the remaining things, to my knowledge, but I caught a few trojans in my recovery partition with SuperASW and Kapersky boot cd scan found something in my drivers that nothing else picked up (It also thinks Rkill.exe is a backdoor malware).

 

It may be due to the repairs done to the bad hard drive sectors, but my computer is somewhat slow to log in, and I sometimes get an error message when saving with things like notepad (I've received it maybe four times so far?) that I will post up here as soon as I can repeat it; something like "Bad Imagine, C:\Windows\Windows\System32\Notepad.dll (not entirely accurate) is not able to be run by Windows OS, or needs to be reinstalled".  It looked suspiciously like another message I've heard of that indicate traces of yet more backdoors... But nothing is getting picked up any more.  My older Vista-running HP should be clean now, I believe most of the errors were due to memory hardware errors.

 

So for questions... I suppose I would like to know if there's any way to reliably scan external HD's for malware, since things like Combifix do not extend to externals.  I am strongly considering reformatting my Toshiba - in what way can I format that will make sure that all traces of malware are eliminated?  I've only ever "restored to factory condition".

 

Here are my logs, first will be Security Check, then MBAR files, and TDSSKiller's.  Combifix is posted above your post.  I also have logs from later scans if you require them.

 

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 20  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.7 Adobe Reader out of Date!
 Mozilla Firefox (21.0) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````

Edited by RoboPan, 11 June 2013 - 06:51 PM.


#5 RoboPan

RoboPan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 11 June 2013 - 06:47 PM

MBAR log and system files:

 

The MBAR log (then the MBAR system log)

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
 
Database version: v2013.06.08.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Panda Hero Z :: PSEUDOBROKE [administrator]
 
6/8/2013 8:11:58 PM
mbar-log-2013-06-08 (20-11-58).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 236069
Time elapsed: 18 minute(s), 49 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
Java version: 1.6.0_20
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 1584259072, free: 688754688
 
Downloaded database version: v2013.06.08.06
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     06/08/2013 20:11:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\63739777.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800231f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80020e3060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800231f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800231fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800231f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80020dd520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80020e3060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7E4A5B6D
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 593803264
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 596877312  Numsec = 28264448
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
Java version: 1.6.0_20
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 1584259072, free: 382738432
 
Initializing...
------------ Kernel report ------------
     06/09/2013 02:52:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\44904884.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800278c790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xfffffa800282ab60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002314060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80020bf060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80021d58a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80020cb4e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80020bf060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7E4A5B6D
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 593803264
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 596877312  Numsec = 28264448
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800278c790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800207a7c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800278c790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800282ab60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1EB71E
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953517568
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000202043392 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

Edited by RoboPan, 11 June 2013 - 06:51 PM.


#6 RoboPan

RoboPan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 11 June 2013 - 06:49 PM

Aaaand the TDSSKiller log

 

