Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD - Seems to be virus but not sure


  • This topic is locked This topic is locked
11 replies to this topic

#1 sabr49

sabr49

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 05 August 2013 - 11:25 AM

Wife's computer was recently infected with a virus and after doing a system restore thought all was good. However, recently the computer is completely unstable - every time we try to access IE or Chrome or even just using the system for more than a few minutes I am hit with BSOD - I am attaching that as well as the DDS dump. The system seems to be more stable when I disable the internet. Thanks in advance for your amazing work.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421
Run by Michelle at 12:08:57 on 2013-08-05
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2811.1711 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atibtmon.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFRA.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [EPSON Artisan 810 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S27E9.tmp" /EF "HKCU"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: LastPass - C:\Users\Michelle\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Michelle\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-15 2337144]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-9 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-9 333416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-9 406632]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-9 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 UsbGps;LGE Mobile USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2012-2-8 27136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-05 02:52:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-05 02:47:41 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Malwarebytes
2013-08-05 02:47:22 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-05 02:47:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-05 02:47:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 02:47:08 -------- d-----w- C:\Users\Michelle\AppData\Local\Programs
2013-08-05 02:18:03 -------- d-sh--w- C:\found.000
2013-08-05 01:33:11 -------- d-----w- C:\Program Files (x86)\NirSoft
2013-07-15 02:42:39 -------- d-----w- C:\Users\Michelle\AppData\Local\NPE
2013-07-15 02:12:37 -------- d-----w- C:\ProgramData\sxc
.
==================== Find3M  ====================
.
2013-07-15 03:03:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 03:03:59 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 12:11:43.34 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:02 PM

Posted 09 August 2013 - 01:12 PM

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Edited by Blind Faith, 09 August 2013 - 01:12 PM.

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 sabr49

sabr49
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 09 August 2013 - 01:26 PM

awesome - thanks for helping... here it is:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421
Run by Michelle at 14:20:33 on 2013-08-09
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2811.1760 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFRA.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\NirSoft\BlueScreenView\BlueScreenView.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [EPSON Artisan 810 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S27E9.tmp" /EF "HKCU"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: LastPass - C:\Users\Michelle\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Michelle\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-15 2337144]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-9 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-9 333416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-9 406632]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-9 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 UsbGps;LGE Mobile USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2012-2-8 27136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-05 02:52:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-05 02:47:41 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Malwarebytes
2013-08-05 02:47:22 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-05 02:47:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-05 02:47:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 02:47:08 -------- d-----w- C:\Users\Michelle\AppData\Local\Programs
2013-08-05 02:18:03 -------- d-sh--w- C:\found.000
2013-08-05 01:33:11 -------- d-----w- C:\Program Files (x86)\NirSoft
2013-07-15 02:42:39 -------- d-----w- C:\Users\Michelle\AppData\Local\NPE
2013-07-15 02:12:37 -------- d-----w- C:\ProgramData\sxc
.
==================== Find3M  ====================
.
2013-07-15 03:03:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 03:03:59 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 14:22:15.12 ===============


#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:02 PM

Posted 09 August 2013 - 05:41 PM

 
 
Also, I see you have run TDSSKiller in the past. Do you still happen to have the log to it?
 
 
 
 
 
Elle 

Edited by Blind Faith, 09 August 2013 - 06:00 PM.
BB Code error

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 sabr49

sabr49
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 10 August 2013 - 09:30 PM

I got this email from the site (because I am subscribed to the topic) - andI don't see that copied here in the thread ... anyways - it seems to be missing something (maybe it was stripped out of the email version) - if you could just repost the cfscript.txt contents again I'd appreciate it.

  

 

Hi there,

 

 

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 


File::
 
Folder::
 
Registry::
 
Driver::
 
 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:02 PM

Posted 11 August 2013 - 05:25 AM

Hello there,

 

 

I am afraid that was my mistake, I wanted to instruct you to use combofix first but I want to see the TDSSKiller log before that. Just to see what it had deleted.

 

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 sabr49

sabr49
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 August 2013 - 09:43 AM

No problem.. Finally located that log:

 

