Jump to content

Infected svchost.exe, Rootkit.win32.BackBoot.gen


6abriel

Recommended Posts

Ok, here it is:

ComboFix 12-02-24.02 - ggalindo 02/27/2012 16:19:23.3.4 - x64

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7986.5817 [GMT -8:00]

Running from: c:\users\ggalindo\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))

.

.

2012-02-28 00:26 . 2012-02-28 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-25 01:10 . 2012-02-25 11:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-02-25 01:10 . 2012-02-25 11:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-02-24 23:53 . 2012-02-25 01:47 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-24 19:12 . 2012-02-24 19:12 116016 ----a-w- c:\windows\system32\drivers\94862966.sys

2012-02-17 22:39 . 2012-02-17 22:39 -------- d-----w- c:\users\ggalindo\AppData\Roaming\Malwarebytes

2012-02-17 22:39 . 2012-02-26 07:19 -------- d-----w- c:\programdata\Malwarebytes

2012-02-17 22:39 . 2012-02-17 22:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-17 22:39 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-17 22:14 . 2012-02-17 22:14 -------- d-----w- c:\programdata\B7E8586B002E443F035C1E7FB4EB2331

2012-02-01 17:18 . 2012-02-01 17:18 -------- d-----w- c:\windows\SysWow64\drivers\AVG

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-17 23:35 . 2011-05-14 21:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-03 06:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-12-03 06:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-12-03 05:46 . 2011-12-03 05:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-12-03 05:46 . 2011-12-03 05:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-12-03 05:46 . 2011-12-03 05:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-12-03 05:46 . 2011-12-03 05:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-12-03 05:46 . 2011-12-03 05:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-12-03 05:46 . 2011-12-03 05:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-12-03 05:46 . 2011-12-03 05:46 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-12-03 05:46 . 2011-12-03 05:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-12-03 05:46 . 2011-12-03 05:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-12-03 05:46 . 2011-12-03 05:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-12-03 05:46 . 2011-12-03 05:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-12-03 05:46 . 2011-12-03 05:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-12-03 05:46 . 2011-12-03 05:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-12-03 05:46 . 2011-12-03 05:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-12-03 05:46 . 2011-12-03 05:46 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-12-03 05:46 . 2011-12-03 05:46 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-12-03 05:46 . 2011-12-03 05:46 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-12-03 05:46 . 2011-12-03 05:46 448512 ----a-w- c:\windows\system32\html.iec

2011-12-03 05:46 . 2011-12-03 05:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-12-03 05:46 . 2011-12-03 05:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-12-03 05:46 . 2011-12-03 05:46 222208 ----a-w- c:\windows\system32\msls31.dll

2011-12-03 05:46 . 2011-12-03 05:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-12-03 05:46 . 2011-12-03 05:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-12-03 05:46 . 2011-12-03 05:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-12-03 05:46 . 2011-12-03 05:46 12288 ----a-w- c:\windows\system32\mshta.exe

2011-12-03 05:46 . 2011-12-03 05:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-12-03 05:46 . 2011-12-03 05:46 114176 ----a-w- c:\windows\system32\admparse.dll

2011-12-03 05:46 . 2011-12-03 05:46 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-12-03 05:46 . 2011-12-03 05:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-12-03 05:46 . 2011-12-03 05:46 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-12-03 05:46 . 2011-12-03 05:46 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-12-03 05:46 . 2011-12-03 05:46 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-03 05:46 . 2011-12-03 05:46 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-12-03 05:46 . 2011-12-03 05:46 160256 ----a-w- c:\windows\system32\wextract.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-24_19.03.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-24 04:32 . 2012-02-27 18:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-02-24 04:32 . 2012-02-24 18:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-02-24 20:09 . 2012-02-24 20:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2012-02-27 17:24 . 2012-02-27 18:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022720120228\index.dat

+ 2012-02-27 17:24 . 2012-02-26 07:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022020120227\index.dat

+ 2012-02-24 04:38 . 2012-02-27 17:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2011-02-28 08:25 . 2012-02-27 18:14 41058 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-27 18:14 45668 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-28 08:05 . 2012-02-27 18:14 12342 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2687459928-2638469743-227528149-1000_UserData.bin

+ 2012-02-17 22:22 . 2012-02-25 19:21 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

- 2012-02-17 22:22 . 2012-02-17 22:20 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

- 2011-02-28 07:24 . 2012-02-23 22:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-28 07:24 . 2012-02-28 00:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-28 07:24 . 2012-02-28 00:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-28 07:24 . 2012-02-23 22:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-23 22:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-28 00:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-28 07:23 . 2012-02-24 05:12 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2011-02-28 07:23 . 2012-02-27 18:11 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-02-24 17:47 . 2012-02-24 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-27 18:12 . 2012-02-27 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-27 18:12 . 2012-02-27 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-02-24 17:47 . 2012-02-24 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-02-27 18:13 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-28 21:07 . 2012-02-27 17:18 338278 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-03-04 17:40 . 2012-02-27 20:41 418868 c:\windows\system32\perfh011.dat

+ 2009-07-14 02:36 . 2012-02-27 20:41 663434 c:\windows\system32\perfh009.dat

+ 2011-03-04 17:40 . 2012-02-27 20:41 122270 c:\windows\system32\perfc011.dat

+ 2009-07-14 02:36 . 2012-02-27 20:41 122270 c:\windows\system32\perfc009.dat

- 2009-07-14 05:38 . 2011-02-28 07:20 262144 c:\windows\system32\config\systemprofile\ntuser.dat

+ 2009-07-14 05:38 . 2012-02-26 07:20 262144 c:\windows\system32\config\systemprofile\ntuser.dat

- 2009-07-14 05:01 . 2012-02-24 05:12 314452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-27 18:11 314452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-28 21:20 . 2012-02-27 17:33 763628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2687459928-2638469743-227528149-1000-8192.dat

+ 2009-07-14 04:54 . 2012-02-27 18:13 2899968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-27 18:13 6012928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-02-24 04:58 . 2012-02-27 18:11 1962748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

- 2011-04-04 03:37 . 2012-02-24 05:12 20306279 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2687459928-2638469743-227528149-1000-12288.dat

+ 2011-04-04 03:37 . 2012-02-24 19:35 20306279 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2687459928-2638469743-227528149-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]

"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]

"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\gcFlash]

2009-11-04 18:19 138972 ----a-w- c:\windows\GCFlashExecute.EXE

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-08 489472]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-20 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-20 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-20 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

Trusted Zone: gene.com\gconnect

TCP: DhcpNameServer = 63.251.62.33 63.251.62.1

FF - ProfilePath - c:\users\ggalindo\AppData\Roaming\Mozilla\Firefox\Profiles\mucutdes.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-27 16:30:38

ComboFix-quarantined-files.txt 2012-02-28 00:30

ComboFix2.txt 2012-02-27 18:04

ComboFix3.txt 2012-02-25 02:17

ComboFix4.txt 2012-02-25 00:56

ComboFix5.txt 2012-02-28 00:18

.

Pre-Run: 8,772,014,080 bytes free

Post-Run: 8,752,017,408 bytes free

.

- - End Of File - - F4E321517E0A0A2F1CD43CEA0E418269

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.27.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

ggalindo :: GGALINDO-LT7 [administrator]

Protection: Enabled

2/27/2012 5:05:55 PM

mbam-log-2012-02-27 (17-05-55).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 188966

Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 2596 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\ggalindo\Desktop\WinLogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Link to post
Share on other sites

Doesn't want to die does it?

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Oh, since it was the roguekiller I figured it was a false positive and left it alone. Removed it on the next pass, and then ran TDSSKiller:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.27.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

ggalindo :: GGALINDO-LT7 [administrator]

Protection: Enabled

2/27/2012 5:17:53 PM

mbam-log-2012-02-27 (17-17-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 188921

Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3832 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\ggalindo\Desktop\WinLogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

17:24:59.0323 5212 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02

17:24:59.0713 5212 ============================================================

17:24:59.0713 5212 Current date / time: 2012/02/27 17:24:59.0713

17:24:59.0713 5212 SystemInfo:

17:24:59.0713 5212

17:24:59.0713 5212 OS Version: 6.1.7601 ServicePack: 1.0

17:24:59.0713 5212 Product type: Workstation

17:24:59.0713 5212 ComputerName: GGALINDO-LT7

17:24:59.0713 5212 UserName: ggalindo

17:24:59.0713 5212 Windows directory: C:\Windows

17:24:59.0713 5212 System windows directory: C:\Windows

17:24:59.0713 5212 Running under WOW64

17:24:59.0713 5212 Processor architecture: Intel x64

17:24:59.0713 5212 Number of processors: 4

17:24:59.0713 5212 Page size: 0x1000

17:24:59.0713 5212 Boot type: Normal boot

17:24:59.0713 5212 ============================================================

17:25:00.0134 5212 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:25:00.0134 5212 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:25:00.0539 5212 \Device\Harddisk0\DR0:

17:25:00.0539 5212 MBR used

17:25:00.0539 5212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:25:00.0555 5212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

17:25:00.0555 5212 \Device\Harddisk1\DR1:

17:25:00.0555 5212 MBR used

17:25:00.0555 5212 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482

17:25:00.0617 5212 Initialize success

17:25:00.0617 5212 ============================================================

17:25:17.0577 6060 ============================================================

17:25:17.0577 6060 Scan started

17:25:17.0577 6060 Mode: Manual; SigCheck; TDLFS;

17:25:17.0577 6060 ============================================================

17:25:18.0388 6060 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:25:18.0466 6060 1394ohci - ok

17:25:18.0528 6060 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys

17:25:18.0559 6060 Accelerometer - ok

17:25:18.0637 6060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:25:18.0684 6060 ACPI - ok

17:25:18.0747 6060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:25:18.0793 6060 AcpiPmi - ok

17:25:18.0903 6060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:25:18.0965 6060 adp94xx - ok

17:25:19.0043 6060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:25:19.0074 6060 adpahci - ok

17:25:19.0121 6060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:25:19.0137 6060 adpu320 - ok

17:25:19.0215 6060 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

17:25:19.0261 6060 AFD - ok

17:25:19.0371 6060 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys

17:25:19.0464 6060 AgereSoftModem - ok

17:25:19.0527 6060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:25:19.0542 6060 agp440 - ok

17:25:19.0620 6060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:25:19.0651 6060 aliide - ok

17:25:19.0729 6060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:25:19.0745 6060 amdide - ok

17:25:19.0792 6060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:25:19.0839 6060 AmdK8 - ok

17:25:19.0870 6060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:25:19.0901 6060 AmdPPM - ok

17:25:19.0963 6060 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

17:25:19.0979 6060 amdsata - ok

17:25:20.0010 6060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:25:20.0026 6060 amdsbs - ok

17:25:20.0057 6060 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

17:25:20.0057 6060 amdxata - ok

17:25:20.0119 6060 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:25:20.0182 6060 AppID - ok

17:25:20.0244 6060 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:25:20.0260 6060 arc - ok

17:25:20.0275 6060 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:25:20.0291 6060 arcsas - ok

17:25:20.0369 6060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:25:20.0509 6060 AsyncMac - ok

17:25:20.0587 6060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:25:20.0603 6060 atapi - ok

17:25:20.0697 6060 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

17:25:20.0712 6060 AVGIDSDriver - ok

17:25:20.0775 6060 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

17:25:20.0790 6060 AVGIDSEH - ok

17:25:20.0806 6060 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

17:25:20.0821 6060 AVGIDSFilter - ok

17:25:20.0899 6060 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

17:25:20.0915 6060 Avgldx64 - ok

17:25:20.0977 6060 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

17:25:20.0993 6060 Avgmfx64 - ok

17:25:21.0040 6060 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

17:25:21.0040 6060 Avgrkx64 - ok

17:25:21.0118 6060 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

17:25:21.0133 6060 Avgtdia - ok

17:25:21.0196 6060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:25:21.0243 6060 b06bdrv - ok