19:44:31.0901 5844  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:44:32.0615 5844  ============================================================
19:44:32.0615 5844  Current date / time: 2013/06/08 19:44:32.0615
19:44:32.0615 5844  SystemInfo:
19:44:32.0615 5844  
19:44:32.0630 5844  OS Version: 6.1.7601 ServicePack: 1.0
19:44:32.0630 5844  Product type: Workstation
19:44:32.0630 5844  ComputerName: PSEUDOBROKE
19:44:32.0630 5844  UserName: Panda Hero Z
19:44:32.0630 5844  Windows directory: C:\windows
19:44:32.0630 5844  System windows directory: C:\windows
19:44:32.0630 5844  Running under WOW64
19:44:32.0630 5844  Processor architecture: Intel x64
19:44:32.0630 5844  Number of processors: 4
19:44:32.0630 5844  Page size: 0x1000
19:44:32.0630 5844  Boot type: Normal boot
19:44:32.0630 5844  ============================================================
19:44:34.0607 5844  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:44:34.0675 5844  ============================================================
19:44:34.0675 5844  \Device\Harddisk0\DR0:
19:44:34.0711 5844  MBR partitions:
19:44:34.0711 5844  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
19:44:34.0711 5844  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2364B800
19:44:34.0711 5844  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2393A000, BlocksNum 0x1AF4800
19:44:34.0711 5844  ============================================================
19:44:34.0831 5844  C: <-> \Device\Harddisk0\DR0\Partition2
19:44:34.0926 5844  D: <-> \Device\Harddisk0\DR0\Partition3
19:44:34.0926 5844  ============================================================
19:44:34.0926 5844  Initialize success
19:44:34.0926 5844  ============================================================
19:44:36.0859 4136  ============================================================
19:44:36.0859 4136  Scan started
19:44:36.0859 4136  Mode: Manual; 
19:44:36.0859 4136  ============================================================
19:44:39.0371 4136  ================ Scan system memory ========================
19:44:39.0371 4136  System memory - ok
19:44:39.0371 4136  ================ Scan services =============================
19:44:39.0483 4136  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:44:39.0501 4136  !SASCORE - ok
19:44:39.0721 4136  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:44:39.0737 4136  1394ohci - ok
19:44:39.0768 4136  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:44:39.0784 4136  ACPI - ok
19:44:39.0817 4136  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
19:44:39.0849 4136  AcpiPmi - ok
19:44:40.0106 4136  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:44:40.0121 4136  AdobeARMservice - ok
19:44:40.0373 4136  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:40.0388 4136  AdobeFlashPlayerUpdateSvc - ok
19:44:40.0466 4136  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
19:44:40.0500 4136  adp94xx - ok
19:44:40.0552 4136  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
19:44:40.0567 4136  adpahci - ok
19:44:40.0635 4136  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
19:44:40.0635 4136  adpu320 - ok
19:44:40.0687 4136  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
19:44:40.0687 4136  AeLookupSvc - ok
19:44:40.0754 4136  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
19:44:40.0754 4136  AFD - ok
19:44:40.0819 4136  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
19:44:40.0819 4136  agp440 - ok
19:44:40.0853 4136  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
19:44:40.0853 4136  ALG - ok
19:44:40.0899 4136  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
19:44:40.0899 4136  aliide - ok
19:44:40.0980 4136  [ E9F172F8067830AB6418FCF13B7C82F1 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:44:40.0980 4136  AMD External Events Utility - ok
19:44:41.0027 4136  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
19:44:41.0042 4136  amdide - ok
19:44:41.0089 4136  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
19:44:41.0105 4136  AmdK8 - ok
19:44:41.0324 4136  [ 3EA481540BF571CE2AC422249C4E18A9 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
19:44:41.0522 4136  amdkmdag - ok
19:44:41.0568 4136  [ C5228C5FD5CA78002255089C4E74DC0E ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
19:44:41.0568 4136  amdkmdap - ok
19:44:41.0620 4136  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
19:44:41.0620 4136  AmdPPM - ok
19:44:41.0690 4136  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
19:44:41.0690 4136  amdsata - ok
19:44:41.0716 4136  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
19:44:41.0731 4136  amdsbs - ok
19:44:41.0763 4136  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
19:44:41.0763 4136  amdxata - ok
19:44:41.0830 4136  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
19:44:41.0830 4136  AppID - ok
19:44:41.0861 4136  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:44:41.0861 4136  AppIDSvc - ok
19:44:41.0889 4136  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
19:44:41.0889 4136  Appinfo - ok
19:44:42.0050 4136  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
19:44:42.0084 4136  arc - ok
19:44:42.0174 4136  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
19:44:42.0174 4136  arcsas - ok
19:44:42.0307 4136  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:44:42.0322 4136  aspnet_state - ok
19:44:42.0372 4136  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
19:44:42.0372 4136  aswFsBlk - ok
19:44:42.0434 4136  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
19:44:42.0434 4136  aswMonFlt - ok
19:44:42.0450 4136  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
19:44:42.0450 4136  aswRdr - ok
19:44:42.0512 4136  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
19:44:42.0512 4136  aswRvrt - ok
19:44:42.0559 4136  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
19:44:42.0590 4136  aswSnx - ok
19:44:42.0637 4136  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\windows\system32\drivers\aswSP.sys
19:44:42.0657 4136  aswSP - ok
19:44:42.0673 4136  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
19:44:42.0673 4136  aswTdi - ok
19:44:42.0725 4136  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
19:44:42.0740 4136  aswVmm - ok
19:44:42.0772 4136  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:44:42.0772 4136  AsyncMac - ok
19:44:42.0808 4136  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
19:44:42.0808 4136  atapi - ok
19:44:42.0888 4136  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\windows\system32\DRIVERS\athrx.sys
19:44:42.0935 4136  athr - ok
19:44:43.0038 4136  [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
19:44:43.0038 4136  AtiHDAudioService - ok
19:44:43.0103 4136  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:44:43.0119 4136  AudioEndpointBuilder - ok
19:44:43.0134 4136  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
19:44:43.0134 4136  AudioSrv - ok
19:44:43.0212 4136  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:44:43.0212 4136  avast! Antivirus - ok
19:44:43.0258 4136  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:44:43.0258 4136  AxInstSV - ok
19:44:43.0326 4136  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
19:44:43.0341 4136  b06bdrv - ok
19:44:43.0378 4136  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
19:44:43.0378 4136  b57nd60a - ok
19:44:43.0456 4136  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
19:44:43.0456 4136  BDESVC - ok
19:44:43.0487 4136  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
19:44:43.0487 4136  Beep - ok
19:44:43.0570 4136  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
19:44:43.0570 4136  BFE - ok
19:44:43.0619 4136  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
19:44:43.0770 4136  BITS - ok
19:44:43.0816 4136  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:44:43.0832 4136  blbdrive - ok
19:44:43.0848 4136  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:44:43.0863 4136  bowser - ok
19:44:43.0879 4136  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
19:44:43.0894 4136  BrFiltLo - ok
19:44:43.0894 4136  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
19:44:43.0910 4136  BrFiltUp - ok
19:44:43.0957 4136  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
19:44:43.0957 4136  BridgeMP - ok
19:44:44.0022 4136  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
19:44:44.0037 4136  Browser - ok
19:44:44.0068 4136  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
19:44:44.0084 4136  Brserid - ok
19:44:44.0105 4136  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:44:44.0105 4136  BrSerWdm - ok
19:44:44.0154 4136  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:44:44.0156 4136  BrUsbMdm - ok
19:44:44.0172 4136  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:44:44.0172 4136  BrUsbSer - ok
19:44:44.0206 4136  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
19:44:44.0208 4136  BTHMODEM - ok
19:44:44.0255 4136  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
19:44:44.0255 4136  bthserv - ok
19:44:44.0291 4136  catchme - ok
19:44:44.0338 4136  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:44:44.0338 4136  cdfs - ok
19:44:44.0372 4136  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
19:44:44.0372 4136  cdrom - ok
19:44:44.0405 4136  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
19:44:44.0405 4136  CertPropSvc - ok
19:44:44.0457 4136  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
19:44:44.0457 4136  circlass - ok
19:44:44.0504 4136  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
19:44:44.0509 4136  CLFS - ok
19:44:44.0608 4136  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:44.0613 4136  clr_optimization_v2.0.50727_32 - ok
19:44:44.0644 4136  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:44.0659 4136  clr_optimization_v2.0.50727_64 - ok
19:44:44.0753 4136  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:44.0885 4136  clr_optimization_v4.0.30319_32 - ok
19:44:44.0932 4136  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:45.0041 4136  clr_optimization_v4.0.30319_64 - ok
19:44:45.0106 4136  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:44:45.0106 4136  CmBatt - ok
19:44:45.0137 4136  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:44:45.0137 4136  cmdide - ok
19:44:45.0212 4136  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
19:44:45.0228 4136  CNG - ok
19:44:45.0327 4136  [ 1F925AA990A6A446E8BA926B2D0A5201 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
19:44:45.0360 4136  CnxtHdAudService - ok
19:44:45.0381 4136  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
19:44:45.0381 4136  Compbatt - ok
19:44:45.0412 4136  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
19:44:45.0412 4136  CompositeBus - ok
19:44:45.0428 4136  COMSysApp - ok
19:44:45.0459 4136  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
19:44:45.0459 4136  crcdisk - ok
19:44:45.0521 4136  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:44:45.0521 4136  CryptSvc - ok
19:44:45.0589 4136  [ 48AED45DF009081AF3F5144F7D624674 ] CxAudMsg        C:\windows\system32\CxAudMsg64.exe
19:44:45.0589 4136  CxAudMsg - ok
19:44:45.0661 4136  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
19:44:45.0692 4136  DcomLaunch - ok
19:44:45.0713 4136  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
19:44:45.0728 4136  defragsvc - ok
19:44:45.0775 4136  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:44:45.0775 4136  DfsC - ok
19:44:45.0827 4136  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
19:44:45.0827 4136  Dhcp - ok
19:44:45.0858 4136  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
19:44:45.0858 4136  discache - ok
19:44:45.0894 4136  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
19:44:45.0910 4136  Disk - ok
19:44:45.0944 4136  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:44:45.0959 4136  Dnscache - ok
19:44:45.0975 4136  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
19:44:45.0991 4136  dot3svc - ok
19:44:45.0991 4136  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
19:44:46.0006 4136  DPS - ok
19:44:46.0037 4136  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
19:44:46.0037 4136  drmkaud - ok
19:44:46.0110 4136  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\windows\system32\DRIVERS\dtsoftbus01.sys
19:44:46.0125 4136  dtsoftbus01 - ok
19:44:46.0172 4136  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
19:44:46.0203 4136  DXGKrnl - ok
19:44:46.0219 4136  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
19:44:46.0219 4136  EapHost - ok
19:44:46.0349 4136  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
19:44:46.0460 4136  ebdrv - ok
19:44:46.0523 4136  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
19:44:46.0523 4136  EFS - ok
19:44:46.0608 4136  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
19:44:46.0640 4136  ehRecvr - ok
19:44:46.0640 4136  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
19:44:46.0640 4136  ehSched - ok
19:44:46.0712 4136  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
19:44:46.0712 4136  elxstor - ok
19:44:46.0743 4136  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:44:46.0743 4136  ErrDev - ok
19:44:46.0806 4136  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
19:44:46.0806 4136  EventSystem - ok
19:44:46.0844 4136  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
19:44:46.0844 4136  exfat - ok
19:44:46.0896 4136  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
19:44:46.0896 4136  fastfat - ok
19:44:46.0990 4136  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
19:44:47.0005 4136  Fax - ok
19:44:47.0021 4136  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
19:44:47.0021 4136  fdc - ok
19:44:47.0057 4136  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
19:44:47.0057 4136  fdPHost - ok
19:44:47.0073 4136  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
19:44:47.0073 4136  FDResPub - ok
19:44:47.0138 4136  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:44:47.0140 4136  FileInfo - ok
19:44:47.0143 4136  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
19:44:47.0143 4136  Filetrace - ok
19:44:47.0174 4136  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
19:44:47.0207 4136  flpydisk - ok
19:44:47.0223 4136  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:44:47.0223 4136  FltMgr - ok
19:44:47.0306 4136  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
19:44:47.0332 4136  FontCache - ok
19:44:47.0383 4136  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:47.0383 4136  FontCache3.0.0.0 - ok
19:44:47.0415 4136  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
19:44:47.0415 4136  FsDepends - ok
19:44:47.0464 4136  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:44:47.0464 4136  Fs_Rec - ok
19:44:47.0513 4136  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:44:47.0513 4136  fvevol - ok
19:44:47.0544 4136  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
19:44:47.0560 4136  gagp30kx - ok
19:44:47.0591 4136  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
19:44:47.0607 4136  gpsvc - ok
19:44:47.0737 4136  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:47.0737 4136  gupdate - ok
19:44:47.0752 4136  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:47.0752 4136  gupdatem - ok
19:44:47.0783 4136  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:44:47.0783 4136  hcw85cir - ok
19:44:47.0817 4136  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:44:47.0833 4136  HdAudAddService - ok
19:44:47.0864 4136  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
19:44:47.0864 4136  HDAudBus - ok
19:44:47.0895 4136  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
19:44:47.0895 4136  HidBatt - ok
19:44:47.0926 4136  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:44:47.0926 4136  HidBth - ok
19:44:47.0973 4136  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
19:44:47.0973 4136  HidIr - ok
19:44:48.0007 4136  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
19:44:48.0007 4136  hidserv - ok
19:44:48.0056 4136  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:44:48.0056 4136  HidUsb - ok
19:44:48.0152 4136  [ 9D2C35E06CE117355ABADCEEE1558D21 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
19:44:48.0155 4136  HiPatchService - ok
19:44:48.0170 4136  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:44:48.0186 4136  hkmsvc - ok