22:50:45.0983 3028 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
22:50:48.0026 3028 ============================================================
22:50:48.0026 3028 Current date / time: 2013/08/04 22:50:48.0026
22:50:48.0026 3028 SystemInfo:
22:50:48.0026 3028
22:50:48.0026 3028 OS Version: 6.1.7600 ServicePack: 0.0
22:50:48.0026 3028 Product type: Workstation
22:50:48.0026 3028 ComputerName: MICHELLE-LAPTOP
22:50:48.0026 3028 UserName: Michelle
22:50:48.0026 3028 Windows directory: C:\Windows
22:50:48.0026 3028 System windows directory: C:\Windows
22:50:48.0026 3028 Running under WOW64
22:50:48.0026 3028 Processor architecture: Intel x64
22:50:48.0026 3028 Number of processors: 2
22:50:48.0026 3028 Page size: 0x1000
22:50:48.0026 3028 Boot type: Safe boot with network
22:50:48.0026 3028 ============================================================
22:50:50.0226 3028 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:50:50.0304 3028 Initialize success
22:50:51.0599 3032 ============================================================
22:50:51.0599 3032 Scan started
22:50:51.0599 3032 Mode: Manual; 
22:50:51.0599 3032 ============================================================
22:50:53.0798 3032 1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:50:53.0814 3032 1394ohci - ok
22:50:53.0954 3032 ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:50:53.0954 3032 ACPI - ok
22:50:54.0064 3032 AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:50:54.0064 3032 AcpiPmi - ok
22:50:54.0282 3032 adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:50:54.0298 3032 adp94xx - ok
22:50:54.0438 3032 adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:50:54.0438 3032 adpahci - ok
22:50:54.0641 3032 adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:50:54.0641 3032 adpu320 - ok
22:50:54.0875 3032 AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
22:50:54.0875 3032 AFD - ok
22:50:55.0015 3032 agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:50:55.0015 3032 agp440 - ok
22:50:55.0202 3032 aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:50:55.0202 3032 aliide - ok
22:50:55.0468 3032 amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:50:55.0468 3032 amdide - ok
22:50:55.0639 3032 amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
22:50:55.0639 3032 amdiox64 - ok
22:50:55.0826 3032 AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:50:55.0826 3032 AmdK8 - ok
22:50:56.0185 3032 amdkmdag        (0e9be97e000dafdfdff72fcb70e2f6b4) C:\Windows\system32\DRIVERS\atikmdag.sys
22:50:56.0326 3032 amdkmdag - ok
22:50:56.0528 3032 amdkmdap        (2390a93bbdce5a990395eac354d6b734) C:\Windows\system32\DRIVERS\atikmpag.sys
22:50:56.0528 3032 amdkmdap - ok
22:50:56.0684 3032 AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:50:56.0684 3032 AmdPPM - ok
22:50:56.0825 3032 amdsata         (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
22:50:56.0825 3032 amdsata - ok
22:50:56.0981 3032 amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:50:56.0996 3032 amdsbs - ok
22:50:57.0121 3032 amdxata         (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
22:50:57.0121 3032 amdxata - ok
22:50:57.0152 3032 amd_sata        (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
22:50:57.0152 3032 amd_sata - ok
22:50:57.0230 3032 amd_xata        (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
22:50:57.0230 3032 amd_xata - ok
22:50:57.0340 3032 AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:50:57.0340 3032 AppID - ok
22:50:57.0418 3032 arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:50:57.0418 3032 arc - ok
22:50:57.0464 3032 arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:50:57.0464 3032 arcsas - ok
22:50:57.0574 3032 AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:50:57.0574 3032 AsyncMac - ok
22:50:57.0652 3032 atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:50:57.0652 3032 atapi - ok
22:50:57.0823 3032 athr            (e8e1ae3caa4c7286d40715336d8a11d4) C:\Windows\system32\DRIVERS\athrx.sys
22:50:57.0870 3032 athr - ok
22:50:58.0088 3032 AtiHdmiService  (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
22:50:58.0088 3032 AtiHdmiService - ok
22:50:58.0276 3032 AtiPcie         (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
22:50:58.0276 3032 AtiPcie - ok
22:50:58.0463 3032 b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:50:58.0478 3032 b06bdrv - ok
22:50:58.0946 3032 b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:50:58.0978 3032 b57nd60a - ok
22:50:59.0321 3032 Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:50:59.0321 3032 Beep - ok
22:50:59.0477 3032 blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:50:59.0477 3032 blbdrive - ok
22:50:59.0555 3032 bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
22:50:59.0555 3032 bowser - ok
22:50:59.0602 3032 BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:50:59.0602 3032 BrFiltLo - ok
22:50:59.0664 3032 BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:50:59.0664 3032 BrFiltUp - ok
22:50:59.0711 3032 Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:50:59.0726 3032 Brserid - ok
22:50:59.0851 3032 BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:50:59.0867 3032 BrSerWdm - ok
22:51:00.0007 3032 BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:51:00.0007 3032 BrUsbMdm - ok
22:51:00.0101 3032 BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:51:00.0101 3032 BrUsbSer - ok
22:51:00.0194 3032 BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:51:00.0194 3032 BTHMODEM - ok
22:51:00.0366 3032 cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:51:00.0366 3032 cdfs - ok
22:51:00.0553 3032 cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:51:00.0553 3032 cdrom - ok
22:51:00.0709 3032 circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:51:00.0709 3032 circlass - ok
22:51:00.0834 3032 CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:51:00.0850 3032 CLFS - ok
22:51:01.0177 3032 clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
22:51:01.0177 3032 clwvd - ok
22:51:01.0318 3032 CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:01.0318 3032 CmBatt - ok
22:51:01.0474 3032 cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:51:01.0474 3032 cmdide - ok
22:51:01.0583 3032 CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:51:01.0583 3032 CNG - ok
22:51:01.0770 3032 Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:51:01.0770 3032 Compbatt - ok
22:51:01.0910 3032 CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:51:01.0910 3032 CompositeBus - ok
22:51:02.0051 3032 crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:51:02.0051 3032 crcdisk - ok
22:51:02.0269 3032 DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
22:51:02.0285 3032 DfsC - ok
22:51:02.0425 3032 discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:51:02.0425 3032 discache - ok
22:51:02.0503 3032 Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:51:02.0503 3032 Disk - ok
22:51:02.0659 3032 drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:51:02.0675 3032 drmkaud - ok
22:51:02.0784 3032 DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:51:02.0800 3032 DXGKrnl - ok
22:51:03.0018 3032 ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:51:03.0080 3032 ebdrv - ok
22:51:03.0268 3032 elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:51:03.0268 3032 elxstor - ok
22:51:03.0502 3032 ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:51:03.0502 3032 ErrDev - ok
22:51:03.0642 3032 exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:51:03.0642 3032 exfat - ok
22:51:03.0782 3032 fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:51:03.0782 3032 fastfat - ok
22:51:03.0938 3032 fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:51:03.0938 3032 fdc - ok
22:51:04.0094 3032 FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:51:04.0094 3032 FileInfo - ok
22:51:04.0235 3032 Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:51:04.0235 3032 Filetrace - ok
22:51:04.0375 3032 flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:51:04.0375 3032 flpydisk - ok
22:51:04.0703 3032 FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:51:04.0734 3032 FltMgr - ok
22:51:04.0952 3032 FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:51:04.0952 3032 FsDepends - ok
22:51:05.0015 3032 Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:51:05.0015 3032 Fs_Rec - ok