17:25:21.0305 6060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:25:21.0336 6060 b57nd60a - ok

17:25:21.0383 6060 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:25:21.0430 6060 Beep - ok

17:25:21.0461 6060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:25:21.0492 6060 blbdrive - ok

17:25:21.0586 6060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:25:21.0633 6060 bowser - ok

17:25:21.0664 6060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:25:21.0711 6060 BrFiltLo - ok

17:25:21.0711 6060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:25:21.0726 6060 BrFiltUp - ok

17:25:21.0789 6060 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

17:25:21.0867 6060 BridgeMP - ok

17:25:21.0898 6060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:25:21.0913 6060 Brserid - ok

17:25:21.0929 6060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:25:21.0945 6060 BrSerWdm - ok

17:25:21.0960 6060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:25:21.0991 6060 BrUsbMdm - ok

17:25:21.0991 6060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:25:22.0007 6060 BrUsbSer - ok

17:25:22.0085 6060 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

17:25:22.0116 6060 BthEnum - ok

17:25:22.0147 6060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:25:22.0194 6060 BTHMODEM - ok

17:25:22.0225 6060 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

17:25:22.0272 6060 BthPan - ok

17:25:22.0350 6060 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

17:25:22.0413 6060 BTHPORT - ok

17:25:22.0491 6060 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

17:25:22.0522 6060 BTHUSB - ok

17:25:22.0584 6060 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys

17:25:22.0600 6060 btusbflt - ok

17:25:22.0615 6060 catchme - ok

17:25:22.0662 6060 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:25:22.0725 6060 cdfs - ok

17:25:22.0803 6060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

17:25:22.0849 6060 cdrom - ok

17:25:22.0881 6060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:25:22.0927 6060 circlass - ok

17:25:22.0974 6060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:25:23.0005 6060 CLFS - ok

17:25:23.0052 6060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:25:23.0083 6060 CmBatt - ok

17:25:23.0146 6060 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:25:23.0161 6060 cmdide - ok

17:25:23.0224 6060 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:25:23.0255 6060 CNG - ok

17:25:23.0317 6060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:25:23.0333 6060 Compbatt - ok

17:25:23.0395 6060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

17:25:23.0427 6060 CompositeBus - ok

17:25:23.0458 6060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:25:23.0473 6060 crcdisk - ok

17:25:23.0536 6060 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

17:25:23.0598 6060 CSC - ok

17:25:23.0645 6060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:25:23.0707 6060 DfsC - ok

17:25:23.0739 6060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:25:23.0785 6060 discache - ok

17:25:23.0832 6060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:25:23.0848 6060 Disk - ok

17:25:23.0926 6060 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

17:25:23.0957 6060 Dot4 - ok

17:25:24.0035 6060 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

17:25:24.0066 6060 Dot4Print - ok

17:25:24.0082 6060 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

17:25:24.0129 6060 dot4usb - ok

17:25:24.0160 6060 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:25:24.0207 6060 drmkaud - ok

17:25:24.0238 6060 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys

17:25:24.0269 6060 dsNcAdpt - ok

17:25:24.0331 6060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:25:24.0378 6060 DXGKrnl - ok

17:25:24.0409 6060 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys

17:25:24.0456 6060 e1kexpress - ok

17:25:24.0550 6060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:25:24.0690 6060 ebdrv - ok

17:25:24.0737 6060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:25:24.0753 6060 elxstor - ok

17:25:24.0799 6060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:25:24.0831 6060 ErrDev - ok

17:25:24.0846 6060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:25:24.0877 6060 exfat - ok

17:25:24.0909 6060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:25:24.0987 6060 fastfat - ok

17:25:25.0002 6060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:25:25.0080 6060 fdc - ok

17:25:25.0111 6060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:25:25.0127 6060 FileInfo - ok

17:25:25.0143 6060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:25:25.0189 6060 Filetrace - ok

17:25:25.0205 6060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:25:25.0205 6060 flpydisk - ok

17:25:25.0283 6060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:25:25.0314 6060 FltMgr - ok

17:25:25.0330 6060 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:25:25.0345 6060 FsDepends - ok

17:25:25.0361 6060 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:25:25.0361 6060 Fs_Rec - ok

17:25:25.0439 6060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:25:25.0455 6060 fvevol - ok

17:25:25.0486 6060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:25:25.0501 6060 gagp30kx - ok

17:25:25.0798 6060 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:25:25.0798 6060 GEARAspiWDM - ok

17:25:25.0860 6060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:25:25.0891 6060 hcw85cir - ok

17:25:25.0954 6060 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

17:25:26.0001 6060 HdAudAddService - ok

17:25:26.0079 6060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

17:25:26.0110 6060 HDAudBus - ok

17:25:26.0141 6060 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:25:26.0157 6060 HECIx64 - ok

17:25:26.0188 6060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:25:26.0219 6060 HidBatt - ok

17:25:26.0250 6060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:25:26.0297 6060 HidBth - ok

17:25:26.0328 6060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:25:26.0359 6060 HidIr - ok

17:25:26.0437 6060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:25:26.0469 6060 HidUsb - ok

17:25:26.0515 6060 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys

17:25:26.0531 6060 hpdskflt - ok

17:25:26.0578 6060 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

17:25:26.0609 6060 HpqKbFiltr - ok

17:25:26.0687 6060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:25:26.0703 6060 HpSAMD - ok

17:25:26.0765 6060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:25:26.0859 6060 HTTP - ok

17:25:26.0905 6060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:25:26.0921 6060 hwpolicy - ok

17:25:26.0968 6060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

17:25:26.0999 6060 i8042prt - ok

17:25:27.0030 6060 iaStor (c50107c730c9a955f6fd7376733f2d68) C:\Windows\system32\DRIVERS\iaStor.sys

17:25:27.0046 6060 iaStor - ok

17:25:27.0108 6060 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

17:25:27.0139 6060 iaStorV - ok

17:25:27.0358 6060 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:25:27.0654 6060 igfx - ok

17:25:27.0701 6060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:25:27.0701 6060 iirsp - ok

17:25:27.0748 6060 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

17:25:27.0795 6060 Impcd - ok

17:25:27.0841 6060 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys

17:25:27.0873 6060 IntcDAud - ok

17:25:27.0935 6060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:25:27.0966 6060 intelide - ok

17:25:27.0982 6060 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:25:28.0013 6060 intelppm - ok

17:25:28.0091 6060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:25:28.0138 6060 IpFilterDriver - ok

17:25:28.0185 6060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:25:28.0231 6060 IPMIDRV - ok

17:25:28.0263 6060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:25:28.0341 6060 IPNAT - ok

17:25:28.0403 6060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:25:28.0434 6060 IRENUM - ok

17:25:28.0481 6060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:25:28.0497 6060 isapnp - ok

17:25:28.0543 6060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:25:28.0575 6060 iScsiPrt - ok

17:25:28.0606 6060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

17:25:28.0621 6060 kbdclass - ok

17:25:28.0637 6060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

17:25:28.0684 6060 kbdhid - ok

17:25:28.0731 6060 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:25:28.0746 6060 KSecDD - ok

17:25:28.0809 6060 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:25:28.0824 6060 KSecPkg - ok

17:25:28.0855 6060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:25:28.0918 6060 ksthunk - ok

17:25:28.0980 6060 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:25:29.0043 6060 lltdio - ok

17:25:29.0089 6060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:25:29.0089 6060 LSI_FC - ok

17:25:29.0121 6060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:25:29.0121 6060 LSI_SAS - ok

17:25:29.0152 6060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:25:29.0167 6060 LSI_SAS2 - ok

17:25:29.0199 6060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:25:29.0214 6060 LSI_SCSI - ok

17:25:29.0245 6060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:25:29.0292 6060 luafv - ok

17:25:29.0339 6060 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

17:25:29.0355 6060 MBAMProtector - ok

17:25:29.0386 6060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:25:29.0401 6060 megasas - ok

17:25:29.0433 6060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:25:29.0448 6060 MegaSR - ok

17:25:29.0479 6060 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:25:29.0542 6060 Modem - ok

17:25:29.0604 6060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:25:29.0651 6060 monitor - ok

17:25:29.0729 6060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

17:25:29.0745 6060 mouclass - ok

17:25:29.0791 6060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:25:29.0823 6060 mouhid - ok

17:25:29.0885 6060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:25:29.0901 6060 mountmgr - ok

17:25:29.0963 6060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:25:29.0979 6060 mpio - ok

17:25:30.0010 6060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:25:30.0072 6060 mpsdrv - ok

17:25:30.0119 6060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:25:30.0166 6060 MRxDAV - ok

17:25:30.0213 6060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:25:30.0259 6060 mrxsmb - ok

17:25:30.0306 6060 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:25:30.0337 6060 mrxsmb10 - ok

17:25:30.0384 6060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:25:30.0415 6060 mrxsmb20 - ok

17:25:30.0462 6060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:25:30.0478 6060 msahci - ok

17:25:30.0540 6060 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:25:30.0556 6060 msdsm - ok

17:25:30.0696 6060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:25:30.0759 6060 Msfs - ok

17:25:30.0774 6060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:25:30.0821 6060 mshidkmdf - ok

17:25:30.0883 6060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:25:30.0899 6060 msisadrv - ok

17:25:30.0961 6060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:25:31.0024 6060 MSKSSRV - ok

17:25:31.0055 6060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:25:31.0102 6060 MSPCLOCK - ok

17:25:31.0149 6060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:25:31.0211 6060 MSPQM - ok

17:25:31.0273 6060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:25:31.0305 6060 MsRPC - ok

17:25:31.0351 6060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

17:25:31.0383 6060 mssmbios - ok

17:25:31.0398 6060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:25:31.0461 6060 MSTEE - ok

17:25:31.0492 6060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:25:31.0507 6060 MTConfig - ok

17:25:31.0523 6060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:25:31.0539 6060 Mup - ok

17:25:31.0570 6060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:25:31.0632 6060 NativeWifiP - ok

17:25:31.0741 6060 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

17:25:31.0804 6060 NDIS - ok

17:25:31.0819 6060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:25:31.0851 6060 NdisCap - ok

17:25:31.0897 6060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:25:31.0944 6060 NdisTapi - ok

17:25:32.0007 6060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:25:32.0069 6060 Ndisuio - ok

17:25:32.0131 6060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:25:32.0194 6060 NdisWan - ok

17:25:32.0272 6060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:25:32.0350 6060 NDProxy - ok

17:25:32.0397 6060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:25:32.0428 6060 NetBIOS - ok

17:25:32.0490 6060 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:25:32.0553 6060 NetBT - ok

17:25:32.0771 6060 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys

17:25:33.0005 6060 NETwNs64 - ok

17:25:33.0067 6060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:25:33.0083 6060 nfrd960 - ok

17:25:33.0099 6060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:25:33.0161 6060 Npfs - ok

17:25:33.0177 6060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:25:33.0223 6060 nsiproxy - ok

17:25:33.0317 6060 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

17:25:33.0379 6060 Ntfs - ok

17:25:33.0395 6060 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:25:33.0442 6060 Null - ok

17:25:33.0520 6060 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

17:25:33.0535 6060 nvraid - ok

17:25:33.0567 6060 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

17:25:33.0582 6060 nvstor - ok

17:25:33.0660 6060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:25:33.0691 6060 nv_agp - ok