19:44:48.0207 4136  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:44:48.0222 4136  HomeGroupListener - ok
19:44:48.0253 4136  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:44:48.0269 4136  HomeGroupProvider - ok
19:44:48.0316 4136  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:44:48.0316 4136  HpSAMD - ok
19:44:48.0378 4136  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:44:48.0409 4136  HTTP - ok
19:44:48.0425 4136  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:44:48.0425 4136  hwpolicy - ok
19:44:48.0472 4136  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:44:48.0487 4136  i8042prt - ok
19:44:48.0555 4136  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:44:48.0573 4136  iaStorV - ok
19:44:48.0687 4136  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:44:48.0687 4136  IDriverT - ok
19:44:48.0752 4136  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:48.0799 4136  idsvc - ok
19:44:48.0851 4136  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
19:44:48.0851 4136  iirsp - ok
19:44:48.0900 4136  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
19:44:48.0931 4136  IKEEXT - ok
19:44:48.0936 4136  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
19:44:48.0936 4136  intelide - ok
19:44:48.0983 4136  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\drivers\intelppm.sys
19:44:48.0983 4136  intelppm - ok
19:44:49.0001 4136  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:44:49.0001 4136  IPBusEnum - ok
19:44:49.0032 4136  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:44:49.0032 4136  IpFilterDriver - ok
19:44:49.0110 4136  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:44:49.0126 4136  iphlpsvc - ok
19:44:49.0141 4136  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:44:49.0157 4136  IPMIDRV - ok
19:44:49.0188 4136  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:44:49.0188 4136  IPNAT - ok
19:44:49.0219 4136  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:44:49.0219 4136  IRENUM - ok
19:44:49.0235 4136  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:44:49.0235 4136  isapnp - ok
19:44:49.0266 4136  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:44:49.0282 4136  iScsiPrt - ok
19:44:49.0315 4136  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:44:49.0315 4136  kbdclass - ok
19:44:49.0347 4136  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:44:49.0347 4136  kbdhid - ok
19:44:49.0365 4136  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
19:44:49.0380 4136  KeyIso - ok
19:44:49.0427 4136  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:44:49.0427 4136  KSecDD - ok
19:44:49.0474 4136  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:44:49.0490 4136  KSecPkg - ok
19:44:49.0505 4136  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
19:44:49.0505 4136  ksthunk - ok
19:44:49.0536 4136  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
19:44:49.0552 4136  KtmRm - ok
19:44:49.0586 4136  [ 045FB70BC993B691517CE309045FF02D ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
19:44:49.0586 4136  L1C - ok
19:44:49.0617 4136  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
19:44:49.0632 4136  LanmanServer - ok
19:44:49.0686 4136  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:44:49.0689 4136  LanmanWorkstation - ok
19:44:49.0735 4136  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:44:49.0751 4136  lltdio - ok
19:44:49.0767 4136  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:44:49.0782 4136  lltdsvc - ok
19:44:49.0820 4136  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
19:44:49.0823 4136  lmhosts - ok
19:44:49.0875 4136  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:44:49.0875 4136  LSI_FC - ok
19:44:49.0890 4136  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
19:44:49.0890 4136  LSI_SAS - ok
19:44:49.0921 4136  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:44:49.0921 4136  LSI_SAS2 - ok
19:44:49.0921 4136  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:44:49.0921 4136  LSI_SCSI - ok
19:44:49.0953 4136  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
19:44:49.0953 4136  luafv - ok
19:44:49.0999 4136  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
19:44:50.0002 4136  Mcx2Svc - ok
19:44:50.0033 4136  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
19:44:50.0033 4136  megasas - ok
19:44:50.0085 4136  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:44:50.0085 4136  MegaSR - ok
19:44:50.0137 4136  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
19:44:50.0152 4136  MMCSS - ok
19:44:50.0157 4136  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
19:44:50.0157 4136  Modem - ok
19:44:50.0209 4136  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:44:50.0209 4136  monitor - ok
19:44:50.0240 4136  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:44:50.0240 4136  mouclass - ok
19:44:50.0287 4136  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:44:50.0287 4136  mouhid - ok
19:44:50.0320 4136  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:44:50.0320 4136  mountmgr - ok
19:44:50.0385 4136  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:44:50.0385 4136  MozillaMaintenance - ok
19:44:50.0401 4136  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
19:44:50.0401 4136  mpio - ok
19:44:50.0432 4136  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:44:50.0432 4136  mpsdrv - ok
19:44:50.0489 4136  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:44:50.0520 4136  MpsSvc - ok
19:44:50.0536 4136  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:44:50.0536 4136  MRxDAV - ok
19:44:50.0585 4136  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:44:50.0585 4136  mrxsmb - ok
19:44:50.0605 4136  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:44:50.0621 4136  mrxsmb10 - ok
19:44:50.0637 4136  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:44:50.0637 4136  mrxsmb20 - ok
19:44:50.0657 4136  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
19:44:50.0657 4136  msahci - ok
19:44:50.0673 4136  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:44:50.0688 4136  msdsm - ok
19:44:50.0712 4136  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
19:44:50.0727 4136  MSDTC - ok
19:44:50.0743 4136  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:44:50.0758 4136  Msfs - ok
19:44:50.0774 4136  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:44:50.0790 4136  mshidkmdf - ok
19:44:50.0805 4136  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:44:50.0805 4136  msisadrv - ok
19:44:50.0826 4136  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:44:50.0826 4136  MSiSCSI - ok
19:44:50.0841 4136  msiserver - ok
19:44:50.0878 4136  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:44:50.0878 4136  MSKSSRV - ok
19:44:50.0893 4136  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:44:50.0893 4136  MSPCLOCK - ok
19:44:50.0909 4136  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:44:50.0924 4136  MSPQM - ok
19:44:50.0971 4136  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:44:50.0987 4136  MsRPC - ok
19:44:51.0005 4136  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:44:51.0020 4136  mssmbios - ok
19:44:51.0036 4136  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:44:51.0036 4136  MSTEE - ok
19:44:51.0052 4136  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:44:51.0070 4136  MTConfig - ok
19:44:51.0070 4136  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
19:44:51.0085 4136  Mup - ok
19:44:51.0119 4136  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
19:44:51.0119 4136  napagent - ok
19:44:51.0186 4136  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:44:51.0186 4136  NativeWifiP - ok
19:44:51.0274 4136  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
19:44:51.0290 4136  NDIS - ok
19:44:51.0352 4136  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:44:51.0352 4136  NdisCap - ok
19:44:51.0399 4136  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:44:51.0417 4136  NdisTapi - ok
19:44:51.0433 4136  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:44:51.0433 4136  Ndisuio - ok
19:44:51.0482 4136  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:44:51.0482 4136  NdisWan - ok
19:44:51.0498 4136  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:44:51.0498 4136  NDProxy - ok
19:44:51.0513 4136  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:44:51.0513 4136  NetBIOS - ok
19:44:51.0513 4136  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:44:51.0529 4136  NetBT - ok
19:44:51.0560 4136  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
19:44:51.0560 4136  Netlogon - ok
19:44:51.0591 4136  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
19:44:51.0591 4136  Netman - ok
19:44:51.0638 4136  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:51.0656 4136  NetMsmqActivator - ok
19:44:51.0656 4136  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:51.0656 4136  NetPipeActivator - ok
19:44:51.0688 4136  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
19:44:51.0688 4136  netprofm - ok
19:44:51.0703 4136  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:51.0703 4136  NetTcpActivator - ok
19:44:51.0703 4136  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:51.0703 4136  NetTcpPortSharing - ok
19:44:51.0768 4136  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
19:44:51.0768 4136  nfrd960 - ok
19:44:51.0817 4136  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:44:51.0833 4136  NlaSvc - ok
19:44:51.0849 4136  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:44:51.0849 4136  Npfs - ok
19:44:51.0880 4136  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
19:44:51.0880 4136  nsi - ok
19:44:51.0895 4136  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:44:51.0895 4136  nsiproxy - ok
19:44:51.0945 4136  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:44:51.0960 4136  Ntfs - ok
19:44:51.0991 4136  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
19:44:51.0991 4136  Null - ok
19:44:52.0056 4136  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:44:52.0056 4136  nvraid - ok
19:44:52.0088 4136  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:44:52.0088 4136  nvstor - ok
19:44:52.0121 4136  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:44:52.0121 4136  nv_agp - ok
19:44:52.0137 4136  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:44:52.0137 4136  ohci1394 - ok
19:44:52.0168 4136  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:44:52.0184 4136  p2pimsvc - ok
19:44:52.0204 4136  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
19:44:52.0220 4136  p2psvc - ok
19:44:52.0251 4136  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
19:44:52.0251 4136  Parport - ok
19:44:52.0300 4136  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:44:52.0300 4136  partmgr - ok
19:44:52.0318 4136  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
19:44:52.0318 4136  PcaSvc - ok
19:44:52.0350 4136  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
19:44:52.0350 4136  pci - ok
19:44:52.0350 4136  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
19:44:52.0350 4136  pciide - ok
19:44:52.0381 4136  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:44:52.0415 4136  pcmcia - ok
19:44:52.0415 4136  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
19:44:52.0430 4136  pcw - ok
19:44:52.0461 4136  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:44:52.0461 4136  PEAUTH - ok
19:44:52.0539 4136  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
19:44:52.0557 4136  PerfHost - ok
19:44:52.0607 4136  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
19:44:52.0622 4136  PGEffect - ok
19:44:52.0687 4136  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
19:44:52.0708 4136  pla - ok
19:44:52.0770 4136  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:44:52.0786 4136  PlugPlay - ok
19:44:52.0804 4136  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:44:52.0804 4136  PNRPAutoReg - ok
19:44:52.0835 4136  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:44:52.0835 4136  PNRPsvc - ok
19:44:52.0884 4136  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:44:52.0884 4136  PolicyAgent - ok
19:44:52.0947 4136  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
19:44:52.0947 4136  Power - ok
19:44:53.0025 4136  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:44:53.0040 4136  PptpMiniport - ok
19:44:53.0056 4136  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
19:44:53.0072 4136  Processor - ok
19:44:53.0108 4136  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
19:44:53.0123 4136  ProfSvc - ok
19:44:53.0139 4136  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:44:53.0155 4136  ProtectedStorage - ok
19:44:53.0201 4136  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:44:53.0201 4136  Psched - ok
19:44:53.0248 4136  [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem          C:\windows\system32\DRIVERS\QIOMem.sys
19:44:53.0248 4136  QIOMem - ok
19:44:53.0334 4136  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:44:53.0365 4136  ql2300 - ok
19:44:53.0381 4136  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:44:53.0381 4136  ql40xx - ok
19:44:53.0427 4136  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
19:44:53.0443 4136  QWAVE - ok
19:44:53.0477 4136  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:44:53.0477 4136  QWAVEdrv - ok
19:44:53.0495 4136  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:44:53.0495 4136  RasAcd - ok
19:44:53.0544 4136  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:44:53.0560 4136  RasAgileVpn - ok
19:44:53.0575 4136  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
19:44:53.0591 4136  RasAuto - ok
19:44:53.0593 4136  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:44:53.0593 4136  Rasl2tp - ok
19:44:53.0625 4136  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
19:44:53.0625 4136  RasMan - ok
19:44:53.0640 4136  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:44:53.0640 4136  RasPppoe - ok
19:44:53.0671 4136  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:44:53.0687 4136  RasSstp - ok
19:44:53.0703 4136  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:44:53.0703 4136  rdbss - ok
19:44:53.0734 4136  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:44:53.0734 4136  rdpbus - ok
19:44:53.0765 4136  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:44:53.0765 4136  RDPCDD - ok
19:44:53.0781 4136  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:44:53.0781 4136  RDPENCDD - ok
19:44:53.0799 4136  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:44:53.0799 4136  RDPREFMP - ok
19:44:53.0855 4136  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:44:53.0871 4136  RdpVideoMiniport - ok
19:44:53.0902 4136  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:44:53.0918 4136  RDPWD - ok
19:44:53.0933 4136  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:44:53.0933 4136  rdyboost - ok
19:44:53.0965 4136  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
19:44:53.0965 4136  RemoteAccess - ok
19:44:53.0996 4136  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:44:53.0996 4136  RemoteRegistry - ok
19:44:54.0011 4136  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:44:54.0011 4136  RpcEptMapper - ok
19:44:54.0043 4136  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
19:44:54.0043 4136  RpcLocator - ok
19:44:54.0076 4136  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
19:44:54.0076 4136  RpcSs - ok
19:44:54.0108 4136  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:44:54.0108 4136  rspndr - ok
19:44:54.0188 4136  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
19:44:54.0188 4136  RSUSBSTOR - ok
19:44:54.0222 4136  [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR      C:\windows\system32\Drivers\RTSUVSTOR.sys
19:44:54.0222 4136  RSUSBVSTOR - ok
19:44:54.0310 4136  [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce       C:\windows\system32\DRIVERS\rtl8192Ce.sys
19:44:54.0341 4136  RTL8192Ce - ok
19:44:54.0357 4136  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
19:44:54.0357 4136  SamSs - ok
19:44:54.0421 4136  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:44:54.0421 4136  SASDIFSV - ok
19:44:54.0437 4136  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:44:54.0437 4136  SASKUTIL - ok
19:44:54.0468 4136  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:44:54.0468 4136  sbp2port - ok