22:51:05.0171 3032 fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
22:51:05.0171 3032 fvevol - ok
22:51:05.0327 3032 gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:51:05.0327 3032 gagp30kx - ok
22:51:05.0436 3032 hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:51:05.0436 3032 hcw85cir - ok
22:51:05.0576 3032 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:51:05.0576 3032 HdAudAddService - ok
22:51:05.0608 3032 HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:51:05.0608 3032 HDAudBus - ok
22:51:05.0639 3032 HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:51:05.0639 3032 HidBatt - ok
22:51:05.0701 3032 HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:51:05.0701 3032 HidBth - ok
22:51:05.0717 3032 HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:51:05.0717 3032 HidIr - ok
22:51:05.0873 3032 HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:51:05.0873 3032 HidUsb - ok
22:51:06.0044 3032 HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:51:06.0044 3032 HpSAMD - ok
22:51:06.0247 3032 HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:51:06.0247 3032 HTTP - ok
22:51:06.0388 3032 hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:51:06.0388 3032 hwpolicy - ok
22:51:06.0544 3032 i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:51:06.0544 3032 i8042prt - ok
22:51:06.0700 3032 iaStorV         (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
22:51:06.0700 3032 iaStorV - ok
22:51:06.0965 3032 igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:51:07.0105 3032 igfx - ok
22:51:07.0246 3032 iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:51:07.0246 3032 iirsp - ok
22:51:07.0417 3032 intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:51:07.0417 3032 intelide - ok
22:51:07.0495 3032 intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:51:07.0495 3032 intelppm - ok
22:51:07.0682 3032 IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:07.0682 3032 IpFilterDriver - ok
22:51:07.0792 3032 IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:51:07.0792 3032 IPMIDRV - ok
22:51:07.0854 3032 IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:51:07.0870 3032 IPNAT - ok
22:51:07.0932 3032 IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:51:07.0932 3032 IRENUM - ok
22:51:07.0963 3032 isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:51:07.0963 3032 isapnp - ok
22:51:08.0104 3032 iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:51:08.0119 3032 iScsiPrt - ok
22:51:08.0260 3032 kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:51:08.0260 3032 kbdclass - ok
22:51:08.0369 3032 kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:51:08.0369 3032 kbdhid - ok
22:51:08.0509 3032 KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:51:08.0509 3032 KSecDD - ok
22:51:08.0556 3032 KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
22:51:08.0556 3032 KSecPkg - ok
22:51:08.0681 3032 ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:51:08.0681 3032 ksthunk - ok
22:51:08.0868 3032 lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:08.0868 3032 lltdio - ok
22:51:09.0071 3032 LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:51:09.0071 3032 LSI_FC - ok
22:51:09.0211 3032 LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:51:09.0211 3032 LSI_SAS - ok
22:51:09.0336 3032 LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:51:09.0336 3032 LSI_SAS2 - ok
22:51:09.0523 3032 LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:51:09.0523 3032 LSI_SCSI - ok
22:51:09.0632 3032 luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:51:09.0648 3032 luafv - ok
22:51:09.0773 3032 megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:51:09.0773 3032 megasas - ok
22:51:09.0898 3032 MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:51:09.0898 3032 MegaSR - ok
22:51:10.0085 3032 Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:51:10.0085 3032 Modem - ok
22:51:10.0210 3032 monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:51:10.0210 3032 monitor - ok
22:51:10.0303 3032 mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:51:10.0303 3032 mouclass - ok
22:51:10.0490 3032 mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:51:10.0490 3032 mouhid - ok
22:51:10.0553 3032 mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:51:10.0553 3032 mountmgr - ok
22:51:10.0662 3032 mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:51:10.0662 3032 mpio - ok
22:51:10.0787 3032 mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:51:10.0802 3032 mpsdrv - ok
22:51:10.0927 3032 MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:51:10.0927 3032 MRxDAV - ok
22:51:11.0036 3032 mrxsmb          (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:11.0052 3032 mrxsmb - ok
22:51:11.0208 3032 mrxsmb10        (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:11.0224 3032 mrxsmb10 - ok
22:51:11.0333 3032 mrxsmb20        (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:11.0333 3032 mrxsmb20 - ok
22:51:11.0473 3032 msahci          (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
22:51:11.0473 3032 msahci - ok
22:51:11.0582 3032 msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:51:11.0598 3032 msdsm - ok
22:51:11.0738 3032 Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:51:11.0738 3032 Msfs - ok
22:51:11.0894 3032 mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:51:11.0894 3032 mshidkmdf - ok
22:51:12.0035 3032 msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:51:12.0035 3032 msisadrv - ok
22:51:12.0191 3032 MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:51:12.0191 3032 MSKSSRV - ok
22:51:12.0347 3032 MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:12.0347 3032 MSPCLOCK - ok
22:51:12.0503 3032 MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:51:12.0503 3032 MSPQM - ok
22:51:12.0674 3032 MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:51:12.0690 3032 MsRPC - ok
22:51:12.0846 3032 mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:51:12.0846 3032 mssmbios - ok
22:51:13.0033 3032 MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:51:13.0033 3032 MSTEE - ok
22:51:13.0189 3032 MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:51:13.0189 3032 MTConfig - ok
22:51:13.0330 3032 Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:51:13.0345 3032 Mup - ok
22:51:13.0517 3032 NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:51:13.0532 3032 NativeWifiP - ok
22:51:13.0735 3032 NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:51:13.0766 3032 NDIS - ok
22:51:13.0954 3032 NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:51:13.0954 3032 NdisCap - ok
22:51:14.0141 3032 NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:14.0156 3032 NdisTapi - ok
22:51:14.0375 3032 Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:14.0375 3032 Ndisuio - ok
22:51:14.0531 3032 NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:14.0531 3032 NdisWan - ok
22:51:14.0687 3032 NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:51:14.0702 3032 NDProxy - ok
22:51:14.0890 3032 NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:51:14.0890 3032 NetBIOS - ok
22:51:15.0061 3032 NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:51:15.0061 3032 NetBT - ok
22:51:15.0467 3032 netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:51:15.0560 3032 netw5v64 - ok
22:51:15.0732 3032 nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:51:15.0732 3032 nfrd960 - ok
22:51:15.0904 3032 Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:51:15.0904 3032 Npfs - ok
22:51:15.0982 3032 nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:51:15.0982 3032 nsiproxy - ok
22:51:16.0122 3032 Ntfs            (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
22:51:16.0153 3032 Ntfs - ok
22:51:16.0278 3032 Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:51:16.0278 3032 Null - ok
22:51:16.0372 3032 nvraid          (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
22:51:16.0372 3032 nvraid - ok
22:51:16.0528 3032 nvstor          (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
22:51:16.0528 3032 nvstor - ok
22:51:16.0668 3032 nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:51:16.0668 3032 nv_agp - ok
22:51:16.0793 3032 ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:51:16.0808 3032 ohci1394 - ok
22:51:16.0949 3032 Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:51:16.0949 3032 Parport - ok