17:25:33.0707 6060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:25:33.0738 6060 ohci1394 - ok

17:25:33.0801 6060 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:25:33.0847 6060 Parport - ok

17:25:33.0910 6060 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:25:33.0925 6060 partmgr - ok

17:25:33.0988 6060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:25:34.0003 6060 pci - ok

17:25:34.0035 6060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:25:34.0050 6060 pciide - ok

17:25:34.0081 6060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:25:34.0097 6060 pcmcia - ok

17:25:34.0128 6060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:25:34.0144 6060 pcw - ok

17:25:34.0175 6060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:25:34.0237 6060 PEAUTH - ok

17:25:34.0362 6060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:25:34.0425 6060 PptpMiniport - ok

17:25:34.0456 6060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:25:34.0487 6060 Processor - ok

17:25:34.0565 6060 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:25:34.0627 6060 Psched - ok

17:25:34.0721 6060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:25:34.0783 6060 ql2300 - ok

17:25:34.0799 6060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:25:34.0815 6060 ql40xx - ok

17:25:34.0830 6060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:25:34.0861 6060 QWAVEdrv - ok

17:25:34.0908 6060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:25:34.0955 6060 RasAcd - ok

17:25:34.0986 6060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:25:35.0017 6060 RasAgileVpn - ok

17:25:35.0064 6060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:25:35.0127 6060 Rasl2tp - ok

17:25:35.0158 6060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:25:35.0205 6060 RasPppoe - ok

17:25:35.0236 6060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:25:35.0283 6060 RasSstp - ok

17:25:35.0361 6060 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:25:35.0423 6060 rdbss - ok

17:25:35.0454 6060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:25:35.0485 6060 rdpbus - ok

17:25:35.0517 6060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:25:35.0548 6060 RDPCDD - ok

17:25:35.0610 6060 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

17:25:35.0641 6060 RDPDR - ok

17:25:35.0657 6060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:25:35.0704 6060 RDPENCDD - ok

17:25:35.0735 6060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:25:35.0766 6060 RDPREFMP - ok

17:25:35.0844 6060 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

17:25:35.0875 6060 RdpVideoMiniport - ok

17:25:35.0922 6060 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

17:25:35.0985 6060 RDPWD - ok

17:25:36.0016 6060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:25:36.0031 6060 rdyboost - ok

17:25:36.0078 6060 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

17:25:36.0125 6060 RFCOMM - ok

17:25:36.0172 6060 RICOH SmartCard Reader (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys

17:25:36.0203 6060 RICOH SmartCard Reader - ok

17:25:36.0234 6060 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys

17:25:36.0265 6060 rimmptsk - ok

17:25:36.0281 6060 rismcx64 (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys

17:25:36.0297 6060 rismcx64 - ok

17:25:36.0343 6060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:25:36.0421 6060 rspndr - ok

17:25:36.0453 6060 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

17:25:36.0484 6060 s3cap - ok

17:25:36.0515 6060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:25:36.0531 6060 sbp2port - ok

17:25:36.0609 6060 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys

17:25:36.0640 6060 SCDEmu - ok

17:25:36.0687 6060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:25:36.0749 6060 scfilter - ok

17:25:36.0827 6060 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

17:25:36.0858 6060 sdbus - ok

17:25:36.0889 6060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:25:36.0936 6060 secdrv - ok

17:25:36.0983 6060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:25:37.0014 6060 Serenum - ok

17:25:37.0045 6060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:25:37.0061 6060 Serial - ok

17:25:37.0139 6060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:25:37.0170 6060 sermouse - ok

17:25:37.0217 6060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:25:37.0248 6060 sffdisk - ok

17:25:37.0279 6060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:25:37.0295 6060 sffp_mmc - ok

17:25:37.0311 6060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:25:37.0326 6060 sffp_sd - ok

17:25:37.0357 6060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:25:37.0389 6060 sfloppy - ok

17:25:37.0420 6060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:25:37.0451 6060 SiSRaid2 - ok

17:25:37.0467 6060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:25:37.0482 6060 SiSRaid4 - ok

17:25:37.0529 6060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:25:37.0576 6060 Smb - ok

17:25:37.0685 6060 SNP2UVC (a676e7f5c305cbc3d3d0e4d718f23329) C:\Windows\system32\DRIVERS\snp2uvc.sys

17:25:37.0716 6060 SNP2UVC - ok

17:25:37.0747 6060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:25:37.0747 6060 spldr - ok

17:25:37.0825 6060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:25:37.0888 6060 srv - ok

17:25:37.0919 6060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:25:37.0950 6060 srv2 - ok

17:25:37.0981 6060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:25:38.0028 6060 srvnet - ok

17:25:38.0059 6060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:25:38.0075 6060 stexstor - ok

17:25:38.0122 6060 STHDA (96df19a03d37f8568141612d31f0d035) C:\Windows\system32\DRIVERS\stwrt64.sys

17:25:38.0153 6060 STHDA - ok

17:25:38.0215 6060 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

17:25:38.0278 6060 StillCam - ok

17:25:38.0356 6060 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

17:25:38.0371 6060 storflt - ok

17:25:38.0418 6060 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

17:25:38.0449 6060 storvsc - ok

17:25:38.0481 6060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

17:25:38.0512 6060 swenum - ok

17:25:38.0543 6060 Synth3dVsc - ok

17:25:38.0605 6060 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys

17:25:38.0637 6060 SynTP - ok

17:25:38.0730 6060 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:25:38.0793 6060 Tcpip - ok

17:25:38.0871 6060 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:25:38.0917 6060 TCPIP6 - ok

17:25:38.0980 6060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:25:39.0027 6060 tcpipreg - ok

17:25:39.0073 6060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:25:39.0120 6060 TDPIPE - ok

17:25:39.0136 6060 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:25:39.0183 6060 TDTCP - ok

17:25:39.0229 6060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:25:39.0276 6060 tdx - ok

17:25:39.0339 6060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

17:25:39.0339 6060 TermDD - ok

17:25:39.0401 6060 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

17:25:39.0417 6060 TPM - ok

17:25:39.0463 6060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:25:39.0495 6060 tssecsrv - ok

17:25:39.0557 6060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:25:39.0588 6060 TsUsbFlt - ok

17:25:39.0604 6060 tsusbhub - ok

17:25:39.0697 6060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:25:39.0775 6060 tunnel - ok

17:25:39.0807 6060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:25:39.0822 6060 uagp35 - ok

17:25:39.0885 6060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:25:39.0916 6060 udfs - ok

17:25:39.0978 6060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:25:39.0994 6060 uliagpkx - ok

17:25:40.0056 6060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

17:25:40.0087 6060 umbus - ok

17:25:40.0119 6060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:25:40.0150 6060 UmPass - ok

17:25:40.0243 6060 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

17:25:40.0290 6060 USBAAPL64 - ok

17:25:40.0321 6060 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys

17:25:40.0353 6060 usbccgp - ok

17:25:40.0415 6060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:25:40.0462 6060 usbcir - ok

17:25:40.0509 6060 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

17:25:40.0540 6060 usbehci - ok

17:25:40.0587 6060 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

17:25:40.0618 6060 usbhub - ok

17:25:40.0665 6060 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

17:25:40.0680 6060 usbohci - ok

17:25:40.0758 6060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:25:40.0774 6060 usbprint - ok

17:25:40.0836 6060 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

17:25:40.0883 6060 usbscan - ok

17:25:40.0930 6060 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:25:40.0961 6060 USBSTOR - ok

17:25:40.0977 6060 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

17:25:41.0008 6060 usbuhci - ok

17:25:41.0023 6060 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

17:25:41.0039 6060 usbvideo - ok

17:25:41.0101 6060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:25:41.0101 6060 vdrvroot - ok

17:25:41.0133 6060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:25:41.0148 6060 vga - ok

17:25:41.0179 6060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:25:41.0226 6060 VgaSave - ok

17:25:41.0257 6060 VGPU - ok

17:25:41.0289 6060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:25:41.0304 6060 vhdmp - ok

17:25:41.0351 6060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:25:41.0351 6060 viaide - ok

17:25:41.0398 6060 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

17:25:41.0429 6060 vmbus - ok

17:25:41.0491 6060 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

17:25:41.0523 6060 VMBusHID - ok

17:25:41.0554 6060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:25:41.0569 6060 volmgr - ok

17:25:41.0632 6060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:25:41.0647 6060 volmgrx - ok

17:25:41.0663 6060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:25:41.0679 6060 volsnap - ok

17:25:41.0725 6060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:25:41.0741 6060 vsmraid - ok

17:25:41.0772 6060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:25:41.0803 6060 vwifibus - ok

17:25:41.0835 6060 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:25:41.0866 6060 vwififlt - ok

17:25:41.0897 6060 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:25:41.0928 6060 vwifimp - ok

17:25:41.0959 6060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:25:41.0991 6060 WacomPen - ok

17:25:42.0053 6060 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:25:42.0115 6060 WANARP - ok

17:25:42.0131 6060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:25:42.0162 6060 Wanarpv6 - ok

17:25:42.0193 6060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:25:42.0209 6060 Wd - ok

17:25:42.0240 6060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:25:42.0256 6060 Wdf01000 - ok

17:25:42.0271 6060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:25:42.0303 6060 WfpLwf - ok

17:25:42.0334 6060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:25:42.0349 6060 WIMMount - ok

17:25:42.0412 6060 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

17:25:42.0459 6060 WinUsb - ok

17:25:42.0521 6060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

17:25:42.0537 6060 WmiAcpi - ok

17:25:42.0583 6060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:25:42.0615 6060 ws2ifsl - ok

17:25:42.0677 6060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:25:42.0739 6060 WudfPf - ok

17:25:42.0786 6060 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:25:42.0849 6060 WUDFRd - ok

17:25:42.0895 6060 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

17:25:43.0051 6060 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning

17:25:43.0051 6060 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)

17:25:43.0114 6060 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:25:43.0114 6060 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:25:43.0129 6060 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

17:25:43.0660 6060 \Device\Harddisk1\DR1 - ok

17:25:43.0675 6060 Boot (0x1200) (e5737555a0dda3c84b6bd9915f9afa29) \Device\Harddisk0\DR0\Partition0

17:25:43.0675 6060 \Device\Harddisk0\DR0\Partition0 - ok

17:25:43.0691 6060 Boot (0x1200) (4e8832d23b6c3fad5b3b98b540a8b060) \Device\Harddisk0\DR0\Partition1

17:25:43.0691 6060 \Device\Harddisk0\DR0\Partition1 - ok

17:25:43.0691 6060 Boot (0x1200) (9f74d2eeb2f0073e868159f551a0fca0) \Device\Harddisk1\DR1\Partition0

17:25:43.0707 6060 \Device\Harddisk1\DR1\Partition0 - ok

17:25:43.0707 6060 ============================================================

17:25:43.0707 6060 Scan finished

17:25:43.0707 6060 ============================================================

17:25:43.0722 5708 Detected object count: 2

17:25:43.0722 5708 Actual detected object count: 2

17:26:12.0366 5708 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user

17:26:12.0366 5708 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip

17:26:12.0382 5708 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:26:12.0382 5708 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

I quarantined it, but it keeps coming right back.