19:44:54.0502 4136  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:44:54.0518 4136  SCardSvr - ok
19:44:54.0543 4136  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:44:54.0546 4136  scfilter - ok
19:44:54.0584 4136  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
19:44:54.0589 4136  Schedule - ok
19:44:54.0620 4136  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
19:44:54.0620 4136  SCPolicySvc - ok
19:44:54.0656 4136  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:44:54.0656 4136  SDRSVC - ok
19:44:54.0721 4136  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:44:54.0721 4136  secdrv - ok
19:44:54.0721 4136  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
19:44:54.0737 4136  seclogon - ok
19:44:54.0752 4136  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
19:44:54.0752 4136  SENS - ok
19:44:54.0802 4136  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:44:54.0817 4136  SensrSvc - ok
19:44:54.0838 4136  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
19:44:54.0838 4136  Serenum - ok
19:44:54.0885 4136  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
19:44:54.0885 4136  Serial - ok
19:44:54.0900 4136  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:44:54.0900 4136  sermouse - ok
19:44:54.0931 4136  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
19:44:54.0931 4136  SessionEnv - ok
19:44:54.0981 4136  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
19:44:54.0981 4136  sffdisk - ok
19:44:55.0012 4136  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:44:55.0012 4136  sffp_mmc - ok
19:44:55.0059 4136  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
19:44:55.0059 4136  sffp_sd - ok
19:44:55.0059 4136  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
19:44:55.0074 4136  sfloppy - ok
19:44:55.0121 4136  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:44:55.0137 4136  SharedAccess - ok
19:44:55.0155 4136  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:44:55.0170 4136  ShellHWDetection - ok
19:44:55.0217 4136  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:44:55.0233 4136  SiSRaid2 - ok
19:44:55.0248 4136  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:44:55.0248 4136  SiSRaid4 - ok
19:44:55.0331 4136  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:44:55.0331 4136  SkypeUpdate - ok
19:44:55.0396 4136  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:44:55.0412 4136  Smb - ok
19:44:55.0443 4136  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:44:55.0459 4136  SNMPTRAP - ok
19:44:55.0524 4136  [ 0FFE35F0B0CD5A324BBE22F02569AE3B ] speedfan        C:\windows\syswow64\speedfan.sys
19:44:55.0539 4136  speedfan - ok
19:44:55.0555 4136  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
19:44:55.0570 4136  spldr - ok
19:44:55.0607 4136  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
19:44:55.0622 4136  Spooler - ok
19:44:55.0741 4136  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
19:44:55.0788 4136  sppsvc - ok
19:44:55.0822 4136  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:44:55.0822 4136  sppuinotify - ok
19:44:55.0856 4136  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
19:44:55.0856 4136  srv - ok
19:44:55.0871 4136  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:44:55.0887 4136  srv2 - ok
19:44:55.0967 4136  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\windows\system32\DRIVERS\VSTAZL6.SYS
19:44:55.0983 4136  SrvHsfHDA - ok
19:44:56.0017 4136  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\windows\system32\DRIVERS\VSTDPV6.SYS
19:44:56.0032 4136  SrvHsfV92 - ok
19:44:56.0066 4136  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\windows\system32\DRIVERS\VSTCNXT6.SYS
19:44:56.0081 4136  SrvHsfWinac - ok
19:44:56.0115 4136  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:44:56.0115 4136  srvnet - ok
19:44:56.0146 4136  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:44:56.0146 4136  SSDPSRV - ok
19:44:56.0178 4136  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:44:56.0178 4136  SstpSvc - ok
19:44:56.0209 4136  Steam Client Service - ok
19:44:56.0240 4136  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:44:56.0240 4136  stexstor - ok
19:44:56.0305 4136  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
19:44:56.0336 4136  stisvc - ok
19:44:56.0352 4136  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:44:56.0352 4136  swenum - ok
19:44:56.0385 4136  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
19:44:56.0401 4136  swprv - ok
19:44:56.0481 4136  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
19:44:56.0496 4136  SynTP - ok
19:44:56.0574 4136  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
19:44:56.0606 4136  SysMain - ok
19:44:56.0621 4136  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:44:56.0621 4136  TabletInputService - ok
19:44:56.0637 4136  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
19:44:56.0652 4136  TapiSrv - ok
19:44:56.0671 4136  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
19:44:56.0671 4136  TBS - ok
19:44:56.0780 4136  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:44:56.0811 4136  Tcpip - ok
19:44:56.0863 4136  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:44:56.0863 4136  TCPIP6 - ok
19:44:56.0912 4136  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:44:56.0928 4136  tcpipreg - ok
19:44:56.0974 4136  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
19:44:56.0974 4136  tdcmdpst - ok
19:44:57.0021 4136  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:44:57.0021 4136  TDPIPE - ok
19:44:57.0055 4136  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:44:57.0055 4136  TDTCP - ok
19:44:57.0117 4136  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:44:57.0117 4136  tdx - ok
19:44:57.0133 4136  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:44:57.0149 4136  TermDD - ok
19:44:57.0185 4136  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
19:44:57.0185 4136  TermService - ok
19:44:57.0221 4136  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
19:44:57.0221 4136  Themes - ok
19:44:57.0268 4136  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
19:44:57.0283 4136  THREADORDER - ok
19:44:57.0377 4136  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:44:57.0377 4136  TMachInfo - ok
19:44:57.0411 4136  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
19:44:57.0411 4136  TODDSrv - ok
19:44:57.0507 4136  [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
19:44:57.0522 4136  TosCoSrv - ok
19:44:57.0572 4136  [ 2ECC833EA37CECE0052D4D9ADC184177 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:44:57.0592 4136  TOSHIBA eco Utility Service - ok
19:44:57.0673 4136  [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:44:57.0673 4136  TOSHIBA HDD SSD Alert Service - ok
19:44:57.0753 4136  [ 9F8410CCC72B3470C96DA415BE0CF423 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:44:57.0769 4136  TPCHSrv - ok
19:44:57.0821 4136  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
19:44:57.0821 4136  TrkWks - ok
19:44:57.0870 4136  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:44:57.0870 4136  TrustedInstaller - ok
19:44:57.0917 4136  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:44:57.0917 4136  tssecsrv - ok
19:44:57.0987 4136  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:44:58.0002 4136  TsUsbFlt - ok
19:44:58.0036 4136  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
19:44:58.0036 4136  TsUsbGD - ok
19:44:58.0067 4136  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:44:58.0067 4136  tunnel - ok
19:44:58.0135 4136  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:44:58.0135 4136  TVALZ - ok
19:44:58.0171 4136  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
19:44:58.0171 4136  TVALZFL - ok
19:44:58.0204 4136  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:44:58.0207 4136  uagp35 - ok
19:44:58.0238 4136  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:44:58.0254 4136  udfs - ok
19:44:58.0308 4136  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:44:58.0313 4136  UI0Detect - ok
19:44:58.0347 4136  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:44:58.0347 4136  uliagpkx - ok
19:44:58.0380 4136  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:44:58.0380 4136  umbus - ok
19:44:58.0396 4136  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
19:44:58.0396 4136  UmPass - ok
19:44:58.0412 4136  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
19:44:58.0427 4136  upnphost - ok
19:44:58.0477 4136  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:44:58.0492 4136  usbccgp - ok
19:44:58.0539 4136  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:44:58.0557 4136  usbcir - ok
19:44:58.0588 4136  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
19:44:58.0588 4136  usbehci - ok
19:44:58.0640 4136  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:44:58.0668 4136  usbhub - ok
19:44:58.0704 4136  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
19:44:58.0720 4136  usbohci - ok
19:44:58.0751 4136  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
19:44:58.0751 4136  usbprint - ok
19:44:58.0805 4136  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:44:58.0810 4136  USBSTOR - ok
19:44:58.0860 4136  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:44:58.0860 4136  usbuhci - ok
19:44:58.0909 4136  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
19:44:58.0909 4136  usbvideo - ok
19:44:58.0990 4136  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
19:44:58.0990 4136  UxSms - ok
19:44:59.0036 4136  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
19:44:59.0054 4136  VaultSvc - ok
19:44:59.0070 4136  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:44:59.0070 4136  vdrvroot - ok
19:44:59.0086 4136  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
19:44:59.0106 4136  vds - ok
19:44:59.0158 4136  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:44:59.0158 4136  vga - ok
19:44:59.0189 4136  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
19:44:59.0189 4136  VgaSave - ok
19:44:59.0205 4136  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
19:44:59.0223 4136  vhdmp - ok
19:44:59.0239 4136  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
19:44:59.0239 4136  viaide - ok
19:44:59.0254 4136  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:44:59.0254 4136  volmgr - ok
19:44:59.0270 4136  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:44:59.0285 4136  volmgrx - ok
19:44:59.0285 4136  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:44:59.0301 4136  volsnap - ok
19:44:59.0335 4136  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
19:44:59.0335 4136  vsmraid - ok
19:44:59.0413 4136  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
19:44:59.0469 4136  VSS - ok
19:44:59.0521 4136  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:44:59.0521 4136  vwifibus - ok
19:44:59.0571 4136  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:44:59.0571 4136  vwififlt - ok
19:44:59.0591 4136  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
19:44:59.0607 4136  W32Time - ok
19:44:59.0622 4136  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:44:59.0622 4136  WacomPen - ok
19:44:59.0664 4136  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:44:59.0664 4136  WANARP - ok
19:44:59.0679 4136  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:44:59.0679 4136  Wanarpv6 - ok
19:44:59.0775 4136  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
19:44:59.0806 4136  WatAdminSvc - ok
19:44:59.0869 4136  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
19:44:59.0884 4136  wbengine - ok
19:44:59.0900 4136  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:44:59.0916 4136  WbioSrvc - ok
19:44:59.0931 4136  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:44:59.0947 4136  wcncsvc - ok
19:44:59.0962 4136  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:44:59.0978 4136  WcsPlugInService - ok
19:44:59.0996 4136  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
19:44:59.0996 4136  Wd - ok
19:45:00.0074 4136  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:45:00.0090 4136  Wdf01000 - ok
19:45:00.0090 4136  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:45:00.0090 4136  WdiServiceHost - ok
19:45:00.0121 4136  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:45:00.0137 4136  WdiSystemHost - ok
19:45:00.0173 4136  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
19:45:00.0188 4136  WebClient - ok
19:45:00.0209 4136  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:45:00.0209 4136  Wecsvc - ok
19:45:00.0225 4136  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:45:00.0240 4136  wercplsupport - ok
19:45:00.0256 4136  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
19:45:00.0256 4136  WerSvc - ok
19:45:00.0287 4136  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:45:00.0287 4136  WfpLwf - ok
19:45:00.0318 4136  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:45:00.0318 4136  WIMMount - ok
19:45:00.0333 4136  WinDefend - ok
19:45:00.0364 4136  WinHttpAutoProxySvc - ok
19:45:00.0442 4136  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:45:00.0458 4136  Winmgmt - ok
19:45:00.0523 4136  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
19:45:00.0554 4136  WinRM - ok
19:45:00.0637 4136  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
19:45:00.0658 4136  Wlansvc - ok
19:45:00.0709 4136  [ F7753932BC154CB1EB76F3CD1DB693FB ] WLSetupSvc      C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe
19:45:00.0725 4136  WLSetupSvc - ok
19:45:00.0756 4136  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
19:45:00.0756 4136  WmiAcpi - ok
19:45:00.0772 4136  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:45:00.0787 4136  wmiApSrv - ok
19:45:00.0821 4136  WMPNetworkSvc - ok
19:45:00.0852 4136  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:45:00.0852 4136  WPCSvc - ok
19:45:00.0868 4136  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:45:00.0868 4136  WPDBusEnum - ok
19:45:00.0899 4136  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:45:00.0899 4136  ws2ifsl - ok
19:45:00.0899 4136  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
19:45:00.0915 4136  wscsvc - ok
19:45:00.0930 4136  WSearch - ok
19:45:01.0056 4136  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
19:45:01.0087 4136  wuauserv - ok
19:45:01.0136 4136  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:45:01.0152 4136  WudfPf - ok
19:45:01.0193 4136  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:45:01.0209 4136  WUDFRd - ok
19:45:01.0256 4136  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:45:01.0289 4136  wudfsvc - ok
19:45:01.0335 4136  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
19:45:01.0351 4136  WwanSvc - ok
19:45:01.0382 4136  ================ Scan global ===============================
19:45:01.0429 4136  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:45:01.0491 4136  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:45:01.0510 4136  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:45:01.0541 4136  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:45:01.0572 4136  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:45:01.0588 4136  [Global] - ok
19:45:01.0588 4136  ================ Scan MBR ==================================
19:45:01.0606 4136  [ BB441980712A18C200EA4D03CE446819 ] \Device\Harddisk0\DR0
19:45:02.0130 4136  \Device\Harddisk0\DR0 - ok
19:45:02.0130 4136  ================ Scan VBR ==================================
19:45:02.0164 4136  [ 7E13D44B438380308DA3E13E85BB067F ] \Device\Harddisk0\DR0\Partition1
19:45:02.0164 4136  \Device\Harddisk0\DR0\Partition1 - ok
19:45:02.0180 4136  [ 8B02E463871CB06540780C9E91DA15DE ] \Device\Harddisk0\DR0\Partition2
19:45:02.0180 4136  \Device\Harddisk0\DR0\Partition2 - ok
19:45:02.0211 4136  [ E7811E0301666DCEF9D13DB801B2C5E7 ] \Device\Harddisk0\DR0\Partition3
19:45:02.0211 4136  \Device\Harddisk0\DR0\Partition3 - ok
19:45:02.0211 4136  ============================================================
19:45:02.0211 4136  Scan finished
19:45:02.0211 4136  ============================================================
19:45:02.0242 5204  Detected object count: 0
19:45:02.0242 5204  Actual detected object count: 0
19:45:13.0261 5548  ============================================================
19:45:13.0261 5548  Scan started
19:45:13.0261 5548  Mode: Manual; SigCheck; TDLFS; 
19:45:13.0261 5548  ============================================================