22:51:17.0105 3032 partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:51:17.0105 3032 partmgr - ok
22:51:17.0276 3032 pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:51:17.0292 3032 pci - ok
22:51:17.0448 3032 pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:51:17.0448 3032 pciide - ok
22:51:17.0588 3032 pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:51:17.0604 3032 pcmcia - ok
22:51:17.0744 3032 pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:51:17.0744 3032 pcw - ok
22:51:17.0900 3032 PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:51:17.0932 3032 PEAUTH - ok
22:51:18.0134 3032 PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:51:18.0134 3032 PptpMiniport - ok
22:51:18.0259 3032 Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:51:18.0259 3032 Processor - ok
22:51:18.0493 3032 Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:51:18.0493 3032 Psched - ok
22:51:18.0634 3032 ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:51:18.0665 3032 ql2300 - ok
22:51:18.0805 3032 ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:51:18.0805 3032 ql40xx - ok
22:51:18.0992 3032 QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:51:18.0992 3032 QWAVEdrv - ok
22:51:19.0133 3032 RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:51:19.0133 3032 RasAcd - ok
22:51:19.0226 3032 RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:51:19.0242 3032 RasAgileVpn - ok
22:51:19.0429 3032 Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:51:19.0429 3032 Rasl2tp - ok
22:51:19.0570 3032 RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:51:19.0570 3032 RasPppoe - ok
22:51:19.0694 3032 RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:51:19.0694 3032 RasSstp - ok
22:51:19.0835 3032 rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:51:19.0835 3032 rdbss - ok
22:51:19.0975 3032 rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:51:19.0975 3032 rdpbus - ok
22:51:20.0116 3032 RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:51:20.0116 3032 RDPCDD - ok
22:51:20.0272 3032 RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:51:20.0272 3032 RDPENCDD - ok
22:51:20.0443 3032 RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:51:20.0443 3032 RDPREFMP - ok
22:51:20.0584 3032 RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:51:20.0584 3032 RDPWD - ok
22:51:20.0693 3032 rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
22:51:20.0693 3032 rdyboost - ok
22:51:20.0896 3032 RSPCIESTOR      (739583523c1b359d90dfc286d4eded89) C:\Windows\system32\DRIVERS\RtsPStor.sys
22:51:20.0896 3032 RSPCIESTOR - ok
22:51:21.0098 3032 rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:51:21.0098 3032 rspndr - ok
22:51:21.0254 3032 RTL8167         (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:51:21.0270 3032 RTL8167 - ok
22:51:21.0395 3032 sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:51:21.0410 3032 sbp2port - ok
22:51:21.0551 3032 scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:51:21.0551 3032 scfilter - ok
22:51:21.0722 3032 sdbus           (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
22:51:21.0722 3032 sdbus - ok
22:51:21.0894 3032 secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:51:21.0894 3032 secdrv - ok
22:51:22.0081 3032 Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:51:22.0081 3032 Serenum - ok
22:51:22.0237 3032 Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:51:22.0237 3032 Serial - ok
22:51:22.0393 3032 sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:51:22.0393 3032 sermouse - ok
22:51:22.0580 3032 sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:51:22.0580 3032 sffdisk - ok
22:51:22.0721 3032 sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:51:22.0721 3032 sffp_mmc - ok
22:51:22.0861 3032 sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:51:22.0861 3032 sffp_sd - ok
22:51:23.0017 3032 sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:51:23.0017 3032 sfloppy - ok
22:51:23.0158 3032 SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:51:23.0158 3032 SiSRaid2 - ok
22:51:23.0282 3032 SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:51:23.0282 3032 SiSRaid4 - ok
22:51:23.0407 3032 Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:51:23.0407 3032 Smb - ok
22:51:23.0610 3032 spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:51:23.0610 3032 spldr - ok
22:51:23.0782 3032 srv             (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
22:51:23.0782 3032 srv - ok
22:51:23.0969 3032 srv2            (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
22:51:24.0000 3032 srv2 - ok
22:51:24.0172 3032 SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:51:24.0187 3032 SrvHsfHDA - ok
22:51:24.0390 3032 SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:51:24.0452 3032 SrvHsfV92 - ok
22:51:24.0624 3032 SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:51:24.0624 3032 SrvHsfWinac - ok
22:51:24.0764 3032 srvnet          (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
22:51:24.0764 3032 srvnet - ok
22:51:24.0920 3032 stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:51:24.0920 3032 stexstor - ok
22:51:25.0076 3032 STHDA           (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
22:51:25.0092 3032 STHDA - ok
22:51:25.0248 3032 swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:51:25.0264 3032 swenum - ok
22:51:25.0435 3032 SynTP           (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
22:51:25.0451 3032 SynTP - ok
22:51:25.0669 3032 Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
22:51:25.0716 3032 Tcpip - ok
22:51:25.0919 3032 TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
22:51:25.0919 3032 TCPIP6 - ok
22:51:26.0075 3032 tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:51:26.0075 3032 tcpipreg - ok
22:51:26.0200 3032 TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:51:26.0200 3032 TDPIPE - ok
22:51:26.0309 3032 TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:51:26.0309 3032 TDTCP - ok
22:51:26.0449 3032 tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:51:26.0449 3032 tdx - ok
22:51:26.0590 3032 TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:51:26.0590 3032 TermDD - ok
22:51:26.0761 3032 tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:51:26.0761 3032 tssecsrv - ok
22:51:26.0902 3032 tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:51:26.0902 3032 tunnel - ok
22:51:27.0026 3032 uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:51:27.0026 3032 uagp35 - ok
22:51:27.0151 3032 udfs            (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
22:51:27.0151 3032 udfs - ok
22:51:27.0323 3032 uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:51:27.0323 3032 uliagpkx - ok
22:51:27.0448 3032 umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:51:27.0448 3032 umbus - ok
22:51:27.0572 3032 UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:51:27.0572 3032 UmPass - ok
22:51:27.0744 3032 usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:51:27.0744 3032 usbaudio - ok
22:51:27.0900 3032 usbbus          (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
22:51:27.0900 3032 usbbus - ok
22:51:28.0009 3032 usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
22:51:28.0009 3032 usbccgp - ok
22:51:28.0165 3032 usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:51:28.0165 3032 usbcir - ok
22:51:28.0306 3032 UsbDiag         (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
22:51:28.0321 3032 UsbDiag - ok
22:51:28.0477 3032 usbehci         (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
22:51:28.0477 3032 usbehci - ok
22:51:28.0633 3032 usbfilter       (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
22:51:28.0633 3032 usbfilter - ok
22:51:28.0789 3032 UsbGps          (8e36e68c0b7fa174012a61a290351e49) C:\Windows\system32\DRIVERS\lgx64gps.sys
22:51:28.0789 3032 UsbGps - ok
22:51:28.0930 3032 usbhub          (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
22:51:28.0930 3032 usbhub - ok
22:51:29.0413 3032 USBModem        (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
22:51:29.0429 3032 USBModem - ok
22:51:29.0632 3032 usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:51:29.0632 3032 usbohci - ok
22:51:29.0725 3032 usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:51:29.0725 3032 usbprint - ok
22:51:29.0819 3032 USBSTOR         (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:51:29.0819 3032 USBSTOR - ok