17:41:48.0265 4104 ============================================================

17:41:48.0265 4104 Scan started

17:41:48.0265 4104 Mode: Manual; SigCheck; TDLFS;

17:41:48.0265 4104 ============================================================

17:41:48.0779 4104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:41:48.0795 4104 1394ohci - ok

17:41:48.0857 4104 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys

17:41:48.0873 4104 Accelerometer - ok

17:41:48.0951 4104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:41:48.0982 4104 ACPI - ok

17:41:49.0045 4104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:41:49.0076 4104 AcpiPmi - ok

17:41:49.0154 4104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:41:49.0185 4104 adp94xx - ok

17:41:49.0247 4104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:41:49.0263 4104 adpahci - ok

17:41:49.0325 4104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:41:49.0341 4104 adpu320 - ok

17:41:49.0403 4104 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

17:41:49.0435 4104 AFD - ok

17:41:49.0497 4104 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys

17:41:49.0528 4104 AgereSoftModem - ok

17:41:49.0575 4104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:41:49.0575 4104 agp440 - ok

17:41:49.0622 4104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:41:49.0637 4104 aliide - ok

17:41:49.0700 4104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:41:49.0731 4104 amdide - ok

17:41:49.0762 4104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:41:49.0778 4104 AmdK8 - ok

17:41:49.0793 4104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:41:49.0809 4104 AmdPPM - ok

17:41:49.0856 4104 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

17:41:49.0871 4104 amdsata - ok

17:41:49.0903 4104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:41:49.0918 4104 amdsbs - ok

17:41:49.0934 4104 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

17:41:49.0934 4104 amdxata - ok

17:41:49.0996 4104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:41:50.0043 4104 AppID - ok

17:41:50.0074 4104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:41:50.0090 4104 arc - ok

17:41:50.0105 4104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:41:50.0121 4104 arcsas - ok

17:41:50.0137 4104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:41:50.0183 4104 AsyncMac - ok

17:41:50.0230 4104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:41:50.0246 4104 atapi - ok

17:41:50.0293 4104 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

17:41:50.0293 4104 AVGIDSDriver - ok

17:41:50.0355 4104 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

17:41:50.0371 4104 AVGIDSEH - ok

17:41:50.0386 4104 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

17:41:50.0402 4104 AVGIDSFilter - ok

17:41:50.0449 4104 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

17:41:50.0480 4104 Avgldx64 - ok

17:41:50.0527 4104 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

17:41:50.0542 4104 Avgmfx64 - ok

17:41:50.0558 4104 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

17:41:50.0573 4104 Avgrkx64 - ok

17:41:50.0620 4104 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

17:41:50.0636 4104 Avgtdia - ok

17:41:50.0667 4104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:41:50.0683 4104 b06bdrv - ok

17:41:50.0714 4104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:41:50.0729 4104 b57nd60a - ok

17:41:50.0745 4104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:41:50.0776 4104 Beep - ok

17:41:50.0792 4104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:41:50.0807 4104 blbdrive - ok

17:41:50.0870 4104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:41:50.0885 4104 bowser - ok

17:41:50.0932 4104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:41:50.0963 4104 BrFiltLo - ok

17:41:50.0979 4104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:41:50.0995 4104 BrFiltUp - ok

17:41:50.0995 4104 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

17:41:51.0026 4104 BridgeMP - ok

17:41:51.0041 4104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:41:51.0073 4104 Brserid - ok

17:41:51.0073 4104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:41:51.0088 4104 BrSerWdm - ok

17:41:51.0104 4104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:41:51.0119 4104 BrUsbMdm - ok

17:41:51.0119 4104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:41:51.0135 4104 BrUsbSer - ok

17:41:51.0197 4104 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

17:41:51.0213 4104 BthEnum - ok

17:41:51.0229 4104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:41:51.0260 4104 BTHMODEM - ok

17:41:51.0275 4104 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

17:41:51.0291 4104 BthPan - ok

17:41:51.0353 4104 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

17:41:51.0385 4104 BTHPORT - ok

17:41:51.0400 4104 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

17:41:51.0416 4104 BTHUSB - ok

17:41:51.0447 4104 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys

17:41:51.0447 4104 btusbflt - ok

17:41:51.0447 4104 catchme - ok

17:41:51.0478 4104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:41:51.0509 4104 cdfs - ok

17:41:51.0619 4104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

17:41:51.0650 4104 cdrom - ok

17:41:51.0681 4104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:41:51.0697 4104 circlass - ok

17:41:51.0728 4104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:41:51.0743 4104 CLFS - ok

17:41:51.0759 4104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:41:51.0775 4104 CmBatt - ok

17:41:51.0821 4104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:41:51.0821 4104 cmdide - ok

17:41:51.0884 4104 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:41:51.0899 4104 CNG - ok

17:41:51.0915 4104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:41:51.0931 4104 Compbatt - ok

17:41:51.0977 4104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

17:41:51.0977 4104 CompositeBus - ok

17:41:52.0009 4104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:41:52.0024 4104 crcdisk - ok

17:41:52.0087 4104 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

17:41:52.0118 4104 CSC - ok

17:41:52.0165 4104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:41:52.0227 4104 DfsC - ok

17:41:52.0243 4104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:41:52.0289 4104 discache - ok

17:41:52.0305 4104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:41:52.0321 4104 Disk - ok

17:41:52.0367 4104 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

17:41:52.0383 4104 Dot4 - ok

17:41:52.0430 4104 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

17:41:52.0445 4104 Dot4Print - ok

17:41:52.0461 4104 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

17:41:52.0477 4104 dot4usb - ok

17:41:52.0508 4104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:41:52.0523 4104 drmkaud - ok

17:41:52.0570 4104 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys

17:41:52.0570 4104 dsNcAdpt - ok

17:41:52.0648 4104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:41:52.0679 4104 DXGKrnl - ok

17:41:52.0711 4104 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys

17:41:52.0726 4104 e1kexpress - ok

17:41:52.0804 4104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:41:52.0835 4104 ebdrv - ok

17:41:52.0882 4104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:41:52.0898 4104 elxstor - ok

17:41:52.0929 4104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:41:52.0945 4104 ErrDev - ok

17:41:52.0960 4104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:41:52.0991 4104 exfat - ok

17:41:53.0023 4104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:41:53.0069 4104 fastfat - ok

17:41:53.0069 4104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:41:53.0085 4104 fdc - ok

17:41:53.0116 4104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:41:53.0116 4104 FileInfo - ok

17:41:53.0132 4104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:41:53.0163 4104 Filetrace - ok

17:41:53.0179 4104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:41:53.0194 4104 flpydisk - ok

17:41:53.0225 4104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:41:53.0225 4104 FltMgr - ok

17:41:53.0257 4104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:41:53.0272 4104 FsDepends - ok

17:41:53.0288 4104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:41:53.0303 4104 Fs_Rec - ok

17:41:53.0350 4104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:41:53.0366 4104 fvevol - ok

17:41:53.0381 4104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:41:53.0397 4104 gagp30kx - ok

17:41:53.0444 4104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:41:53.0459 4104 GEARAspiWDM - ok

17:41:53.0475 4104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:41:53.0491 4104 hcw85cir - ok

17:41:53.0537 4104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

17:41:53.0553 4104 HdAudAddService - ok

17:41:53.0600 4104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

17:41:53.0631 4104 HDAudBus - ok

17:41:53.0678 4104 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:41:53.0693 4104 HECIx64 - ok

17:41:53.0693 4104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:41:53.0709 4104 HidBatt - ok

17:41:53.0725 4104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:41:53.0756 4104 HidBth - ok

17:41:53.0771 4104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:41:53.0787 4104 HidIr - ok

17:41:53.0834 4104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:41:53.0849 4104 HidUsb - ok

17:41:53.0881 4104 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys

17:41:53.0881 4104 hpdskflt - ok

17:41:53.0912 4104 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

17:41:53.0912 4104 HpqKbFiltr - ok

17:41:53.0959 4104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:41:53.0974 4104 HpSAMD - ok

17:41:54.0021 4104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:41:54.0068 4104 HTTP - ok

17:41:54.0115 4104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:41:54.0146 4104 hwpolicy - ok

17:41:54.0193 4104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

17:41:54.0208 4104 i8042prt - ok

17:41:54.0255 4104 iaStor (c50107c730c9a955f6fd7376733f2d68) C:\Windows\system32\DRIVERS\iaStor.sys

17:41:54.0271 4104 iaStor - ok

17:41:54.0333 4104 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

17:41:54.0364 4104 iaStorV - ok

17:41:54.0567 4104 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:41:54.0676 4104 igfx - ok

17:41:54.0707 4104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:41:54.0707 4104 iirsp - ok

17:41:54.0754 4104 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

17:41:54.0770 4104 Impcd - ok

17:41:54.0801 4104 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys

17:41:54.0817 4104 IntcDAud - ok

17:41:54.0848 4104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:41:54.0848 4104 intelide - ok

17:41:54.0879 4104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:41:54.0910 4104 intelppm - ok

17:41:54.0957 4104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:41:55.0019 4104 IpFilterDriver - ok

17:41:55.0082 4104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:41:55.0113 4104 IPMIDRV - ok

17:41:55.0129 4104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:41:55.0175 4104 IPNAT - ok

17:41:55.0207 4104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:41:55.0207 4104 IRENUM - ok

17:41:55.0238 4104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:41:55.0269 4104 isapnp - ok

17:41:55.0300 4104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:41:55.0316 4104 iScsiPrt - ok

17:41:55.0331 4104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

17:41:55.0347 4104 kbdclass - ok

17:41:55.0394 4104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

17:41:55.0409 4104 kbdhid - ok

17:41:55.0472 4104 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:41:55.0487 4104 KSecDD - ok

17:41:55.0550 4104 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:41:55.0550 4104 KSecPkg - ok

17:41:55.0565 4104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:41:55.0597 4104 ksthunk - ok

17:41:55.0628 4104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:41:55.0659 4104 lltdio - ok

17:41:55.0690 4104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:41:55.0706 4104 LSI_FC - ok

17:41:55.0737 4104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:41:55.0737 4104 LSI_SAS - ok

17:41:55.0768 4104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:41:55.0768 4104 LSI_SAS2 - ok

17:41:55.0799 4104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:41:55.0815 4104 LSI_SCSI - ok

17:41:55.0831 4104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:41:55.0877 4104 luafv - ok

17:41:55.0893 4104 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

17:41:55.0909 4104 MBAMProtector - ok

17:41:55.0940 4104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:41:55.0940 4104 megasas - ok

17:41:55.0971 4104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:41:55.0971 4104 MegaSR - ok

17:41:56.0002 4104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:41:56.0033 4104 Modem - ok

17:41:56.0065 4104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:41:56.0080 4104 monitor - ok

17:41:56.0143 4104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

17:41:56.0158 4104 mouclass - ok

17:41:56.0174 4104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:41:56.0189 4104 mouhid - ok

17:41:56.0252 4104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:41:56.0267 4104 mountmgr - ok

17:41:56.0330 4104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:41:56.0330 4104 mpio - ok

17:41:56.0377 4104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:41:56.0423 4104 mpsdrv - ok

17:41:56.0486 4104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:41:56.0517 4104 MRxDAV - ok

17:41:56.0564 4104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:41:56.0595 4104 mrxsmb - ok

17:41:56.0642 4104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:41:56.0673 4104 mrxsmb10 - ok

17:41:56.0720 4104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:41:56.0751 4104 mrxsmb20 - ok

17:41:56.0798 4104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:41:56.0829 4104 msahci - ok

17:41:56.0845 4104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:41:56.0860 4104 msdsm - ok

17:41:56.0891 4104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:41:56.0923 4104 Msfs - ok

17:41:56.0985 4104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:41:57.0032 4104 mshidkmdf - ok

17:41:57.0094 4104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:41:57.0110 4104 msisadrv - ok

17:41:57.0125 4104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:41:57.0157 4104 MSKSSRV - ok