19:45:13.0495 5548  ================ Scan system memory ========================
19:45:13.0495 5548  System memory - ok
19:45:13.0495 5548  ================ Scan services =============================
19:45:13.0558 5548  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:45:14.0092 5548  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
19:45:14.0092 5548  !SASCORE - detected UnsignedFile.Multi.Generic (1)
19:45:14.0263 5548  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:45:14.0422 5548  1394ohci - ok
19:45:14.0438 5548  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:45:14.0461 5548  ACPI - ok
19:45:14.0476 5548  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
19:45:14.0604 5548  AcpiPmi - ok
19:45:14.0675 5548  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:45:14.0707 5548  AdobeARMservice - ok
19:45:14.0787 5548  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:45:14.0818 5548  AdobeFlashPlayerUpdateSvc - ok
19:45:14.0882 5548  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
19:45:14.0929 5548  adp94xx - ok
19:45:14.0976 5548  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
19:45:15.0007 5548  adpahci - ok
19:45:15.0038 5548  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
19:45:15.0059 5548  adpu320 - ok
19:45:15.0110 5548  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
19:45:15.0331 5548  AeLookupSvc - ok
19:45:15.0362 5548  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
19:45:15.0445 5548  AFD - ok
19:45:15.0476 5548  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
19:45:15.0492 5548  agp440 - ok
19:45:15.0510 5548  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
19:45:15.0621 5548  ALG - ok
19:45:15.0637 5548  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
19:45:15.0653 5548  aliide - ok
19:45:15.0668 5548  [ E9F172F8067830AB6418FCF13B7C82F1 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:45:15.0782 5548  AMD External Events Utility - ok
19:45:15.0819 5548  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
19:45:15.0834 5548  amdide - ok
19:45:15.0850 5548  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
19:45:15.0930 5548  AmdK8 - ok
19:45:16.0159 5548  [ 3EA481540BF571CE2AC422249C4E18A9 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
19:45:16.0400 5548  amdkmdag - ok
19:45:16.0431 5548  [ C5228C5FD5CA78002255089C4E74DC0E ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
19:45:16.0494 5548  amdkmdap - ok
19:45:16.0525 5548  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
19:45:16.0574 5548  AmdPPM - ok
19:45:16.0621 5548  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
19:45:16.0637 5548  amdsata - ok
19:45:16.0657 5548  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
19:45:16.0673 5548  amdsbs - ok
19:45:16.0717 5548  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
19:45:16.0722 5548  amdxata - ok
19:45:16.0737 5548  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
19:45:16.0927 5548  AppID - ok
19:45:16.0974 5548  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:45:17.0057 5548  AppIDSvc - ok
19:45:17.0088 5548  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
19:45:17.0165 5548  Appinfo - ok
19:45:17.0197 5548  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
19:45:17.0212 5548  arc - ok
19:45:17.0259 5548  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
19:45:17.0275 5548  arcsas - ok
19:45:17.0368 5548  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:45:17.0399 5548  aspnet_state - ok
19:45:17.0415 5548  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
19:45:17.0527 5548  aswFsBlk - ok
19:45:17.0560 5548  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
19:45:17.0576 5548  aswMonFlt - ok
19:45:17.0592 5548  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
19:45:17.0607 5548  aswRdr - ok
19:45:17.0638 5548  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
19:45:17.0656 5548  aswRvrt - ok
19:45:17.0703 5548  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
19:45:17.0737 5548  aswSnx - ok
19:45:17.0768 5548  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\windows\system32\drivers\aswSP.sys
19:45:17.0784 5548  aswSP - ok
19:45:17.0802 5548  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
19:45:17.0817 5548  aswTdi - ok
19:45:17.0833 5548  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
19:45:17.0864 5548  aswVmm - ok
19:45:17.0880 5548  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:45:17.0942 5548  AsyncMac - ok
19:45:17.0994 5548  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
19:45:18.0025 5548  atapi - ok
19:45:18.0056 5548  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\windows\system32\DRIVERS\athrx.sys
19:45:18.0171 5548  athr - ok
19:45:18.0209 5548  [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
19:45:18.0225 5548  AtiHDAudioService - ok
19:45:18.0272 5548  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:45:18.0397 5548  AudioEndpointBuilder - ok
19:45:18.0412 5548  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
19:45:18.0459 5548  AudioSrv - ok
19:45:18.0521 5548  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:45:18.0558 5548  avast! Antivirus - ok
19:45:18.0589 5548  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:45:18.0715 5548  AxInstSV - ok
19:45:18.0757 5548  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
19:45:18.0835 5548  b06bdrv - ok
19:45:18.0850 5548  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
19:45:18.0913 5548  b57nd60a - ok
19:45:18.0962 5548  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
19:45:19.0071 5548  BDESVC - ok
19:45:19.0087 5548  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
19:45:19.0157 5548  Beep - ok
19:45:19.0188 5548  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
19:45:19.0271 5548  BFE - ok
19:45:19.0320 5548  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
19:45:19.0466 5548  BITS - ok
19:45:19.0499 5548  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:45:19.0546 5548  blbdrive - ok
19:45:19.0546 5548  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:45:19.0642 5548  bowser - ok
19:45:19.0673 5548  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
19:45:19.0735 5548  BrFiltLo - ok
19:45:19.0766 5548  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
19:45:19.0816 5548  BrFiltUp - ok
19:45:19.0847 5548  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
19:45:19.0925 5548  BridgeMP - ok
19:45:19.0972 5548  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
19:45:20.0055 5548  Browser - ok
19:45:20.0086 5548  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
19:45:20.0184 5548  Brserid - ok
19:45:20.0205 5548  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:45:20.0267 5548  BrSerWdm - ok
19:45:20.0301 5548  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:45:20.0369 5548  BrUsbMdm - ok
19:45:20.0384 5548  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:45:20.0431 5548  BrUsbSer - ok
19:45:20.0465 5548  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
19:45:20.0503 5548  BTHMODEM - ok
19:45:20.0553 5548  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
19:45:20.0620 5548  bthserv - ok
19:45:20.0620 5548  catchme - ok
19:45:20.0672 5548  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:45:20.0755 5548  cdfs - ok
19:45:20.0755 5548  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
19:45:20.0789 5548  cdrom - ok
19:45:20.0807 5548  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
19:45:20.0890 5548  CertPropSvc - ok
19:45:20.0921 5548  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
19:45:20.0970 5548  circlass - ok
19:45:21.0009 5548  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
19:45:21.0040 5548  CLFS - ok
19:45:21.0089 5548  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:45:21.0110 5548  clr_optimization_v2.0.50727_32 - ok
19:45:21.0141 5548  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:45:21.0162 5548  clr_optimization_v2.0.50727_64 - ok
19:45:21.0200 5548  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:45:21.0247 5548  clr_optimization_v4.0.30319_32 - ok
19:45:21.0278 5548  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:45:21.0294 5548  clr_optimization_v4.0.30319_64 - ok
19:45:21.0328 5548  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:45:21.0380 5548  CmBatt - ok
19:45:21.0395 5548  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:45:21.0411 5548  cmdide - ok
19:45:21.0473 5548  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
19:45:21.0538 5548  CNG - ok
19:45:21.0587 5548  [ 1F925AA990A6A446E8BA926B2D0A5201 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
19:45:21.0634 5548  CnxtHdAudService - ok
19:45:21.0665 5548  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
19:45:21.0668 5548  Compbatt - ok
19:45:21.0683 5548  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
19:45:21.0717 5548  CompositeBus - ok
19:45:21.0733 5548  COMSysApp - ok
19:45:21.0748 5548  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
19:45:21.0764 5548  crcdisk - ok
19:45:21.0821 5548  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:45:21.0930 5548  CryptSvc - ok
19:45:21.0948 5548  [ 48AED45DF009081AF3F5144F7D624674 ] CxAudMsg        C:\windows\system32\CxAudMsg64.exe
19:45:21.0979 5548  CxAudMsg - ok
19:45:22.0010 5548  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
19:45:22.0088 5548  DcomLaunch - ok
19:45:22.0138 5548  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
19:45:22.0210 5548  defragsvc - ok
19:45:22.0241 5548  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:45:22.0335 5548  DfsC - ok
19:45:22.0366 5548  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
19:45:22.0462 5548  Dhcp - ok
19:45:22.0478 5548  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
19:45:22.0571 5548  discache - ok
19:45:22.0605 5548  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
19:45:22.0621 5548  Disk - ok
19:45:22.0659 5548  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:45:22.0737 5548  Dnscache - ok
19:45:22.0768 5548  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
19:45:22.0835 5548  dot3svc - ok
19:45:22.0872 5548  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
19:45:22.0965 5548  DPS - ok
19:45:22.0999 5548  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
19:45:23.0046 5548  drmkaud - ok
19:45:23.0095 5548  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\windows\system32\DRIVERS\dtsoftbus01.sys
19:45:23.0126 5548  dtsoftbus01 - ok
19:45:23.0157 5548  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
19:45:23.0199 5548  DXGKrnl - ok
19:45:23.0230 5548  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
19:45:23.0292 5548  EapHost - ok
19:45:23.0420 5548  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
19:45:23.0505 5548  ebdrv - ok
19:45:23.0536 5548  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
19:45:23.0619 5548  EFS - ok
19:45:23.0681 5548  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
19:45:23.0795 5548  ehRecvr - ok
19:45:23.0795 5548  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
19:45:23.0828 5548  ehSched - ok
19:45:23.0862 5548  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
19:45:23.0883 5548  elxstor - ok
19:45:23.0914 5548  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:45:23.0976 5548  ErrDev - ok
19:45:24.0085 5548  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
19:45:24.0175 5548  EventSystem - ok
19:45:24.0213 5548  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
19:45:24.0251 5548  exfat - ok
19:45:24.0300 5548  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
19:45:24.0363 5548  fastfat - ok
19:45:24.0428 5548  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
19:45:24.0506 5548  Fax - ok
19:45:24.0521 5548  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
19:45:24.0602 5548  fdc - ok
19:45:24.0633 5548  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
19:45:24.0685 5548  fdPHost - ok
19:45:24.0705 5548  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
19:45:24.0736 5548  FDResPub - ok
19:45:24.0783 5548  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:45:24.0788 5548  FileInfo - ok
19:45:24.0804 5548  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
19:45:24.0891 5548  Filetrace - ok
19:45:24.0919 5548  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
19:45:24.0942 5548  flpydisk - ok
19:45:24.0944 5548  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:45:24.0975 5548  FltMgr - ok
19:45:25.0039 5548  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
19:45:25.0158 5548  FontCache - ok
19:45:25.0192 5548  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:45:25.0208 5548  FontCache3.0.0.0 - ok
19:45:25.0239 5548  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
19:45:25.0255 5548  FsDepends - ok
19:45:25.0304 5548  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:45:25.0324 5548  Fs_Rec - ok
19:45:25.0356 5548  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:45:25.0371 5548  fvevol - ok
19:45:25.0405 5548  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
19:45:25.0423 5548  gagp30kx - ok
19:45:25.0454 5548  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
19:45:25.0519 5548  gpsvc - ok
19:45:25.0602 5548  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:45:25.0633 5548  gupdate - ok
19:45:25.0633 5548  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:45:25.0649 5548  gupdatem - ok
19:45:25.0683 5548  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:45:25.0770 5548  hcw85cir - ok
19:45:25.0791 5548  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:45:25.0840 5548  HdAudAddService - ok
19:45:25.0871 5548  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
19:45:25.0918 5548  HDAudBus - ok
19:45:25.0949 5548  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
19:45:25.0995 5548  HidBatt - ok
19:45:26.0027 5548  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:45:26.0089 5548  HidBth - ok
19:45:26.0107 5548  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
19:45:26.0138 5548  HidIr - ok
19:45:26.0159 5548  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
19:45:26.0239 5548  hidserv - ok
19:45:26.0271 5548  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:45:26.0286 5548  HidUsb - ok
19:45:26.0338 5548  [ 9D2C35E06CE117355ABADCEEE1558D21 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
19:45:26.0372 5548  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
19:45:26.0372 5548  HiPatchService - detected UnsignedFile.Multi.Generic (1)
19:45:26.0418 5548  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:45:26.0535 5548  hkmsvc - ok
19:45:26.0566 5548  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:45:26.0654 5548  HomeGroupListener - ok
19:45:26.0686 5548  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:45:26.0745 5548  HomeGroupProvider - ok
19:45:26.0776 5548  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:45:26.0794 5548  HpSAMD - ok
19:45:26.0833 5548  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:45:26.0895 5548  HTTP - ok
19:45:26.0926 5548  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:45:26.0942 5548  hwpolicy - ok
19:45:26.0958 5548  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:45:26.0989 5548  i8042prt - ok
19:45:27.0023 5548  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:45:27.0054 5548  iaStorV - ok
19:45:27.0111 5548  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:45:27.0142 5548  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:45:27.0142 5548  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:45:27.0230 5548  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:45:27.0292 5548  idsvc - ok
19:45:27.0328 5548  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
19:45:27.0344 5548  iirsp - ok
19:45:27.0396 5548  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
19:45:27.0492 5548  IKEEXT - ok
19:45:27.0523 5548  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
19:45:27.0539 5548  intelide - ok
19:45:27.0559 5548  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\drivers\intelppm.sys
19:45:27.0590 5548  intelppm - ok
19:45:27.0642 5548  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:45:27.0730 5548  IPBusEnum - ok
19:45:27.0746 5548  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:45:27.0824 5548  IpFilterDriver - ok
19:45:27.0871 5548  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:45:27.0985 5548  iphlpsvc - ok