22:51:29.0912 3032 usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:51:29.0912 3032 usbuhci - ok
22:51:30.0037 3032 usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
22:51:30.0053 3032 usbvideo - ok
22:51:30.0193 3032 vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:51:30.0193 3032 vdrvroot - ok
22:51:30.0318 3032 vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:51:30.0318 3032 vga - ok
22:51:30.0458 3032 VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:51:30.0458 3032 VgaSave - ok
22:51:30.0599 3032 vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:51:30.0599 3032 vhdmp - ok
22:51:30.0739 3032 viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:51:30.0739 3032 viaide - ok
22:51:30.0973 3032 volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:51:30.0973 3032 volmgr - ok
22:51:31.0207 3032 volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:51:31.0223 3032 volmgrx - ok
22:51:31.0504 3032 volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:51:31.0519 3032 volsnap - ok
22:51:31.0706 3032 vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:51:31.0706 3032 vsmraid - ok
22:51:31.0831 3032 vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:51:31.0831 3032 vwifibus - ok
22:51:31.0925 3032 vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:51:31.0925 3032 vwififlt - ok
22:51:32.0362 3032 VX3000          (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
22:51:32.0408 3032 VX3000 - ok
22:51:32.0564 3032 WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:51:32.0564 3032 WacomPen - ok
22:51:32.0705 3032 WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:32.0705 3032 WANARP - ok
22:51:32.0736 3032 Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:32.0736 3032 Wanarpv6 - ok
22:51:32.0892 3032 Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:51:32.0908 3032 Wd - ok
22:51:33.0064 3032 Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:51:33.0064 3032 Wdf01000 - ok
22:51:33.0282 3032 WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:51:33.0282 3032 WfpLwf - ok
22:51:33.0422 3032 WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:51:33.0422 3032 WIMMount - ok
22:51:33.0641 3032 WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:51:33.0641 3032 WmiAcpi - ok
22:51:33.0812 3032 ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:51:33.0812 3032 ws2ifsl - ok
22:51:34.0015 3032 WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:51:34.0015 3032 WudfPf - ok
22:51:34.0218 3032 WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:51:34.0218 3032 WUDFRd - ok
22:51:34.0374 3032 yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:51:34.0390 3032 yukonw7 - ok
22:51:34.0436 3032 MBR (0x1B8)     (c3c93f1ca51bbacbabea804d2cc62ca1) \Device\Harddisk0\DR0
22:51:34.0530 3032 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
22:51:34.0530 3032 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
22:51:34.0530 3032 Boot (0x1200)   (49f02c21e26401fb919fda69e7b6f3ec) \Device\Harddisk0\DR0\Partition0
22:51:34.0530 3032 \Device\Harddisk0\DR0\Partition0 - ok
22:51:34.0546 3032 Boot (0x1200)   (7a15a03a69c1f8eeaa46954647a6c9c9) \Device\Harddisk0\DR0\Partition1
22:51:34.0546 3032 \Device\Harddisk0\DR0\Partition1 - ok
22:51:34.0577 3032 Boot (0x1200)   (118cb5df0c385b6c5d59fdddfad2b414) \Device\Harddisk0\DR0\Partition2
22:51:34.0577 3032 \Device\Harddisk0\DR0\Partition2 - ok
22:51:34.0592 3032 Boot (0x1200)   (d9a2f4669a86d371c7ae3cfa8b5725ca) \Device\Harddisk0\DR0\Partition3
22:51:34.0592 3032 \Device\Harddisk0\DR0\Partition3 - ok
22:51:34.0592 3032 ============================================================
22:51:34.0592 3032 Scan finished
22:51:34.0592 3032 ============================================================
22:51:34.0608 2864 Detected object count: 1
22:51:34.0608 2864 Actual detected object count: 1
22:52:21.0689 2864 \Device\Harddisk0\DR0\# - copied to quarantine
22:52:21.0689 2864 \Device\Harddisk0\DR0 - copied to quarantine
22:52:21.0689 2864 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine 
22:52:25.0807 1424 ============================================================
22:52:25.0807 1424 Scan started
22:52:25.0807 1424 Mode: Manual; 
22:52:25.0807 1424 ============================================================
22:52:28.0787 1424 1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:52:28.0787 1424 1394ohci - ok
22:52:28.0912 1424 ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:52:28.0912 1424 ACPI - ok
22:52:29.0005 1424 AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:52:29.0005 1424 AcpiPmi - ok
22:52:29.0068 1424 adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:52:29.0068 1424 adp94xx - ok
22:52:29.0177 1424 adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:52:29.0177 1424 adpahci - ok
22:52:29.0224 1424 adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:52:29.0224 1424 adpu320 - ok
22:52:29.0302 1424 AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
22:52:29.0302 1424 AFD - ok
22:52:29.0364 1424 agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:52:29.0364 1424 agp440 - ok
22:52:29.0442 1424 aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:52:29.0442 1424 aliide - ok
22:52:29.0489 1424 amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:52:29.0489 1424 amdide - ok
22:52:29.0536 1424 amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
22:52:29.0536 1424 amdiox64 - ok
22:52:29.0598 1424 AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:52:29.0598 1424 AmdK8 - ok
22:52:29.0879 1424 amdkmdag        (0e9be97e000dafdfdff72fcb70e2f6b4) C:\Windows\system32\DRIVERS\atikmdag.sys
22:52:30.0019 1424 amdkmdag - ok
22:52:30.0144 1424 amdkmdap        (2390a93bbdce5a990395eac354d6b734) C:\Windows\system32\DRIVERS\atikmpag.sys
22:52:30.0144 1424 amdkmdap - ok
22:52:30.0269 1424 AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:52:30.0269 1424 AmdPPM - ok
22:52:30.0378 1424 amdsata         (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
22:52:30.0378 1424 amdsata - ok
22:52:30.0456 1424 amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:52:30.0456 1424 amdsbs - ok
22:52:30.0503 1424 amdxata         (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
22:52:30.0503 1424 amdxata - ok
22:52:30.0534 1424 amd_sata        (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
22:52:30.0534 1424 amd_sata - ok
22:52:30.0597 1424 amd_xata        (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
22:52:30.0597 1424 amd_xata - ok
22:52:30.0659 1424 AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:52:30.0659 1424 AppID - ok
22:52:30.0768 1424 arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:52:30.0768 1424 arc - ok
22:52:30.0846 1424 arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:52:30.0846 1424 arcsas - ok
22:52:30.0909 1424 AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:52:30.0909 1424 AsyncMac - ok
22:52:31.0049 1424 atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:52:31.0049 1424 atapi - ok
22:52:31.0501 1424 athr            (e8e1ae3caa4c7286d40715336d8a11d4) C:\Windows\system32\DRIVERS\athrx.sys
22:52:31.0517 1424 athr - ok
22:52:31.0813 1424 AtiHdmiService  (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
22:52:31.0813 1424 AtiHdmiService - ok
22:52:31.0969 1424 AtiPcie         (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
22:52:31.0969 1424 AtiPcie - ok
22:52:32.0157 1424 b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:52:32.0157 1424 b06bdrv - ok
22:52:32.0297 1424 b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:52:32.0297 1424 b57nd60a - ok
22:52:32.0391 1424 Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:52:32.0391 1424 Beep - ok
22:52:32.0437 1424 blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:52:32.0437 1424 blbdrive - ok
22:52:32.0469 1424 bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
22:52:32.0469 1424 bowser - ok
22:52:32.0609 1424 BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:52:32.0609 1424 BrFiltLo - ok
22:52:32.0765 1424 BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:52:32.0765 1424 BrFiltUp - ok
22:52:32.0905 1424 Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:52:32.0905 1424 Brserid - ok
22:52:33.0030 1424 BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:52:33.0030 1424 BrSerWdm - ok
22:52:33.0139 1424 BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:52:33.0139 1424 BrUsbMdm - ok
22:52:33.0327 1424 BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:52:33.0327 1424 BrUsbSer - ok