17:41:57.0188 4104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:41:57.0219 4104 MSPCLOCK - ok

17:41:57.0250 4104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:41:57.0281 4104 MSPQM - ok

17:41:57.0344 4104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:41:57.0359 4104 MsRPC - ok

17:41:57.0406 4104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

17:41:57.0422 4104 mssmbios - ok

17:41:57.0437 4104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:41:57.0484 4104 MSTEE - ok

17:41:57.0484 4104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:41:57.0500 4104 MTConfig - ok

17:41:57.0515 4104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:41:57.0531 4104 Mup - ok

17:41:57.0547 4104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:41:57.0562 4104 NativeWifiP - ok

17:41:57.0640 4104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

17:41:57.0687 4104 NDIS - ok

17:41:57.0718 4104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:41:57.0749 4104 NdisCap - ok

17:41:57.0765 4104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:41:57.0796 4104 NdisTapi - ok

17:41:57.0843 4104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:41:57.0905 4104 Ndisuio - ok

17:41:57.0952 4104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:41:57.0983 4104 NdisWan - ok

17:41:58.0046 4104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:41:58.0093 4104 NDProxy - ok

17:41:58.0124 4104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:41:58.0155 4104 NetBIOS - ok

17:41:58.0202 4104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:41:58.0264 4104 NetBT - ok

17:41:58.0451 4104 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys

17:41:58.0529 4104 NETwNs64 - ok

17:41:58.0561 4104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:41:58.0576 4104 nfrd960 - ok

17:41:58.0592 4104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:41:58.0623 4104 Npfs - ok

17:41:58.0639 4104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:41:58.0670 4104 nsiproxy - ok

17:41:58.0748 4104 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

17:41:58.0779 4104 Ntfs - ok

17:41:58.0795 4104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:41:58.0826 4104 Null - ok

17:41:58.0873 4104 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

17:41:58.0888 4104 nvraid - ok

17:41:58.0904 4104 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

17:41:58.0919 4104 nvstor - ok

17:41:59.0013 4104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:41:59.0029 4104 nv_agp - ok

17:41:59.0060 4104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:41:59.0060 4104 ohci1394 - ok

17:41:59.0107 4104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:41:59.0107 4104 Parport - ok

17:41:59.0169 4104 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:41:59.0169 4104 partmgr - ok

17:41:59.0247 4104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:41:59.0263 4104 pci - ok

17:41:59.0294 4104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:41:59.0294 4104 pciide - ok

17:41:59.0341 4104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:41:59.0356 4104 pcmcia - ok

17:41:59.0372 4104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:41:59.0387 4104 pcw - ok

17:41:59.0403 4104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:41:59.0450 4104 PEAUTH - ok

17:41:59.0481 4104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:41:59.0512 4104 PptpMiniport - ok

17:41:59.0543 4104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:41:59.0543 4104 Processor - ok

17:41:59.0606 4104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:41:59.0637 4104 Psched - ok

17:41:59.0684 4104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:41:59.0715 4104 ql2300 - ok

17:41:59.0746 4104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:41:59.0746 4104 ql40xx - ok

17:41:59.0777 4104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:41:59.0793 4104 QWAVEdrv - ok

17:41:59.0809 4104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:41:59.0840 4104 RasAcd - ok

17:41:59.0871 4104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:41:59.0902 4104 RasAgileVpn - ok

17:41:59.0965 4104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:42:00.0011 4104 Rasl2tp - ok

17:42:00.0027 4104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:42:00.0058 4104 RasPppoe - ok

17:42:00.0089 4104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:42:00.0121 4104 RasSstp - ok

17:42:00.0167 4104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:42:00.0230 4104 rdbss - ok

17:42:00.0245 4104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:42:00.0261 4104 rdpbus - ok

17:42:00.0277 4104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:42:00.0323 4104 RDPCDD - ok

17:42:00.0386 4104 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

17:42:00.0417 4104 RDPDR - ok

17:42:00.0433 4104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:42:00.0464 4104 RDPENCDD - ok

17:42:00.0495 4104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:42:00.0526 4104 RDPREFMP - ok

17:42:00.0573 4104 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

17:42:00.0604 4104 RdpVideoMiniport - ok

17:42:00.0635 4104 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

17:42:00.0682 4104 RDPWD - ok

17:42:00.0745 4104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:42:00.0760 4104 rdyboost - ok

17:42:00.0807 4104 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

17:42:00.0838 4104 RFCOMM - ok

17:42:00.0869 4104 RICOH SmartCard Reader (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys

17:42:00.0869 4104 RICOH SmartCard Reader - ok

17:42:00.0901 4104 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys

17:42:00.0901 4104 rimmptsk - ok

17:42:00.0916 4104 rismcx64 (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys

17:42:00.0932 4104 rismcx64 - ok

17:42:00.0947 4104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:42:00.0994 4104 rspndr - ok

17:42:01.0041 4104 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

17:42:01.0072 4104 s3cap - ok

17:42:01.0119 4104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:42:01.0135 4104 sbp2port - ok

17:42:01.0181 4104 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys

17:42:01.0197 4104 SCDEmu - ok

17:42:01.0244 4104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:42:01.0275 4104 scfilter - ok

17:42:01.0337 4104 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

17:42:01.0353 4104 sdbus - ok

17:42:01.0369 4104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:42:01.0400 4104 secdrv - ok

17:42:01.0431 4104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:42:01.0447 4104 Serenum - ok

17:42:01.0462 4104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:42:01.0478 4104 Serial - ok

17:42:01.0525 4104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:42:01.0540 4104 sermouse - ok

17:42:01.0571 4104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:42:01.0587 4104 sffdisk - ok

17:42:01.0603 4104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:42:01.0618 4104 sffp_mmc - ok

17:42:01.0634 4104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:42:01.0649 4104 sffp_sd - ok

17:42:01.0681 4104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:42:01.0681 4104 sfloppy - ok

17:42:01.0759 4104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:42:01.0774 4104 SiSRaid2 - ok

17:42:01.0821 4104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:42:01.0821 4104 SiSRaid4 - ok

17:42:01.0868 4104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:42:01.0930 4104 Smb - ok

17:42:01.0993 4104 SNP2UVC (a676e7f5c305cbc3d3d0e4d718f23329) C:\Windows\system32\DRIVERS\snp2uvc.sys

17:42:02.0039 4104 SNP2UVC - ok

17:42:02.0055 4104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:42:02.0055 4104 spldr - ok

17:42:02.0117 4104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:42:02.0133 4104 srv - ok

17:42:02.0149 4104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:42:02.0164 4104 srv2 - ok

17:42:02.0195 4104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:42:02.0211 4104 srvnet - ok

17:42:02.0227 4104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:42:02.0242 4104 stexstor - ok

17:42:02.0273 4104 STHDA (96df19a03d37f8568141612d31f0d035) C:\Windows\system32\DRIVERS\stwrt64.sys

17:42:02.0289 4104 STHDA - ok

17:42:02.0351 4104 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

17:42:02.0367 4104 StillCam - ok

17:42:02.0429 4104 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

17:42:02.0445 4104 storflt - ok

17:42:02.0492 4104 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

17:42:02.0507 4104 storvsc - ok

17:42:02.0539 4104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

17:42:02.0554 4104 swenum - ok

17:42:02.0570 4104 Synth3dVsc - ok

17:42:02.0632 4104 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys

17:42:02.0663 4104 SynTP - ok

17:42:02.0741 4104 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:42:02.0804 4104 Tcpip - ok

17:42:02.0835 4104 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:42:02.0866 4104 TCPIP6 - ok

17:42:02.0929 4104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:42:02.0960 4104 tcpipreg - ok

17:42:02.0975 4104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:42:03.0022 4104 TDPIPE - ok

17:42:03.0038 4104 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:42:03.0069 4104 TDTCP - ok

17:42:03.0116 4104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:42:03.0178 4104 tdx - ok

17:42:03.0225 4104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

17:42:03.0241 4104 TermDD - ok

17:42:03.0287 4104 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

17:42:03.0303 4104 TPM - ok

17:42:03.0350 4104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:42:03.0381 4104 tssecsrv - ok

17:42:03.0443 4104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:42:03.0459 4104 TsUsbFlt - ok

17:42:03.0475 4104 tsusbhub - ok

17:42:03.0537 4104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:42:03.0584 4104 tunnel - ok

17:42:03.0615 4104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:42:03.0631 4104 uagp35 - ok

17:42:03.0677 4104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:42:03.0709 4104 udfs - ok

17:42:03.0740 4104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:42:03.0755 4104 uliagpkx - ok

17:42:03.0802 4104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

17:42:03.0833 4104 umbus - ok

17:42:03.0833 4104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:42:03.0849 4104 UmPass - ok

17:42:03.0911 4104 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

17:42:03.0927 4104 USBAAPL64 - ok

17:42:03.0974 4104 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys

17:42:04.0005 4104 usbccgp - ok

17:42:04.0036 4104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:42:04.0052 4104 usbcir - ok

17:42:04.0083 4104 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

17:42:04.0099 4104 usbehci - ok

17:42:04.0145 4104 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

17:42:04.0177 4104 usbhub - ok

17:42:04.0208 4104 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

17:42:04.0223 4104 usbohci - ok

17:42:04.0270 4104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:42:04.0286 4104 usbprint - ok

17:42:04.0364 4104 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

17:42:04.0379 4104 usbscan - ok

17:42:04.0411 4104 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:42:04.0426 4104 USBSTOR - ok

17:42:04.0457 4104 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

17:42:04.0473 4104 usbuhci - ok

17:42:04.0504 4104 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

17:42:04.0520 4104 usbvideo - ok

17:42:04.0567 4104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:42:04.0582 4104 vdrvroot - ok

17:42:04.0613 4104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:42:04.0629 4104 vga - ok

17:42:04.0660 4104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:42:04.0691 4104 VgaSave - ok

17:42:04.0707 4104 VGPU - ok

17:42:04.0754 4104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:42:04.0769 4104 vhdmp - ok

17:42:04.0832 4104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:42:04.0847 4104 viaide - ok

17:42:04.0879 4104 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

17:42:04.0910 4104 vmbus - ok

17:42:04.0941 4104 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

17:42:04.0941 4104 VMBusHID - ok

17:42:05.0003 4104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:42:05.0019 4104 volmgr - ok

17:42:05.0113 4104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:42:05.0144 4104 volmgrx - ok

17:42:05.0191 4104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:42:05.0206 4104 volsnap - ok

17:42:05.0253 4104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:42:05.0269 4104 vsmraid - ok

17:42:05.0300 4104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:42:05.0316 4104 vwifibus - ok

17:42:05.0332 4104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:42:05.0348 4104 vwififlt - ok

17:42:05.0363 4104 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:42:05.0379 4104 vwifimp - ok

17:42:05.0410 4104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:42:05.0410 4104 WacomPen - ok

17:42:05.0426 4104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:42:05.0472 4104 WANARP - ok

17:42:05.0472 4104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:42:05.0504 4104 Wanarpv6 - ok

17:42:05.0535 4104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:42:05.0550 4104 Wd - ok

17:42:05.0582 4104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:42:05.0597 4104 Wdf01000 - ok

17:42:05.0628 4104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:42:05.0660 4104 WfpLwf - ok

17:42:05.0675 4104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:42:05.0691 4104 WIMMount - ok

17:42:05.0753 4104 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

17:42:05.0784 4104 WinUsb - ok

17:42:05.0847 4104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

17:42:05.0862 4104 WmiAcpi - ok

17:42:05.0894 4104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:42:05.0925 4104 ws2ifsl - ok