19:45:28.0003 5548  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:45:28.0037 5548  IPMIDRV - ok
19:45:28.0073 5548  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:45:28.0161 5548  IPNAT - ok
19:45:28.0176 5548  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:45:28.0213 5548  IRENUM - ok
19:45:28.0215 5548  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:45:28.0231 5548  isapnp - ok
19:45:28.0262 5548  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:45:28.0278 5548  iScsiPrt - ok
19:45:28.0293 5548  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:45:28.0309 5548  kbdclass - ok
19:45:28.0329 5548  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:45:28.0361 5548  kbdhid - ok
19:45:28.0381 5548  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
19:45:28.0412 5548  KeyIso - ok
19:45:28.0459 5548  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:45:28.0506 5548  KSecDD - ok
19:45:28.0558 5548  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:45:28.0573 5548  KSecPkg - ok
19:45:28.0610 5548  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
19:45:28.0677 5548  ksthunk - ok
19:45:28.0716 5548  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
19:45:28.0794 5548  KtmRm - ok
19:45:28.0830 5548  [ 045FB70BC993B691517CE309045FF02D ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
19:45:28.0845 5548  L1C - ok
19:45:28.0861 5548  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
19:45:28.0944 5548  LanmanServer - ok
19:45:28.0975 5548  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:45:29.0087 5548  LanmanWorkstation - ok
19:45:29.0164 5548  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:45:29.0257 5548  lltdio - ok
19:45:29.0335 5548  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:45:29.0402 5548  lltdsvc - ok
19:45:29.0433 5548  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
19:45:29.0475 5548  lmhosts - ok
19:45:29.0506 5548  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:45:29.0524 5548  LSI_FC - ok
19:45:29.0542 5548  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
19:45:29.0558 5548  LSI_SAS - ok
19:45:29.0573 5548  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:45:29.0594 5548  LSI_SAS2 - ok
19:45:29.0609 5548  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:45:29.0625 5548  LSI_SCSI - ok
19:45:29.0641 5548  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
19:45:29.0737 5548  luafv - ok
19:45:29.0802 5548  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
19:45:29.0833 5548  Mcx2Svc - ok
19:45:29.0880 5548  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
19:45:29.0900 5548  megasas - ok
19:45:29.0917 5548  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:45:29.0937 5548  MegaSR - ok
19:45:29.0953 5548  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
19:45:30.0018 5548  MMCSS - ok
19:45:30.0049 5548  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
19:45:30.0111 5548  Modem - ok
19:45:30.0129 5548  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:45:30.0176 5548  monitor - ok
19:45:30.0176 5548  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:45:30.0192 5548  mouclass - ok
19:45:30.0238 5548  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:45:30.0303 5548  mouhid - ok
19:45:30.0308 5548  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:45:30.0340 5548  mountmgr - ok
19:45:30.0373 5548  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:45:30.0389 5548  MozillaMaintenance - ok
19:45:30.0409 5548  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
19:45:30.0443 5548  mpio - ok
19:45:30.0459 5548  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:45:30.0506 5548  mpsdrv - ok
19:45:30.0552 5548  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:45:30.0633 5548  MpsSvc - ok
19:45:30.0633 5548  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:45:30.0669 5548  MRxDAV - ok
19:45:30.0705 5548  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:45:30.0801 5548  mrxsmb - ok
19:45:30.0809 5548  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:45:30.0843 5548  mrxsmb10 - ok
19:45:30.0858 5548  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:45:30.0910 5548  mrxsmb20 - ok
19:45:30.0959 5548  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
19:45:30.0990 5548  msahci - ok
19:45:31.0037 5548  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:45:31.0055 5548  msdsm - ok
19:45:31.0087 5548  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
19:45:31.0136 5548  MSDTC - ok
19:45:31.0136 5548  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:45:31.0193 5548  Msfs - ok
19:45:31.0224 5548  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:45:31.0286 5548  mshidkmdf - ok
19:45:31.0320 5548  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:45:31.0336 5548  msisadrv - ok
19:45:31.0367 5548  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:45:31.0432 5548  MSiSCSI - ok
19:45:31.0432 5548  msiserver - ok
19:45:31.0478 5548  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:45:31.0556 5548  MSKSSRV - ok
19:45:31.0572 5548  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:45:31.0621 5548  MSPCLOCK - ok
19:45:31.0637 5548  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:45:31.0691 5548  MSPQM - ok
19:45:31.0800 5548  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:45:31.0863 5548  MsRPC - ok
19:45:31.0902 5548  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:45:31.0917 5548  mssmbios - ok
19:45:31.0933 5548  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:45:32.0000 5548  MSTEE - ok
19:45:32.0031 5548  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:45:32.0094 5548  MTConfig - ok
19:45:32.0125 5548  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
19:45:32.0141 5548  Mup - ok
19:45:32.0172 5548  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
19:45:32.0250 5548  napagent - ok
19:45:32.0281 5548  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:45:32.0343 5548  NativeWifiP - ok
19:45:32.0408 5548  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
19:45:32.0439 5548  NDIS - ok
19:45:32.0455 5548  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:45:32.0496 5548  NdisCap - ok
19:45:32.0527 5548  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:45:32.0579 5548  NdisTapi - ok
19:45:32.0579 5548  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:45:32.0657 5548  Ndisuio - ok
19:45:32.0657 5548  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:45:32.0719 5548  NdisWan - ok
19:45:32.0719 5548  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:45:32.0768 5548  NDProxy - ok
19:45:32.0768 5548  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:45:32.0831 5548  NetBIOS - ok
19:45:32.0869 5548  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:45:32.0908 5548  NetBT - ok
19:45:32.0926 5548  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
19:45:32.0960 5548  Netlogon - ok
19:45:32.0981 5548  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
19:45:33.0061 5548  Netman - ok
19:45:33.0108 5548  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:45:33.0123 5548  NetMsmqActivator - ok
19:45:33.0142 5548  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:45:33.0160 5548  NetPipeActivator - ok
19:45:33.0191 5548  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
19:45:33.0269 5548  netprofm - ok
19:45:33.0269 5548  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:45:33.0303 5548  NetTcpActivator - ok
19:45:33.0303 5548  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:45:33.0334 5548  NetTcpPortSharing - ok
19:45:33.0365 5548  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
19:45:33.0412 5548  nfrd960 - ok
19:45:33.0443 5548  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:45:33.0474 5548  NlaSvc - ok
19:45:33.0508 5548  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:45:33.0557 5548  Npfs - ok
19:45:33.0591 5548  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
19:45:33.0663 5548  nsi - ok
19:45:33.0679 5548  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:45:33.0761 5548  nsiproxy - ok
19:45:33.0855 5548  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:45:33.0907 5548  Ntfs - ok
19:45:33.0922 5548  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
19:45:33.0958 5548  Null - ok
19:45:33.0995 5548  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:45:34.0010 5548  nvraid - ok
19:45:34.0046 5548  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:45:34.0062 5548  nvstor - ok
19:45:34.0109 5548  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:45:34.0140 5548  nv_agp - ok
19:45:34.0156 5548  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:45:34.0174 5548  ohci1394 - ok
19:45:34.0205 5548  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:45:34.0257 5548  p2pimsvc - ok
19:45:34.0272 5548  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
19:45:34.0293 5548  p2psvc - ok
19:45:34.0360 5548  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
19:45:34.0376 5548  Parport - ok
19:45:34.0423 5548  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:45:34.0454 5548  partmgr - ok
19:45:34.0470 5548  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
19:45:34.0583 5548  PcaSvc - ok
19:45:34.0614 5548  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
19:45:34.0629 5548  pci - ok
19:45:34.0676 5548  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
19:45:34.0692 5548  pciide - ok
19:45:34.0723 5548  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:45:34.0739 5548  pcmcia - ok
19:45:34.0754 5548  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
19:45:34.0770 5548  pcw - ok
19:45:34.0806 5548  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:45:34.0884 5548  PEAUTH - ok
19:45:34.0964 5548  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
19:45:35.0011 5548  PerfHost - ok
19:45:35.0052 5548  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
19:45:35.0068 5548  PGEffect - ok
19:45:35.0120 5548  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
19:45:35.0200 5548  pla - ok
19:45:35.0247 5548  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:45:35.0333 5548  PlugPlay - ok
19:45:35.0348 5548  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:45:35.0395 5548  PNRPAutoReg - ok
19:45:35.0416 5548  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:45:35.0512 5548  PNRPsvc - ok
19:45:35.0574 5548  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:45:35.0655 5548  PolicyAgent - ok
19:45:35.0748 5548  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
19:45:35.0844 5548  Power - ok
19:45:35.0872 5548  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:45:35.0952 5548  PptpMiniport - ok
19:45:35.0968 5548  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
19:45:36.0006 5548  Processor - ok
19:45:36.0047 5548  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
19:45:36.0143 5548  ProfSvc - ok
19:45:36.0161 5548  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:45:36.0177 5548  ProtectedStorage - ok
19:45:36.0193 5548  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:45:36.0255 5548  Psched - ok
19:45:36.0286 5548  [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem          C:\windows\system32\DRIVERS\QIOMem.sys
19:45:36.0384 5548  QIOMem - ok
19:45:36.0451 5548  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:45:36.0503 5548  ql2300 - ok
19:45:36.0534 5548  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:45:36.0550 5548  ql40xx - ok
19:45:36.0583 5548  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
19:45:36.0615 5548  QWAVE - ok
19:45:36.0643 5548  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:45:36.0692 5548  QWAVEdrv - ok
19:45:36.0715 5548  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:45:36.0819 5548  RasAcd - ok
19:45:36.0852 5548  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:45:36.0930 5548  RasAgileVpn - ok
19:45:36.0967 5548  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
19:45:37.0063 5548  RasAuto - ok
19:45:37.0078 5548  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:45:37.0143 5548  Rasl2tp - ok
19:45:37.0174 5548  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
19:45:37.0237 5548  RasMan - ok
19:45:37.0237 5548  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:45:37.0309 5548  RasPppoe - ok
19:45:37.0327 5548  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:45:37.0412 5548  RasSstp - ok
19:45:37.0433 5548  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:45:37.0513 5548  rdbss - ok
19:45:37.0563 5548  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:45:37.0594 5548  rdpbus - ok
19:45:37.0627 5548  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:45:37.0695 5548  RDPCDD - ok
19:45:37.0726 5548  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:45:37.0793 5548  RDPENCDD - ok
19:45:37.0825 5548  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:45:37.0879 5548  RDPREFMP - ok
19:45:37.0928 5548  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:45:37.0993 5548  RdpVideoMiniport - ok
19:45:38.0040 5548  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:45:38.0071 5548  RDPWD - ok
19:45:38.0092 5548  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:45:38.0107 5548  rdyboost - ok
19:45:38.0123 5548  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
19:45:38.0201 5548  RemoteAccess - ok
19:45:38.0242 5548  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:45:38.0314 5548  RemoteRegistry - ok
19:45:38.0324 5548  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:45:38.0378 5548  RpcEptMapper - ok
19:45:38.0396 5548  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
19:45:38.0419 5548  RpcLocator - ok
19:45:38.0435 5548  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
19:45:38.0502 5548  RpcSs - ok
19:45:38.0518 5548  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:45:38.0579 5548  rspndr - ok
19:45:38.0610 5548  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
19:45:38.0626 5548  RSUSBSTOR - ok
19:45:38.0662 5548  [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR      C:\windows\system32\Drivers\RTSUVSTOR.sys
19:45:38.0685 5548  RSUSBVSTOR - ok
19:45:38.0741 5548  [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce       C:\windows\system32\DRIVERS\rtl8192Ce.sys
19:45:38.0788 5548  RTL8192Ce - ok
19:45:38.0808 5548  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
19:45:38.0828 5548  SamSs - ok
19:45:38.0880 5548  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:45:38.0908 5548  SASDIFSV - ok
19:45:38.0913 5548  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:45:38.0926 5548  SASKUTIL - ok
19:45:38.0941 5548  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:45:38.0975 5548  sbp2port - ok
19:45:38.0996 5548  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:45:39.0079 5548  SCardSvr - ok
19:45:39.0125 5548  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:45:39.0193 5548  scfilter - ok
19:45:39.0240 5548  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
19:45:39.0317 5548  Schedule - ok
19:45:39.0364 5548  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
19:45:39.0395 5548  SCPolicySvc - ok
19:45:39.0442 5548  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:45:39.0529 5548  SDRSVC - ok
19:45:39.0547 5548  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:45:39.0627 5548  secdrv - ok
19:45:39.0658 5548  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
19:45:39.0695 5548  seclogon - ok
19:45:39.0726 5548  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
19:45:39.0793 5548  SENS - ok
19:45:39.0809 5548  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:45:39.0899 5548  SensrSvc - ok
19:45:39.0920 5548  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
19:45:39.0951 5548  Serenum - ok
19:45:39.0997 5548  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
19:45:40.0049 5548  Serial - ok
19:45:40.0072 5548  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:45:40.0088 5548  sermouse - ok
19:45:40.0127 5548  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
19:45:40.0205 5548  SessionEnv - ok
19:45:40.0238 5548  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
19:45:40.0321 5548  sffdisk - ok
19:45:40.0337 5548  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:45:40.0402 5548  sffp_mmc - ok
19:45:40.0433 5548  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