22:52:33.0514 1424 BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:52:33.0514 1424 BTHMODEM - ok
22:52:33.0732 1424 cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:52:33.0732 1424 cdfs - ok
22:52:33.0873 1424 cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:52:33.0873 1424 cdrom - ok
22:52:33.0997 1424 circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:52:33.0997 1424 circlass - ok
22:52:34.0107 1424 CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:52:34.0122 1424 CLFS - ok
22:52:34.0356 1424 clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
22:52:34.0356 1424 clwvd - ok
22:52:34.0497 1424 CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:52:34.0497 1424 CmBatt - ok
22:52:34.0653 1424 cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:52:34.0653 1424 cmdide - ok
22:52:34.0840 1424 CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:52:34.0855 1424 CNG - ok
22:52:34.0980 1424 Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:52:34.0980 1424 Compbatt - ok
22:52:35.0136 1424 CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:52:35.0152 1424 CompositeBus - ok
22:52:35.0277 1424 crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:52:35.0277 1424 crcdisk - ok
22:52:35.0433 1424 DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
22:52:35.0433 1424 DfsC - ok
22:52:35.0511 1424 discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:52:35.0511 1424 discache - ok
22:52:35.0573 1424 Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:52:35.0573 1424 Disk - ok
22:52:35.0729 1424 drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:52:35.0729 1424 drmkaud - ok
22:52:35.0807 1424 DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:52:35.0823 1424 DXGKrnl - ok
22:52:36.0025 1424 ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:52:36.0041 1424 ebdrv - ok
22:52:36.0478 1424 elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:52:36.0493 1424 elxstor - ok
22:52:36.0649 1424 ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:52:36.0649 1424 ErrDev - ok
22:52:36.0946 1424 exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:52:36.0961 1424 exfat - ok
22:52:37.0273 1424 fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:52:37.0273 1424 fastfat - ok
22:52:37.0585 1424 fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:52:37.0585 1424 fdc - ok
22:52:37.0741 1424 FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:52:37.0741 1424 FileInfo - ok
22:52:37.0944 1424 Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:52:37.0944 1424 Filetrace - ok
22:52:38.0085 1424 flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:52:38.0085 1424 flpydisk - ok
22:52:38.0178 1424 FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:52:38.0178 1424 FltMgr - ok
22:52:38.0272 1424 FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:52:38.0287 1424 FsDepends - ok
22:52:38.0334 1424 Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:52:38.0334 1424 Fs_Rec - ok
22:52:38.0459 1424 fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
22:52:38.0475 1424 fvevol - ok
22:52:38.0927 1424 gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:52:38.0927 1424 gagp30kx - ok
22:52:39.0223 1424 hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:52:39.0223 1424 hcw85cir - ok
22:52:39.0613 1424 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:52:39.0613 1424 HdAudAddService - ok
22:52:39.0816 1424 HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:52:39.0816 1424 HDAudBus - ok
22:52:40.0003 1424 HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:52:40.0003 1424 HidBatt - ok
22:52:40.0237 1424 HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:52:40.0237 1424 HidBth - ok
22:52:40.0721 1424 HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:52:40.0721 1424 HidIr - ok
22:52:41.0095 1424 HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:52:41.0095 1424 HidUsb - ok
22:52:41.0314 1424 HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:52:41.0314 1424 HpSAMD - ok
22:52:41.0501 1424 HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:52:41.0501 1424 HTTP - ok
22:52:41.0641 1424 hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:52:41.0641 1424 hwpolicy - ok
22:52:41.0782 1424 i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:52:41.0782 1424 i8042prt - ok
22:52:41.0953 1424 iaStorV         (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
22:52:41.0953 1424 iaStorV - ok
22:52:42.0172 1424 igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:52:42.0453 1424 igfx - ok
22:52:42.0624 1424 iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:52:42.0624 1424 iirsp - ok
22:52:42.0780 1424 intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:52:42.0780 1424 intelide - ok
22:52:42.0952 1424 intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:52:42.0952 1424 intelppm - ok
22:52:43.0108 1424 IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:52:43.0108 1424 IpFilterDriver - ok
22:52:43.0295 1424 IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:52:43.0295 1424 IPMIDRV - ok
22:52:43.0404 1424 IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:52:43.0404 1424 IPNAT - ok
22:52:43.0529 1424 IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:52:43.0529 1424 IRENUM - ok
22:52:43.0591 1424 isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:52:43.0591 1424 isapnp - ok
22:52:43.0669 1424 iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:52:43.0669 1424 iScsiPrt - ok
22:52:43.0716 1424 kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:52:43.0716 1424 kbdclass - ok
22:52:43.0747 1424 kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:52:43.0747 1424 kbdhid - ok
22:52:43.0779 1424 KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:52:43.0779 1424 KSecDD - ok
22:52:43.0903 1424 KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
22:52:43.0903 1424 KSecPkg - ok
22:52:44.0044 1424 ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:52:44.0044 1424 ksthunk - ok
22:52:44.0122 1424 lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:52:44.0122 1424 lltdio - ok
22:52:44.0184 1424 LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:52:44.0184 1424 LSI_FC - ok
22:52:44.0231 1424 LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:52:44.0231 1424 LSI_SAS - ok
22:52:44.0278 1424 LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:52:44.0278 1424 LSI_SAS2 - ok
22:52:44.0387 1424 LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:52:44.0387 1424 LSI_SCSI - ok
22:52:44.0434 1424 luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:52:44.0434 1424 luafv - ok
22:52:44.0543 1424 megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:52:44.0543 1424 megasas - ok
22:52:44.0652 1424 MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:52:44.0652 1424 MegaSR - ok
22:52:44.0777 1424 Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:52:44.0777 1424 Modem - ok
22:52:44.0855 1424 monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:52:44.0855 1424 monitor - ok
22:52:44.0933 1424 mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:52:44.0949 1424 mouclass - ok
22:52:45.0011 1424 mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:52:45.0011 1424 mouhid - ok
22:52:45.0073 1424 mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:52:45.0073 1424 mountmgr - ok
22:52:45.0120 1424 mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:52:45.0120 1424 mpio - ok
22:52:45.0136 1424 mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:52:45.0136 1424 mpsdrv - ok
22:52:45.0167 1424 MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:52:45.0167 1424 MRxDAV - ok
22:52:45.0214 1424 mrxsmb          (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:52:45.0214 1424 mrxsmb - ok
22:52:45.0229 1424 mrxsmb10        (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:52:45.0229 1424 mrxsmb10 - ok
22:52:45.0370 1424 mrxsmb20        (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:52:45.0385 1424 mrxsmb20 - ok
22:52:45.0526 1424 msahci          (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
22:52:45.0526 1424 msahci - ok
22:52:45.0619 1424 msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:52:45.0619 1424 msdsm - ok
22:52:45.0760 1424 Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:52:45.0760 1424 Msfs - ok
22:52:45.0838 1424 mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:52:45.0838 1424 mshidkmdf - ok