17:42:05.0987 4104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:42:06.0050 4104 WudfPf - ok

17:42:06.0065 4104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:42:06.0096 4104 WUDFRd - ok

17:42:06.0128 4104 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

17:42:06.0206 4104 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning

17:42:06.0206 4104 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)

17:42:06.0315 4104 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:42:06.0315 4104 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:42:06.0330 4104 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

17:42:06.0455 4104 \Device\Harddisk1\DR1 - ok

17:42:06.0471 4104 Boot (0x1200) (e5737555a0dda3c84b6bd9915f9afa29) \Device\Harddisk0\DR0\Partition0

17:42:06.0471 4104 \Device\Harddisk0\DR0\Partition0 - ok

17:42:06.0502 4104 Boot (0x1200) (4e8832d23b6c3fad5b3b98b540a8b060) \Device\Harddisk0\DR0\Partition1

17:42:06.0502 4104 \Device\Harddisk0\DR0\Partition1 - ok

17:42:06.0502 4104 Boot (0x1200) (9f74d2eeb2f0073e868159f551a0fca0) \Device\Harddisk1\DR1\Partition0

17:42:06.0518 4104 \Device\Harddisk1\DR1\Partition0 - ok

17:42:06.0518 4104 ============================================================

17:42:06.0518 4104 Scan finished

17:42:06.0518 4104 ============================================================

17:42:06.0518 5996 Detected object count: 2

17:42:06.0518 5996 Actual detected object count: 2

17:42:28.0935 5996 \Device\Harddisk0\DR0\# - copied to quarantine

17:42:28.0935 5996 \Device\Harddisk0\DR0 - copied to quarantine

17:42:28.0935 5996 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine

17:42:28.0935 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:42:28.0935 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

Restart your computer in Safe Mode.

Using the F8 Method:

Restart your computer.

When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options

select the Safe Mode option you want.

Then press the enter key on your keyboard to boot into Windows 7 Safe Mode.

When Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.

Now run MBAM, fix whatever it finds, followed by Combofix

Post both results after the CF reboot

Link to post
Share on other sites

Sorry, I had too much work and hadn't had time to work on this. I followed your instructions, but the svchost process keeps coming back.

Here's the safe mode logs:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.28.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

ggalindo :: GGALINDO-LT7 [administrator]

Protection: Disabled

2/27/2012 9:01:58 PM

mbam-log-2012-02-27 (21-01-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 187434

Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 1656 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

ComboFix 12-02-24.02 - ggalindo 02/27/2012 21:06:45.6.4 - x64 MINIMAL

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7986.7057 [GMT -8:00]

Running from: c:\users\ggalindo\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))

.

.

2012-02-28 05:13 . 2012-02-28 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-25 01:10 . 2012-02-25 11:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-02-25 01:10 . 2012-02-25 11:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-02-24 23:53 . 2012-02-28 01:41 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-24 19:12 . 2012-02-24 19:12 116016 ----a-w- c:\windows\system32\drivers\94862966.sys

2012-02-17 22:39 . 2012-02-17 22:39 -------- d-----w- c:\users\ggalindo\AppData\Roaming\Malwarebytes

2012-02-17 22:39 . 2012-02-26 07:19 -------- d-----w- c:\programdata\Malwarebytes

2012-02-17 22:39 . 2012-02-17 22:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-17 22:39 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-17 22:14 . 2012-02-17 22:14 -------- d-----w- c:\programdata\B7E8586B002E443F035C1E7FB4EB2331

2012-02-01 17:18 . 2012-02-01 17:18 -------- d-----w- c:\windows\SysWow64\drivers\AVG

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-17 23:35 . 2011-05-14 21:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-03 06:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-12-03 06:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-12-03 05:46 . 2011-12-03 05:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-12-03 05:46 . 2011-12-03 05:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-12-03 05:46 . 2011-12-03 05:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-12-03 05:46 . 2011-12-03 05:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-12-03 05:46 . 2011-12-03 05:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-12-03 05:46 . 2011-12-03 05:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-12-03 05:46 . 2011-12-03 05:46 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-12-03 05:46 . 2011-12-03 05:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-12-03 05:46 . 2011-12-03 05:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-12-03 05:46 . 2011-12-03 05:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-12-03 05:46 . 2011-12-03 05:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-12-03 05:46 . 2011-12-03 05:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-12-03 05:46 . 2011-12-03 05:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-12-03 05:46 . 2011-12-03 05:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-12-03 05:46 . 2011-12-03 05:46 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-12-03 05:46 . 2011-12-03 05:46 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-12-03 05:46 . 2011-12-03 05:46 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-12-03 05:46 . 2011-12-03 05:46 448512 ----a-w- c:\windows\system32\html.iec

2011-12-03 05:46 . 2011-12-03 05:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-12-03 05:46 . 2011-12-03 05:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-12-03 05:46 . 2011-12-03 05:46 222208 ----a-w- c:\windows\system32\msls31.dll

2011-12-03 05:46 . 2011-12-03 05:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-12-03 05:46 . 2011-12-03 05:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-12-03 05:46 . 2011-12-03 05:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-12-03 05:46 . 2011-12-03 05:46 12288 ----a-w- c:\windows\system32\mshta.exe

2011-12-03 05:46 . 2011-12-03 05:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-12-03 05:46 . 2011-12-03 05:46 114176 ----a-w- c:\windows\system32\admparse.dll

2011-12-03 05:46 . 2011-12-03 05:46 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-12-03 05:46 . 2011-12-03 05:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-12-03 05:46 . 2011-12-03 05:46 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-12-03 05:46 . 2011-12-03 05:46 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-12-03 05:46 . 2011-12-03 05:46 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-03 05:46 . 2011-12-03 05:46 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-12-03 05:46 . 2011-12-03 05:46 160256 ----a-w- c:\windows\system32\wextract.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-24_19.03.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-24 04:32 . 2012-02-28 05:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-02-24 04:32 . 2012-02-24 18:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-02-24 20:09 . 2012-02-24 20:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2012-02-27 17:24 . 2012-02-27 18:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022720120228\index.dat

+ 2012-02-27 17:24 . 2012-02-26 07:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022020120227\index.dat

+ 2012-02-24 04:38 . 2012-02-28 02:06 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2011-02-28 08:25 . 2012-02-27 18:14 41058 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-28 01:18 45668 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-28 08:05 . 2012-02-28 01:18 12592 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2687459928-2638469743-227528149-1000_UserData.bin

+ 2012-02-17 22:22 . 2012-02-25 19:21 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

- 2012-02-17 22:22 . 2012-02-17 22:20 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

+ 2011-02-28 07:24 . 2012-02-28 01:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-28 07:24 . 2012-02-23 22:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-28 07:24 . 2012-02-28 01:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-28 07:24 . 2012-02-23 22:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-28 01:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-23 22:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-03-01 21:29 . 2012-01-27 22:22 4216 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-03-01 21:29 . 2012-02-28 01:13 4216 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-02-28 07:23 . 2012-02-24 05:12 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2011-02-28 07:23 . 2012-02-28 02:29 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-02-24 17:47 . 2012-02-24 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-28 04:20 . 2012-02-28 04:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-24 17:47 . 2012-02-24 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-28 04:20 . 2012-02-28 04:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-02-28 05:06 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-28 21:07 . 2012-02-27 17:18 338278 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-03-04 17:40 . 2012-02-28 01:20 418868 c:\windows\system32\perfh011.dat

+ 2009-07-14 02:36 . 2012-02-28 01:20 663434 c:\windows\system32\perfh009.dat

+ 2011-03-04 17:40 . 2012-02-28 01:20 122270 c:\windows\system32\perfc011.dat

+ 2009-07-14 02:36 . 2012-02-28 01:20 122270 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:38 . 2012-02-26 07:20 262144 c:\windows\system32\config\systemprofile\ntuser.dat

- 2009-07-14 05:38 . 2011-02-28 07:20 262144 c:\windows\system32\config\systemprofile\ntuser.dat

+ 2009-07-14 05:01 . 2012-02-28 02:29 314452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-02-24 05:12 314452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:54 . 2012-02-28 05:06 2899968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-28 05:06 6750208 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-28 21:20 . 2012-02-28 02:29 1106780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2687459928-2638469743-227528149-1000-8192.dat

+ 2012-02-24 04:58 . 2012-02-28 02:29 2062856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2011-04-04 03:37 . 2012-02-28 01:13 20399192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2687459928-2638469743-227528149-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]

"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]

"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]

R3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\gcFlash]

2009-11-04 18:19 138972 ----a-w- c:\windows\GCFlashExecute.EXE

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-08 489472]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-20 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-20 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-20 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

Trusted Zone: gene.com\gconnect

TCP: DhcpNameServer = 63.251.62.33 63.251.62.1

FF - ProfilePath - c:\users\ggalindo\AppData\Roaming\Mozilla\Firefox\Profiles\mucutdes.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-27 21:16:27

ComboFix-quarantined-files.txt 2012-02-28 05:16

ComboFix2.txt 2012-02-28 04:39

ComboFix3.txt 2012-02-28 04:07

ComboFix4.txt 2012-02-28 00:30

ComboFix5.txt 2012-02-28 05:06

.

Pre-Run: 9,795,407,872 bytes free

Post-Run: 9,686,138,880 bytes free

.

- - End Of File - - DC61436E9F08C90BBF0107731A674915

Link to post
Share on other sites

I got an option to cure this time!

10:10:50.0880 6648 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24

10:10:51.0352 6648 ============================================================

10:10:51.0352 6648 Current date / time: 2012/03/01 10:10:51.0352

10:10:51.0352 6648 SystemInfo:

10:10:51.0352 6648

10:10:51.0353 6648 OS Version: 6.1.7601 ServicePack: 1.0

10:10:51.0353 6648 Product type: Workstation

10:10:51.0353 6648 ComputerName: GGALINDO-LT7

10:10:51.0353 6648 UserName: ggalindo

10:10:51.0353 6648 Windows directory: C:\Windows

10:10:51.0353 6648 System windows directory: C:\Windows

10:10:51.0353 6648 Running under WOW64

10:10:51.0353 6648 Processor architecture: Intel x64

10:10:51.0353 6648 Number of processors: 4

10:10:51.0353 6648 Page size: 0x1000

10:10:51.0353 6648 Boot type: Normal boot

10:10:51.0353 6648 ============================================================

10:10:51.0862 6648 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:10:51.0865 6648 Drive \Device\Harddisk1\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:10:52.0287 6648 \Device\Harddisk0\DR0:

10:10:52.0287 6648 MBR used

10:10:52.0287 6648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:10:52.0287 6648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

10:10:52.0287 6648 \Device\Harddisk1\DR3:

10:10:52.0288 6648 MBR used

10:10:52.0288 6648 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482

10:10:52.0354 6648 Initialize success

10:10:52.0354 6648 ============================================================

10:11:02.0012 5068 ============================================================

10:11:02.0012 5068 Scan started

10:11:02.0012 5068 Mode: Manual; SigCheck; TDLFS;

10:11:02.0012 5068 ============================================================

10:11:05.0559 5068 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:11:05.0720 5068 1394ohci - ok

10:11:05.0778 5068 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys

10:11:05.0807 5068 Accelerometer - ok

10:11:05.0894 5068 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:11:05.0912 5068 ACPI - ok

10:11:05.0984 5068 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:11:06.0085 5068 AcpiPmi - ok

10:11:06.0203 5068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:11:06.0236 5068 adp94xx - ok

10:11:06.0306 5068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:11:06.0329 5068 adpahci - ok

10:11:06.0380 5068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:11:06.0398 5068 adpu320 - ok