19:45:40.0495 5548  sffp_sd - ok
19:45:40.0527 5548  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
19:45:40.0542 5548  sfloppy - ok
19:45:40.0573 5548  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:45:40.0623 5548  SharedAccess - ok
19:45:40.0638 5548  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:45:40.0715 5548  ShellHWDetection - ok
19:45:40.0764 5548  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:45:40.0780 5548  SiSRaid2 - ok
19:45:40.0796 5548  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:45:40.0811 5548  SiSRaid4 - ok
19:45:40.0872 5548  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:45:40.0888 5548  SkypeUpdate - ok
19:45:40.0904 5548  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:45:40.0982 5548  Smb - ok
19:45:41.0031 5548  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:45:41.0098 5548  SNMPTRAP - ok
19:45:41.0139 5548  [ 0FFE35F0B0CD5A324BBE22F02569AE3B ] speedfan        C:\windows\syswow64\speedfan.sys
19:45:41.0154 5548  speedfan - ok
19:45:41.0170 5548  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
19:45:41.0186 5548  spldr - ok
19:45:41.0219 5548  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
19:45:41.0266 5548  Spooler - ok
19:45:41.0372 5548  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
19:45:41.0493 5548  sppsvc - ok
19:45:41.0525 5548  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:45:41.0592 5548  sppuinotify - ok
19:45:41.0651 5548  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
19:45:41.0726 5548  srv - ok
19:45:41.0744 5548  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:45:41.0794 5548  srv2 - ok
19:45:41.0834 5548  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\windows\system32\DRIVERS\VSTAZL6.SYS
19:45:41.0886 5548  SrvHsfHDA - ok
19:45:41.0933 5548  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\windows\system32\DRIVERS\VSTDPV6.SYS
19:45:41.0995 5548  SrvHsfV92 - ok
19:45:42.0029 5548  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\windows\system32\DRIVERS\VSTCNXT6.SYS
19:45:42.0091 5548  SrvHsfWinac - ok
19:45:42.0135 5548  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:45:42.0153 5548  srvnet - ok
19:45:42.0184 5548  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:45:42.0267 5548  SSDPSRV - ok
19:45:42.0304 5548  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:45:42.0344 5548  SstpSvc - ok
19:45:42.0375 5548  Steam Client Service - ok
19:45:42.0393 5548  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:45:42.0409 5548  stexstor - ok
19:45:42.0440 5548  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
19:45:42.0487 5548  stisvc - ok
19:45:42.0503 5548  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:45:42.0521 5548  swenum - ok
19:45:42.0552 5548  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
19:45:42.0637 5548  swprv - ok
19:45:42.0710 5548  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
19:45:42.0759 5548  SynTP - ok
19:45:42.0837 5548  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
19:45:42.0918 5548  SysMain - ok
19:45:42.0956 5548  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:45:43.0023 5548  TabletInputService - ok
19:45:43.0072 5548  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
19:45:43.0166 5548  TapiSrv - ok
19:45:43.0202 5548  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
19:45:43.0238 5548  TBS - ok
19:45:43.0331 5548  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:45:43.0380 5548  Tcpip - ok
19:45:43.0411 5548  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:45:43.0461 5548  TCPIP6 - ok
19:45:43.0510 5548  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:45:43.0526 5548  tcpipreg - ok
19:45:43.0557 5548  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
19:45:43.0572 5548  tdcmdpst - ok
19:45:43.0593 5548  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:45:43.0673 5548  TDPIPE - ok
19:45:43.0710 5548  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:45:43.0756 5548  TDTCP - ok
19:45:43.0788 5548  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:45:43.0839 5548  tdx - ok
19:45:43.0839 5548  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:45:43.0873 5548  TermDD - ok
19:45:43.0904 5548  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
19:45:43.0969 5548  TermService - ok
19:45:43.0985 5548  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
19:45:44.0019 5548  Themes - ok
19:45:44.0052 5548  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
19:45:44.0104 5548  THREADORDER - ok
19:45:44.0171 5548  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:45:44.0218 5548  TMachInfo - ok
19:45:44.0249 5548  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
19:45:44.0265 5548  TODDSrv - ok
19:45:44.0322 5548  [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
19:45:44.0353 5548  TosCoSrv - ok
19:45:44.0420 5548  [ 2ECC833EA37CECE0052D4D9ADC184177 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:45:44.0459 5548  TOSHIBA eco Utility Service - ok
19:45:44.0508 5548  [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:45:44.0524 5548  TOSHIBA HDD SSD Alert Service - ok
19:45:44.0560 5548  [ 9F8410CCC72B3470C96DA415BE0CF423 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:45:44.0591 5548  TPCHSrv - ok
19:45:44.0612 5548  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
19:45:44.0690 5548  TrkWks - ok
19:45:44.0755 5548  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:45:44.0786 5548  TrustedInstaller - ok
19:45:44.0820 5548  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:45:44.0882 5548  tssecsrv - ok
19:45:44.0923 5548  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:45:45.0020 5548  TsUsbFlt - ok
19:45:45.0051 5548  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
19:45:45.0066 5548  TsUsbGD - ok
19:45:45.0094 5548  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:45:45.0159 5548  tunnel - ok
19:45:45.0195 5548  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:45:45.0213 5548  TVALZ - ok
19:45:45.0244 5548  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
19:45:45.0260 5548  TVALZFL - ok
19:45:45.0275 5548  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:45:45.0291 5548  uagp35 - ok
19:45:45.0307 5548  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:45:45.0390 5548  udfs - ok
19:45:45.0436 5548  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:45:45.0468 5548  UI0Detect - ok
19:45:45.0488 5548  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:45:45.0504 5548  uliagpkx - ok
19:45:45.0519 5548  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:45:45.0571 5548  umbus - ok
19:45:45.0602 5548  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
19:45:45.0634 5548  UmPass - ok
19:45:45.0672 5548  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
19:45:45.0753 5548  upnphost - ok
19:45:45.0800 5548  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:45:45.0831 5548  usbccgp - ok
19:45:45.0865 5548  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:45:45.0880 5548  usbcir - ok
19:45:45.0914 5548  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
19:45:45.0961 5548  usbehci - ok
19:45:45.0976 5548  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:45:46.0041 5548  usbhub - ok
19:45:46.0088 5548  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
19:45:46.0124 5548  usbohci - ok
19:45:46.0173 5548  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
19:45:46.0220 5548  usbprint - ok
19:45:46.0251 5548  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:45:46.0334 5548  USBSTOR - ok
19:45:46.0368 5548  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:45:46.0431 5548  usbuhci - ok
19:45:46.0462 5548  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
19:45:46.0527 5548  usbvideo - ok
19:45:46.0558 5548  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
19:45:46.0623 5548  UxSms - ok
19:45:46.0654 5548  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
19:45:46.0670 5548  VaultSvc - ok
19:45:46.0685 5548  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:45:46.0706 5548  vdrvroot - ok
19:45:46.0721 5548  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
19:45:46.0809 5548  vds - ok
19:45:46.0846 5548  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:45:46.0902 5548  vga - ok
19:45:46.0917 5548  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
19:45:46.0982 5548  VgaSave - ok
19:45:47.0016 5548  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
19:45:47.0032 5548  vhdmp - ok
19:45:47.0047 5548  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
19:45:47.0078 5548  viaide - ok
19:45:47.0078 5548  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:45:47.0094 5548  volmgr - ok
19:45:47.0128 5548  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:45:47.0143 5548  volmgrx - ok
19:45:47.0161 5548  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:45:47.0193 5548  volsnap - ok
19:45:47.0208 5548  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
19:45:47.0239 5548  vsmraid - ok
19:45:47.0286 5548  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
19:45:47.0390 5548  VSS - ok
19:45:47.0421 5548  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:45:47.0460 5548  vwifibus - ok
19:45:47.0491 5548  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:45:47.0538 5548  vwififlt - ok
19:45:47.0589 5548  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
19:45:47.0641 5548  W32Time - ok
19:45:47.0662 5548  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:45:47.0714 5548  WacomPen - ok
19:45:47.0745 5548  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:45:47.0843 5548  WANARP - ok
19:45:47.0859 5548  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:45:47.0908 5548  Wanarpv6 - ok
19:45:47.0983 5548  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
19:45:48.0017 5548  WatAdminSvc - ok
19:45:48.0074 5548  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
19:45:48.0172 5548  wbengine - ok
19:45:48.0193 5548  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:45:48.0221 5548  WbioSrvc - ok
19:45:48.0237 5548  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:45:48.0286 5548  wcncsvc - ok
19:45:48.0333 5548  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:45:48.0369 5548  WcsPlugInService - ok
19:45:48.0387 5548  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
19:45:48.0403 5548  Wd - ok
19:45:48.0475 5548  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:45:48.0506 5548  Wdf01000 - ok
19:45:48.0522 5548  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:45:48.0644 5548  WdiServiceHost - ok
19:45:48.0659 5548  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:45:48.0690 5548  WdiSystemHost - ok
19:45:48.0722 5548  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
19:45:48.0802 5548  WebClient - ok
19:45:48.0818 5548  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:45:48.0880 5548  Wecsvc - ok
19:45:48.0911 5548  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:45:48.0966 5548  wercplsupport - ok
19:45:48.0981 5548  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
19:45:49.0028 5548  WerSvc - ok
19:45:49.0044 5548  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:45:49.0090 5548  WfpLwf - ok
19:45:49.0106 5548  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:45:49.0124 5548  WIMMount - ok
19:45:49.0176 5548  WinDefend - ok
19:45:49.0176 5548  WinHttpAutoProxySvc - ok
19:45:49.0241 5548  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:45:49.0318 5548  Winmgmt - ok
19:45:49.0412 5548  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
19:45:49.0508 5548  WinRM - ok
19:45:49.0557 5548  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
19:45:49.0611 5548  Wlansvc - ok
19:45:49.0694 5548  [ F7753932BC154CB1EB76F3CD1DB693FB ] WLSetupSvc      C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe
19:45:49.0715 5548  WLSetupSvc - ok
19:45:49.0746 5548  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
19:45:49.0793 5548  WmiAcpi - ok
19:45:49.0824 5548  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:45:49.0871 5548  wmiApSrv - ok
19:45:49.0918 5548  WMPNetworkSvc - ok
19:45:49.0949 5548  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:45:50.0019 5548  WPCSvc - ok
19:45:50.0050 5548  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:45:50.0124 5548  WPDBusEnum - ok
19:45:50.0155 5548  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:45:50.0186 5548  ws2ifsl - ok
19:45:50.0217 5548  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
19:45:50.0267 5548  wscsvc - ok
19:45:50.0267 5548  WSearch - ok
19:45:50.0368 5548  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
19:45:50.0430 5548  wuauserv - ok
19:45:50.0474 5548  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:45:50.0575 5548  WudfPf - ok
19:45:50.0606 5548  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:45:50.0674 5548  WUDFRd - ok
19:45:50.0710 5548  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:45:50.0757 5548  wudfsvc - ok
19:45:50.0790 5548  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
19:45:50.0824 5548  WwanSvc - ok
19:45:50.0840 5548  ================ Scan global ===============================
19:45:50.0855 5548  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:45:50.0925 5548  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:45:50.0941 5548  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:45:50.0972 5548  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:45:51.0003 5548  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:45:51.0003 5548  [Global] - ok
19:45:51.0003 5548  ================ Scan MBR ==================================
19:45:51.0034 5548  [ BB441980712A18C200EA4D03CE446819 ] \Device\Harddisk0\DR0
19:45:51.0275 5548  \Device\Harddisk0\DR0 - ok
19:45:51.0275 5548  ================ Scan VBR ==================================
19:45:51.0275 5548  [ 7E13D44B438380308DA3E13E85BB067F ] \Device\Harddisk0\DR0\Partition1
19:45:51.0291 5548  \Device\Harddisk0\DR0\Partition1 - ok
19:45:51.0316 5548  [ 8B02E463871CB06540780C9E91DA15DE ] \Device\Harddisk0\DR0\Partition2
19:45:51.0316 5548  \Device\Harddisk0\DR0\Partition2 - ok
19:45:51.0363 5548  [ E7811E0301666DCEF9D13DB801B2C5E7 ] \Device\Harddisk0\DR0\Partition3
19:45:51.0363 5548  \Device\Harddisk0\DR0\Partition3 - ok
19:45:51.0363 5548  ============================================================
19:45:51.0363 5548  Scan finished
19:45:51.0363 5548  ============================================================
19:45:51.0381 5556  Detected object count: 3
19:45:51.0381 5556  Actual detected object count: 3
19:46:08.0207 5556  C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE - copied to quarantine
19:46:09.0037 5556  HKLM\SYSTEM\ControlSet001\services\!SASCORE - will be deleted on reboot
19:46:09.0037 5556  HKLM\SYSTEM\ControlSet001\control\safeboot\Minimal\!SASCORE - will be deleted on reboot
19:46:09.0037 5556  HKLM\SYSTEM\ControlSet001\control\safeboot\Network\!SASCORE - will be deleted on reboot
19:46:09.0102 5556  HKLM\SYSTEM\ControlSet002\services\!SASCORE - will be deleted on reboot
19:46:09.0133 5556  HKLM\SYSTEM\ControlSet002\control\safeboot\Minimal\!SASCORE - will be deleted on reboot
19:46:09.0149 5556  HKLM\SYSTEM\ControlSet002\control\safeboot\Network\!SASCORE - will be deleted on reboot
19:46:09.0395 5556  C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE - will be deleted on reboot
19:46:09.0395 5556  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Delete 
19:46:09.0522 5556  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe - copied to quarantine
19:46:10.0140 5556  HKLM\SYSTEM\ControlSet001\services\HiPatchService - will be deleted on reboot
19:46:10.0158 5556  HKLM\SYSTEM\ControlSet002\services\HiPatchService - will be deleted on reboot
19:46:10.0173 5556  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe - will be deleted on reboot
19:46:10.0173 5556  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Delete 
19:46:10.0241 5556  C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine
19:46:10.0835 5556  HKLM\SYSTEM\ControlSet001\services\IDriverT - will be deleted on reboot
19:46:10.0913 5556  HKLM\SYSTEM\ControlSet002\services\IDriverT - will be deleted on reboot
19:46:10.0928 5556  C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - will be deleted on reboot
19:46:10.0928 5556  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Delete 
20:47:52.0228 5160  Deinitialize success