22:52:45.0931 1424 msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:52:45.0931 1424 msisadrv - ok
22:52:46.0072 1424 MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:52:46.0072 1424 MSKSSRV - ok
22:52:46.0181 1424 MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:52:46.0181 1424 MSPCLOCK - ok
22:52:46.0431 1424 MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:52:46.0431 1424 MSPQM - ok
22:52:46.0836 1424 MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:52:46.0836 1424 MsRPC - ok
22:52:47.0070 1424 mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:52:47.0070 1424 mssmbios - ok
22:52:47.0179 1424 MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:52:47.0179 1424 MSTEE - ok
22:52:47.0273 1424 MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:52:47.0273 1424 MTConfig - ok
22:52:47.0382 1424 Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:52:47.0382 1424 Mup - ok
22:52:47.0460 1424 NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:52:47.0476 1424 NativeWifiP - ok
22:52:47.0632 1424 NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:52:47.0647 1424 NDIS - ok
22:52:47.0819 1424 NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:52:47.0819 1424 NdisCap - ok
22:52:47.0975 1424 NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:52:47.0975 1424 NdisTapi - ok
22:52:48.0115 1424 Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:52:48.0115 1424 Ndisuio - ok
22:52:48.0271 1424 NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:52:48.0271 1424 NdisWan - ok
22:52:48.0427 1424 NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:52:48.0427 1424 NDProxy - ok
22:52:48.0583 1424 NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:52:48.0583 1424 NetBIOS - ok
22:52:48.0755 1424 NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:52:48.0755 1424 NetBT - ok
22:52:49.0317 1424 netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:52:49.0395 1424 netw5v64 - ok
22:52:49.0551 1424 nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:52:49.0551 1424 nfrd960 - ok
22:52:49.0738 1424 Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:52:49.0738 1424 Npfs - ok
22:52:49.0831 1424 nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:52:49.0831 1424 nsiproxy - ok
22:52:49.0987 1424 Ntfs            (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
22:52:50.0019 1424 Ntfs - ok
22:52:50.0159 1424 Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:52:50.0159 1424 Null - ok
22:52:50.0315 1424 nvraid          (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
22:52:50.0315 1424 nvraid - ok
22:52:50.0455 1424 nvstor          (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
22:52:50.0471 1424 nvstor - ok
22:52:50.0611 1424 nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:52:50.0611 1424 nv_agp - ok
22:52:50.0736 1424 ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:52:50.0736 1424 ohci1394 - ok
22:52:50.0908 1424 Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:52:50.0908 1424 Parport - ok
22:52:51.0048 1424 partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:52:51.0048 1424 partmgr - ok
22:52:51.0220 1424 pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:52:51.0220 1424 pci - ok
22:52:51.0360 1424 pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:52:51.0360 1424 pciide - ok
22:52:51.0485 1424 pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:52:51.0501 1424 pcmcia - ok
22:52:51.0641 1424 pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:52:51.0641 1424 pcw - ok
22:52:51.0797 1424 PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:52:51.0797 1424 PEAUTH - ok
22:52:52.0093 1424 PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:52:52.0093 1424 PptpMiniport - ok
22:52:52.0218 1424 Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:52:52.0218 1424 Processor - ok
22:52:52.0359 1424 Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:52:52.0359 1424 Psched - ok
22:52:52.0499 1424 ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:52:52.0515 1424 ql2300 - ok
22:52:52.0951 1424 ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:52:53.0263 1424 ql40xx - ok
22:52:54.0761 1424 QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:52:54.0761 1424 QWAVEdrv - ok
22:52:55.0026 1424 RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:52:55.0026 1424 RasAcd - ok
22:52:55.0635 1424 RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:52:55.0635 1424 RasAgileVpn - ok
22:52:56.0087 1424 Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:52:56.0087 1424 Rasl2tp - ok
22:52:56.0290 1424 RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:52:56.0290 1424 RasPppoe - ok
22:52:56.0539 1424 RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:52:56.0539 1424 RasSstp - ok
22:52:56.0836 1424 rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:52:56.0836 1424 rdbss - ok
22:52:57.0054 1424 rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:52:57.0054 1424 rdpbus - ok
22:52:57.0772 1424 RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:52:57.0772 1424 RDPCDD - ok
22:52:58.0146 1424 RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:52:58.0146 1424 RDPENCDD - ok
22:52:58.0333 1424 RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:52:58.0333 1424 RDPREFMP - ok
22:52:58.0567 1424 RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:52:58.0567 1424 RDPWD - ok
22:52:58.0817 1424 rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
22:52:58.0817 1424 rdyboost - ok
22:52:59.0145 1424 RSPCIESTOR      (739583523c1b359d90dfc286d4eded89) C:\Windows\system32\DRIVERS\RtsPStor.sys
22:52:59.0145 1424 RSPCIESTOR - ok
22:52:59.0363 1424 rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:52:59.0363 1424 rspndr - ok
22:52:59.0519 1424 RTL8167         (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:52:59.0519 1424 RTL8167 - ok
22:52:59.0691 1424 sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:52:59.0691 1424 sbp2port - ok
22:52:59.0878 1424 scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:52:59.0878 1424 scfilter - ok
22:53:00.0018 1424 sdbus           (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
22:53:00.0018 1424 sdbus - ok
22:53:00.0174 1424 secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:53:00.0174 1424 secdrv - ok
22:53:00.0502 1424 Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:53:00.0502 1424 Serenum - ok
22:53:00.0798 1424 Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:53:00.0798 1424 Serial - ok
22:53:01.0032 1424 sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:53:01.0032 1424 sermouse - ok
22:53:01.0204 1424 sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:53:01.0204 1424 sffdisk - ok
22:53:01.0453 1424 sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:53:01.0453 1424 sffp_mmc - ok
22:53:01.0719 1424 sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:53:01.0719 1424 sffp_sd - ok
22:53:01.0906 1424 sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:53:01.0906 1424 sfloppy - ok
22:53:02.0077 1424 SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:53:02.0077 1424 SiSRaid2 - ok
22:53:02.0265 1424 SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:53:02.0265 1424 SiSRaid4 - ok
22:53:02.0483 1424 Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:53:02.0483 1424 Smb - ok
22:53:02.0639 1424 spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:53:02.0639 1424 spldr - ok
22:53:02.0889 1424 srv             (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
22:53:02.0889 1424 srv - ok
22:53:03.0513 1424 srv2            (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
22:53:03.0513 1424 srv2 - ok
22:53:03.0981 1424 SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:53:03.0996 1424 SrvHsfHDA - ok
22:53:04.0277 1424 SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:53:04.0277 1424 SrvHsfV92 - ok
22:53:04.0651 1424 SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:53:04.0651 1424 SrvHsfWinac - ok
22:53:04.0839 1424 srvnet          (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
22:53:04.0839 1424 srvnet - ok
22:53:05.0104 1424 stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:53:05.0104 1424 stexstor - ok
22:53:05.0385 1424 STHDA           (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
22:53:05.0385 1424 STHDA - ok
22:53:05.0681 1424 swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:53:05.0681 1424 swenum - ok