10:11:06.0487 5068 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

10:11:06.0602 5068 AFD - ok

10:11:06.0674 5068 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys

10:11:06.0767 5068 AgereSoftModem - ok

10:11:06.0837 5068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:11:06.0852 5068 agp440 - ok

10:11:06.0928 5068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:11:06.0942 5068 aliide - ok

10:11:06.0988 5068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:11:06.0999 5068 amdide - ok

10:11:07.0053 5068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:11:07.0157 5068 AmdK8 - ok

10:11:07.0191 5068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:11:07.0237 5068 AmdPPM - ok

10:11:07.0289 5068 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

10:11:07.0309 5068 amdsata - ok

10:11:07.0353 5068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:11:07.0378 5068 amdsbs - ok

10:11:07.0435 5068 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

10:11:07.0449 5068 amdxata - ok

10:11:07.0527 5068 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:11:07.0750 5068 AppID - ok

10:11:07.0828 5068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:11:07.0845 5068 arc - ok

10:11:07.0907 5068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:11:07.0925 5068 arcsas - ok

10:11:08.0011 5068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:11:08.0161 5068 AsyncMac - ok

10:11:08.0238 5068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:11:08.0251 5068 atapi - ok

10:11:08.0309 5068 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

10:11:08.0325 5068 AVGIDSDriver - ok

10:11:08.0390 5068 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

10:11:08.0399 5068 AVGIDSEH - ok

10:11:08.0442 5068 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

10:11:08.0458 5068 AVGIDSFilter - ok

10:11:08.0511 5068 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

10:11:08.0531 5068 Avgldx64 - ok

10:11:08.0602 5068 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

10:11:08.0614 5068 Avgmfx64 - ok

10:11:08.0651 5068 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

10:11:08.0663 5068 Avgrkx64 - ok

10:11:08.0744 5068 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

10:11:08.0760 5068 Avgtdia - ok

10:11:08.0825 5068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:11:08.0890 5068 b06bdrv - ok

10:11:08.0935 5068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:11:08.0971 5068 b57nd60a - ok

10:11:09.0000 5068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:11:09.0052 5068 Beep - ok

10:11:09.0117 5068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:11:09.0147 5068 blbdrive - ok

10:11:09.0229 5068 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:11:09.0319 5068 bowser - ok

10:11:09.0340 5068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:11:09.0431 5068 BrFiltLo - ok

10:11:09.0447 5068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:11:09.0479 5068 BrFiltUp - ok

10:11:09.0534 5068 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

10:11:09.0599 5068 BridgeMP - ok

10:11:09.0632 5068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:11:09.0725 5068 Brserid - ok

10:11:09.0746 5068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:11:09.0780 5068 BrSerWdm - ok

10:11:09.0804 5068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:11:09.0858 5068 BrUsbMdm - ok

10:11:09.0870 5068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:11:09.0894 5068 BrUsbSer - ok

10:11:09.0972 5068 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

10:11:10.0047 5068 BthEnum - ok

10:11:10.0072 5068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:11:10.0104 5068 BTHMODEM - ok

10:11:10.0143 5068 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

10:11:10.0180 5068 BthPan - ok

10:11:10.0268 5068 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

10:11:10.0322 5068 BTHPORT - ok

10:11:10.0405 5068 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

10:11:10.0449 5068 BTHUSB - ok

10:11:10.0483 5068 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys

10:11:10.0492 5068 btusbflt - ok

10:11:10.0515 5068 catchme - ok

10:11:10.0558 5068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:11:10.0608 5068 cdfs - ok

10:11:10.0731 5068 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

10:11:10.0770 5068 cdrom - ok

10:11:10.0818 5068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:11:10.0853 5068 circlass - ok

10:11:10.0890 5068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:11:10.0908 5068 CLFS - ok

10:11:10.0950 5068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:11:10.0980 5068 CmBatt - ok

10:11:11.0024 5068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:11:11.0037 5068 cmdide - ok

10:11:11.0092 5068 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:11:11.0115 5068 CNG - ok

10:11:11.0171 5068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:11:11.0181 5068 Compbatt - ok

10:11:11.0242 5068 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:11:11.0273 5068 CompositeBus - ok

10:11:11.0309 5068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:11:11.0319 5068 crcdisk - ok

10:11:11.0384 5068 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

10:11:11.0483 5068 CSC - ok

10:11:11.0546 5068 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:11:11.0601 5068 DfsC - ok

10:11:11.0625 5068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:11:11.0673 5068 discache - ok

10:11:11.0716 5068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:11:11.0727 5068 Disk - ok

10:11:11.0818 5068 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

10:11:11.0851 5068 Dot4 - ok

10:11:11.0920 5068 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

10:11:11.0982 5068 Dot4Print - ok

10:11:12.0032 5068 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

10:11:12.0060 5068 dot4usb - ok

10:11:12.0098 5068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:11:12.0129 5068 drmkaud - ok

10:11:12.0193 5068 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys

10:11:12.0244 5068 dsNcAdpt - ok

10:11:12.0339 5068 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:11:12.0395 5068 DXGKrnl - ok

10:11:12.0435 5068 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys

10:11:12.0466 5068 e1kexpress - ok

10:11:12.0566 5068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:11:12.0731 5068 ebdrv - ok

10:11:12.0821 5068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:11:12.0847 5068 elxstor - ok

10:11:12.0928 5068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:11:13.0080 5068 ErrDev - ok

10:11:13.0118 5068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:11:13.0203 5068 exfat - ok

10:11:13.0248 5068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:11:13.0320 5068 fastfat - ok

10:11:13.0361 5068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:11:13.0395 5068 fdc - ok

10:11:13.0430 5068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:11:13.0441 5068 FileInfo - ok

10:11:13.0462 5068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:11:13.0512 5068 Filetrace - ok

10:11:13.0552 5068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:11:13.0569 5068 flpydisk - ok

10:11:13.0654 5068 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:11:13.0674 5068 FltMgr - ok

10:11:13.0703 5068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:11:13.0718 5068 FsDepends - ok

10:11:13.0747 5068 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:11:13.0761 5068 Fs_Rec - ok

10:11:13.0823 5068 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:11:13.0845 5068 fvevol - ok

10:11:13.0880 5068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:11:13.0892 5068 gagp30kx - ok

10:11:14.0143 5068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:11:14.0155 5068 GEARAspiWDM - ok

10:11:14.0191 5068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:11:14.0292 5068 hcw85cir - ok

10:11:14.0365 5068 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:11:14.0431 5068 HdAudAddService - ok

10:11:14.0494 5068 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:11:14.0523 5068 HDAudBus - ok

10:11:14.0577 5068 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

10:11:14.0592 5068 HECIx64 - ok

10:11:14.0647 5068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:11:14.0664 5068 HidBatt - ok

10:11:14.0710 5068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:11:14.0760 5068 HidBth - ok

10:11:14.0809 5068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:11:14.0841 5068 HidIr - ok

10:11:14.0913 5068 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:11:14.0964 5068 HidUsb - ok

10:11:15.0032 5068 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys

10:11:15.0043 5068 hpdskflt - ok

10:11:15.0106 5068 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

10:11:15.0146 5068 HpqKbFiltr - ok

10:11:15.0219 5068 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:11:15.0233 5068 HpSAMD - ok

10:11:15.0332 5068 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:11:15.0406 5068 HTTP - ok

10:11:15.0463 5068 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:11:15.0475 5068 hwpolicy - ok

10:11:15.0537 5068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:11:15.0551 5068 i8042prt - ok

10:11:15.0594 5068 iaStor (c50107c730c9a955f6fd7376733f2d68) C:\Windows\system32\DRIVERS\iaStor.sys

10:11:15.0607 5068 iaStor - ok

10:11:15.0679 5068 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

10:11:15.0699 5068 iaStorV - ok

10:11:15.0944 5068 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys

10:11:16.0258 5068 igfx - ok

10:11:16.0334 5068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:11:16.0345 5068 iirsp - ok

10:11:16.0386 5068 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

10:11:16.0431 5068 Impcd - ok

10:11:16.0463 5068 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys

10:11:16.0508 5068 IntcDAud - ok

10:11:16.0562 5068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:11:16.0574 5068 intelide - ok

10:11:16.0604 5068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:11:16.0632 5068 intelppm - ok

10:11:16.0700 5068 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:11:16.0760 5068 IpFilterDriver - ok

10:11:16.0848 5068 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:11:16.0872 5068 IPMIDRV - ok

10:11:16.0912 5068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:11:16.0962 5068 IPNAT - ok

10:11:17.0011 5068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:11:17.0101 5068 IRENUM - ok

10:11:17.0171 5068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:11:17.0183 5068 isapnp - ok

10:11:17.0245 5068 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:11:17.0264 5068 iScsiPrt - ok

10:11:17.0296 5068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:11:17.0307 5068 kbdclass - ok

10:11:17.0355 5068 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:11:17.0405 5068 kbdhid - ok

10:11:17.0473 5068 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:11:17.0491 5068 KSecDD - ok

10:11:17.0557 5068 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:11:17.0572 5068 KSecPkg - ok

10:11:17.0614 5068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:11:17.0671 5068 ksthunk - ok

10:11:17.0772 5068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:11:17.0820 5068 lltdio - ok

10:11:17.0879 5068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:11:17.0892 5068 LSI_FC - ok

10:11:17.0971 5068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:11:17.0984 5068 LSI_SAS - ok

10:11:18.0020 5068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:11:18.0032 5068 LSI_SAS2 - ok

10:11:18.0080 5068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:11:18.0092 5068 LSI_SCSI - ok

10:11:18.0134 5068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:11:18.0187 5068 luafv - ok

10:11:18.0295 5068 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

10:11:18.0304 5068 MBAMProtector - ok

10:11:18.0355 5068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:11:18.0366 5068 megasas - ok

10:11:18.0413 5068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:11:18.0431 5068 MegaSR - ok

10:11:18.0462 5068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:11:18.0521 5068 Modem - ok

10:11:18.0606 5068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:11:18.0635 5068 monitor - ok

10:11:18.0761 5068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

10:11:18.0776 5068 mouclass - ok

10:11:18.0846 5068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:11:18.0859 5068 mouhid - ok

10:11:18.0917 5068 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:11:18.0929 5068 mountmgr - ok

10:11:19.0000 5068 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:11:19.0014 5068 mpio - ok

10:11:19.0091 5068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:11:19.0177 5068 mpsdrv - ok

10:11:19.0233 5068 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:11:19.0311 5068 MRxDAV - ok

10:11:19.0369 5068 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:11:19.0437 5068 mrxsmb - ok

10:11:19.0494 5068 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:11:19.0533 5068 mrxsmb10 - ok

10:11:19.0586 5068 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:11:19.0602 5068 mrxsmb20 - ok

10:11:19.0655 5068 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:11:19.0667 5068 msahci - ok

10:11:19.0716 5068 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:11:19.0729 5068 msdsm - ok

10:11:19.0784 5068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:11:19.0829 5068 Msfs - ok

10:11:19.0862 5068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:11:19.0920 5068 mshidkmdf - ok

10:11:19.0970 5068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:11:19.0984 5068 msisadrv - ok

10:11:20.0023 5068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:11:20.0102 5068 MSKSSRV - ok

10:11:20.0137 5068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:11:20.0185 5068 MSPCLOCK - ok

10:11:20.0210 5068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:11:20.0267 5068 MSPQM - ok

10:11:20.0316 5068 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:11:20.0336 5068 MsRPC - ok

10:11:20.0393 5068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:11:20.0404 5068 mssmbios - ok