#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:15 AM

Posted 11 June 2013 - 07:04 PM

I tried to submit earlier, but it just infinitely said, "Saving post".

Since the post above, I have run every scan I can think of at least half a dozen times.  TDSSKiller and Combifix wiped out most of the remaining things, to my knowledge, but I caught a few trojans in my recovery partition with SuperASW and Kapersky boot cd scan found something in my drivers that nothing else picked up (It also thinks Rkill.exe is a backdoor malware).

Please hold off on running any tools on your own without my supervision- it makes it harder for me to keep track of what changes are made to your system, which are especially important when we're dealing with malware.

It may be due to the repairs done to the bad hard drive sectors, but my computer is somewhat slow to log in, and I sometimes get an error message when saving with things like notepad (I've received it maybe four times so far?) that I will post up here as soon as I can repeat it; something like "Bad Imagine, C:\Windows\Windows\System32\Notepad.dll (not entirely accurate) is not able to be run by Windows OS, or needs to be reinstalled".  It looked suspiciously like another message I've heard of that indicate traces of yet more backdoors... But nothing is getting picked up any more.  My older Vista-running HP should be clean now, I believe most of the errors were due to memory hardware errors.

Slowness (among those other issues) can be caused by a number of things. I'll attempt to get to the bottom of it all as I help you clean your system.

So for questions... I suppose I would like to know if there's any way to reliably scan external HD's for malware, since things like Combifix do not extend to externals.  I am strongly considering reformatting my Toshiba - in what way can I format that will make sure that all traces of malware are eliminated?  I've only ever "restored to factory condition".

Factory Reset should do the job.

Would you like to continue with cleaning your computer, or would you like to reformat your system? Please let me know :).

(If you'd like us to clean it, please post the ComboFix log as well when you're able to.)

 


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 RoboPan

RoboPan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 12 June 2013 - 01:28 AM

Ah... I had already run those tools (and posted the combifix log, as you can see above - second post in the thread) a few days before any reply came to this thread.  However, I do believe it would be more prudent to just run a wipe on the computer.  It would also be very helpful if I could receive some tips on how to effectively scan my external hard drives (Superantispyware, malwarebytes, and avast! anti-virus all say they're clean, but I remain suspicious, especially since the later two have not detected a single problem this entire time).



#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:15 AM

Posted 12 June 2013 - 01:32 AM

I had already run those tools (and posted the combifix log, as you can see above - second post in the thread) a few days before any reply came to this thread.

I'm aware- I'd need you to run them again :).
 
------
 
Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG
Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions availableA tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Edited by D-FRED-BROWN, 12 June 2013 - 01:32 AM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:15 AM

Posted 03 July 2013 - 10:45 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users