22:53:06.0102 1424 SynTP           (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
22:53:06.0102 1424 SynTP - ok
22:53:06.0367 1424 Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
22:53:06.0383 1424 Tcpip - ok
22:53:06.0929 1424 TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
22:53:06.0945 1424 TCPIP6 - ok
22:53:07.0319 1424 tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:53:07.0319 1424 tcpipreg - ok
22:53:07.0756 1424 TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:53:07.0756 1424 TDPIPE - ok
22:53:08.0177 1424 TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:53:08.0177 1424 TDTCP - ok
22:53:08.0583 1424 tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:53:08.0583 1424 tdx - ok
22:53:08.0832 1424 TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:53:08.0832 1424 TermDD - ok
22:53:09.0113 1424 tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:53:09.0113 1424 tssecsrv - ok
22:53:09.0316 1424 tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:53:09.0316 1424 tunnel - ok
22:53:09.0472 1424 uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:53:09.0472 1424 uagp35 - ok
22:53:09.0753 1424 udfs            (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
22:53:09.0753 1424 udfs - ok
22:53:10.0002 1424 uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:53:10.0002 1424 uliagpkx - ok
22:53:10.0236 1424 umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:53:10.0236 1424 umbus - ok
22:53:10.0423 1424 UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:53:10.0423 1424 UmPass - ok
22:53:10.0626 1424 usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:53:10.0626 1424 usbaudio - ok
22:53:10.0876 1424 usbbus          (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
22:53:10.0876 1424 usbbus - ok
22:53:11.0079 1424 usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
22:53:11.0079 1424 usbccgp - ok
22:53:11.0281 1424 usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:53:11.0281 1424 usbcir - ok
22:53:11.0500 1424 UsbDiag         (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
22:53:11.0500 1424 UsbDiag - ok
22:53:11.0749 1424 usbehci         (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
22:53:11.0749 1424 usbehci - ok
22:53:12.0264 1424 usbfilter       (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
22:53:12.0264 1424 usbfilter - ok
22:53:12.0483 1424 UsbGps          (8e36e68c0b7fa174012a61a290351e49) C:\Windows\system32\DRIVERS\lgx64gps.sys
22:53:12.0483 1424 UsbGps - ok
22:53:12.0685 1424 usbhub          (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
22:53:12.0685 1424 usbhub - ok
22:53:12.0904 1424 USBModem        (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
22:53:12.0904 1424 USBModem - ok
22:53:13.0075 1424 usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:53:13.0075 1424 usbohci - ok
22:53:13.0497 1424 usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:53:13.0497 1424 usbprint - ok
22:53:13.0621 1424 USBSTOR         (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:53:13.0621 1424 USBSTOR - ok
22:53:14.0167 1424 usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:53:14.0167 1424 usbuhci - ok
22:53:14.0823 1424 usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
22:53:14.0823 1424 usbvideo - ok
22:53:14.0932 1424 vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:53:14.0932 1424 vdrvroot - ok
22:53:15.0150 1424 vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:53:15.0150 1424 vga - ok
22:53:15.0353 1424 VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:53:15.0353 1424 VgaSave - ok
22:53:15.0493 1424 vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:53:15.0509 1424 vhdmp - ok
22:53:15.0696 1424 viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:53:15.0696 1424 viaide - ok
22:53:15.0946 1424 volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:53:15.0946 1424 volmgr - ok
22:53:16.0039 1424 volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:53:16.0055 1424 volmgrx - ok
22:53:16.0149 1424 volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:53:16.0149 1424 volsnap - ok
22:53:16.0461 1424 vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:53:16.0461 1424 vsmraid - ok
22:53:16.0570 1424 vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:53:16.0570 1424 vwifibus - ok
22:53:16.0679 1424 vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:53:16.0679 1424 vwififlt - ok
22:53:17.0194 1424 VX3000          (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
22:53:17.0209 1424 VX3000 - ok
22:53:17.0381 1424 WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:53:17.0381 1424 WacomPen - ok
22:53:17.0521 1424 WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:53:17.0521 1424 WANARP - ok
22:53:17.0553 1424 Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:53:17.0553 1424 Wanarpv6 - ok
22:53:17.0724 1424 Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:53:17.0724 1424 Wd - ok
22:53:17.0911 1424 Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:53:17.0911 1424 Wdf01000 - ok
22:53:18.0067 1424 WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:53:18.0067 1424 WfpLwf - ok
22:53:18.0364 1424 WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:53:18.0364 1424 WIMMount - ok
22:53:18.0629 1424 WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:53:18.0629 1424 WmiAcpi - ok
22:53:18.0738 1424 ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:53:18.0738 1424 ws2ifsl - ok
22:53:18.0847 1424 WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:53:18.0847 1424 WudfPf - ok
22:53:18.0957 1424 WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:53:18.0957 1424 WUDFRd - ok
22:53:19.0081 1424 yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:53:19.0081 1424 yukonw7 - ok
22:53:19.0097 1424 MBR (0x1B8)     (c3c93f1ca51bbacbabea804d2cc62ca1) \Device\Harddisk0\DR0
22:53:19.0206 1424 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
22:53:19.0206 1424 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
22:53:19.0222 1424 Boot (0x1200)   (49f02c21e26401fb919fda69e7b6f3ec) \Device\Harddisk0\DR0\Partition0
22:53:19.0222 1424 \Device\Harddisk0\DR0\Partition0 - ok
22:53:19.0237 1424 Boot (0x1200)   (7a15a03a69c1f8eeaa46954647a6c9c9) \Device\Harddisk0\DR0\Partition1
22:53:19.0237 1424 \Device\Harddisk0\DR0\Partition1 - ok
22:53:19.0253 1424 Boot (0x1200)   (118cb5df0c385b6c5d59fdddfad2b414) \Device\Harddisk0\DR0\Partition2
22:53:19.0269 1424 \Device\Harddisk0\DR0\Partition2 - ok
22:53:19.0284 1424 Boot (0x1200)   (d9a2f4669a86d371c7ae3cfa8b5725ca) \Device\Harddisk0\DR0\Partition3
22:53:19.0284 1424 \Device\Harddisk0\DR0\Partition3 - ok
22:53:19.0284 1424 ============================================================
22:53:19.0284 1424 Scan finished
22:53:19.0284 1424 ============================================================
22:53:19.0300 2608 Detected object count: 1
22:53:19.0300 2608 Actual detected object count: 1
22:53:32.0529 2608 \Device\Harddisk0\DR0\# - copied to quarantine
22:53:32.0529 2608 \Device\Harddisk0\DR0 - copied to quarantine
22:53:32.0529 2608 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine 
22:53:39.0299 0860 Deinitialize success


#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:02 PM

Posted 12 August 2013 - 05:07 PM

Hi there,
 
 
One or more of the identified infections is a backdoor trojan.
 
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
 
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
 
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
 
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
 
 
 
Elle 

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#9 sabr49

sabr49
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 13 August 2013 - 08:38 AM

Oh no. I guess I will go the reformat route if there's no guarantee that it's gone. Question - is it safe to backup files - like images, documents from that computer before I format?



#10 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:02 PM

Posted 13 August 2013 - 01:06 PM

Yes, it is safe to back up your files/ documents right now. :)

 

 

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#11 sabr49

sabr49
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 13 August 2013 - 02:24 PM

Ok thanks for your help and thanks for everyone else who helps out here.



#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:02 PM

Posted 13 August 2013 - 03:23 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users