10:11:20.0427 5068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:11:20.0480 5068 MSTEE - ok

10:11:20.0507 5068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:11:20.0532 5068 MTConfig - ok

10:11:20.0568 5068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:11:20.0579 5068 Mup - ok

10:11:20.0634 5068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:11:20.0674 5068 NativeWifiP - ok

10:11:20.0772 5068 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:11:20.0818 5068 NDIS - ok

10:11:20.0851 5068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:11:20.0901 5068 NdisCap - ok

10:11:20.0940 5068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:11:20.0993 5068 NdisTapi - ok

10:11:21.0062 5068 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:11:21.0101 5068 Ndisuio - ok

10:11:21.0161 5068 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:11:21.0217 5068 NdisWan - ok

10:11:21.0269 5068 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:11:21.0323 5068 NDProxy - ok

10:11:21.0373 5068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:11:21.0409 5068 NetBIOS - ok

10:11:21.0469 5068 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:11:21.0513 5068 NetBT - ok

10:11:21.0714 5068 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys

10:11:21.0966 5068 NETwNs64 - ok

10:11:22.0122 5068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:11:22.0145 5068 nfrd960 - ok

10:11:22.0183 5068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:11:22.0234 5068 Npfs - ok

10:11:22.0307 5068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:11:22.0353 5068 nsiproxy - ok

10:11:22.0439 5068 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

10:11:22.0499 5068 Ntfs - ok

10:11:22.0518 5068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:11:22.0587 5068 Null - ok

10:11:22.0671 5068 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

10:11:22.0684 5068 nvraid - ok

10:11:22.0726 5068 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

10:11:22.0739 5068 nvstor - ok

10:11:22.0829 5068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:11:22.0841 5068 nv_agp - ok

10:11:22.0936 5068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:11:22.0999 5068 ohci1394 - ok

10:11:23.0073 5068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:11:23.0101 5068 Parport - ok

10:11:23.0171 5068 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:11:23.0184 5068 partmgr - ok

10:11:23.0241 5068 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:11:23.0258 5068 pci - ok

10:11:23.0338 5068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:11:23.0351 5068 pciide - ok

10:11:23.0387 5068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:11:23.0404 5068 pcmcia - ok

10:11:23.0426 5068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:11:23.0437 5068 pcw - ok

10:11:23.0468 5068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:11:23.0530 5068 PEAUTH - ok

10:11:23.0639 5068 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:11:23.0676 5068 PptpMiniport - ok

10:11:23.0694 5068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:11:23.0723 5068 Processor - ok

10:11:23.0794 5068 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:11:23.0841 5068 Psched - ok

10:11:23.0903 5068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:11:23.0961 5068 ql2300 - ok

10:11:23.0995 5068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:11:24.0009 5068 ql40xx - ok

10:11:24.0077 5068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:11:24.0113 5068 QWAVEdrv - ok

10:11:24.0139 5068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:11:24.0193 5068 RasAcd - ok

10:11:24.0216 5068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:11:24.0252 5068 RasAgileVpn - ok

10:11:24.0301 5068 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:11:24.0348 5068 Rasl2tp - ok

10:11:24.0388 5068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:11:24.0443 5068 RasPppoe - ok

10:11:24.0468 5068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:11:24.0520 5068 RasSstp - ok

10:11:24.0574 5068 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:11:24.0633 5068 rdbss - ok

10:11:24.0662 5068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:11:24.0686 5068 rdpbus - ok

10:11:24.0705 5068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:11:24.0755 5068 RDPCDD - ok

10:11:24.0810 5068 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

10:11:24.0879 5068 RDPDR - ok

10:11:24.0898 5068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:11:24.0954 5068 RDPENCDD - ok

10:11:24.0980 5068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:11:25.0014 5068 RDPREFMP - ok

10:11:25.0101 5068 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

10:11:25.0176 5068 RdpVideoMiniport - ok

10:11:25.0232 5068 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:11:25.0281 5068 RDPWD - ok

10:11:25.0314 5068 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:11:25.0329 5068 rdyboost - ok

10:11:25.0384 5068 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

10:11:25.0416 5068 RFCOMM - ok

10:11:25.0458 5068 RICOH SmartCard Reader (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys

10:11:25.0489 5068 RICOH SmartCard Reader - ok

10:11:25.0512 5068 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys

10:11:25.0550 5068 rimmptsk - ok

10:11:25.0564 5068 rismcx64 (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys

10:11:25.0575 5068 rismcx64 - ok

10:11:25.0622 5068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:11:25.0679 5068 rspndr - ok

10:11:25.0734 5068 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

10:11:25.0785 5068 s3cap - ok

10:11:25.0820 5068 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:11:25.0835 5068 sbp2port - ok

10:11:25.0921 5068 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys

10:11:25.0934 5068 SCDEmu - ok

10:11:25.0990 5068 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:11:26.0044 5068 scfilter - ok

10:11:26.0085 5068 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

10:11:26.0103 5068 sdbus - ok

10:11:26.0138 5068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:11:26.0184 5068 secdrv - ok

10:11:26.0233 5068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:11:26.0263 5068 Serenum - ok

10:11:26.0291 5068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:11:26.0317 5068 Serial - ok

10:11:26.0359 5068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:11:26.0384 5068 sermouse - ok

10:11:26.0418 5068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:11:26.0443 5068 sffdisk - ok

10:11:26.0470 5068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:11:26.0492 5068 sffp_mmc - ok

10:11:26.0507 5068 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:11:26.0533 5068 sffp_sd - ok

10:11:26.0579 5068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:11:26.0603 5068 sfloppy - ok

10:11:26.0643 5068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:11:26.0655 5068 SiSRaid2 - ok

10:11:26.0677 5068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:11:26.0690 5068 SiSRaid4 - ok

10:11:26.0738 5068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:11:26.0785 5068 Smb - ok

10:11:26.0868 5068 SNP2UVC (a676e7f5c305cbc3d3d0e4d718f23329) C:\Windows\system32\DRIVERS\snp2uvc.sys

10:11:26.0934 5068 SNP2UVC - ok

10:11:26.0962 5068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:11:26.0974 5068 spldr - ok

10:11:27.0038 5068 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:11:27.0120 5068 srv - ok

10:11:27.0155 5068 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:11:27.0191 5068 srv2 - ok

10:11:27.0221 5068 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:11:27.0254 5068 srvnet - ok

10:11:27.0307 5068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:11:27.0318 5068 stexstor - ok

10:11:27.0373 5068 STHDA (96df19a03d37f8568141612d31f0d035) C:\Windows\system32\DRIVERS\stwrt64.sys

10:11:27.0448 5068 STHDA - ok

10:11:27.0522 5068 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

10:11:27.0554 5068 StillCam - ok

10:11:27.0621 5068 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

10:11:27.0632 5068 storflt - ok

10:11:27.0674 5068 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

10:11:27.0687 5068 storvsc - ok

10:11:27.0737 5068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:11:27.0749 5068 swenum - ok

10:11:27.0794 5068 Synth3dVsc - ok

10:11:27.0860 5068 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys

10:11:27.0914 5068 SynTP - ok

10:11:28.0000 5068 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:11:28.0070 5068 Tcpip - ok

10:11:28.0123 5068 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:11:28.0159 5068 TCPIP6 - ok

10:11:28.0207 5068 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:11:28.0253 5068 tcpipreg - ok

10:11:28.0308 5068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:11:28.0362 5068 TDPIPE - ok

10:11:28.0385 5068 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:11:28.0438 5068 TDTCP - ok

10:11:28.0506 5068 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:11:28.0568 5068 tdx - ok

10:11:28.0620 5068 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:11:28.0631 5068 TermDD - ok

10:11:28.0679 5068 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

10:11:28.0709 5068 TPM - ok

10:11:28.0770 5068 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:11:28.0808 5068 tssecsrv - ok

10:11:28.0871 5068 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:11:28.0912 5068 TsUsbFlt - ok

10:11:28.0925 5068 tsusbhub - ok

10:11:29.0001 5068 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:11:29.0072 5068 tunnel - ok

10:11:29.0108 5068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:11:29.0120 5068 uagp35 - ok

10:11:29.0178 5068 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:11:29.0220 5068 udfs - ok

10:11:29.0276 5068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:11:29.0298 5068 uliagpkx - ok

10:11:29.0350 5068 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:11:29.0378 5068 umbus - ok

10:11:29.0403 5068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:11:29.0436 5068 UmPass - ok

10:11:29.0523 5068 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

10:11:29.0561 5068 USBAAPL64 - ok

10:11:29.0585 5068 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys

10:11:29.0615 5068 usbccgp - ok

10:11:29.0663 5068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:11:29.0695 5068 usbcir - ok

10:11:29.0746 5068 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

10:11:29.0777 5068 usbehci - ok

10:11:29.0814 5068 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

10:11:29.0843 5068 usbhub - ok

10:11:29.0872 5068 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

10:11:29.0928 5068 usbohci - ok

10:11:29.0967 5068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:11:29.0996 5068 usbprint - ok

10:11:30.0047 5068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:11:30.0077 5068 usbscan - ok

10:11:30.0106 5068 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:11:30.0136 5068 USBSTOR - ok

10:11:30.0164 5068 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

10:11:30.0194 5068 usbuhci - ok

10:11:30.0216 5068 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

10:11:30.0236 5068 usbvideo - ok

10:11:30.0292 5068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:11:30.0303 5068 vdrvroot - ok

10:11:30.0346 5068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:11:30.0363 5068 vga - ok

10:11:30.0382 5068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:11:30.0432 5068 VgaSave - ok

10:11:30.0464 5068 VGPU - ok

10:11:30.0500 5068 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:11:30.0519 5068 vhdmp - ok

10:11:30.0547 5068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:11:30.0557 5068 viaide - ok

10:11:30.0590 5068 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

10:11:30.0604 5068 vmbus - ok

10:11:30.0660 5068 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

10:11:30.0689 5068 VMBusHID - ok

10:11:30.0734 5068 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:11:30.0751 5068 volmgr - ok

10:11:30.0855 5068 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:11:30.0892 5068 volmgrx - ok

10:11:30.0914 5068 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:11:30.0934 5068 volsnap - ok

10:11:30.0980 5068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:11:30.0996 5068 vsmraid - ok

10:11:31.0027 5068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:11:31.0059 5068 vwifibus - ok

10:11:31.0095 5068 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:11:31.0112 5068 vwififlt - ok

10:11:31.0143 5068 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

10:11:31.0178 5068 vwifimp - ok

10:11:31.0208 5068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:11:31.0237 5068 WacomPen - ok

10:11:31.0303 5068 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:11:31.0359 5068 WANARP - ok

10:11:31.0362 5068 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:11:31.0396 5068 Wanarpv6 - ok

10:11:31.0426 5068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:11:31.0436 5068 Wd - ok

10:11:31.0467 5068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:11:31.0491 5068 Wdf01000 - ok

10:11:31.0514 5068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:11:31.0547 5068 WfpLwf - ok

10:11:31.0566 5068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:11:31.0577 5068 WIMMount - ok

10:11:31.0655 5068 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:11:31.0684 5068 WinUsb - ok

10:11:31.0734 5068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:11:31.0751 5068 WmiAcpi - ok

10:11:31.0799 5068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:11:31.0846 5068 ws2ifsl - ok

10:11:31.0905 5068 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:11:31.0956 5068 WudfPf - ok

10:11:32.0012 5068 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:11:32.0073 5068 WUDFRd - ok

10:11:32.0120 5068 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

10:11:32.0154 5068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

10:11:32.0155 5068 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

10:11:32.0259 5068 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:11:32.0259 5068 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:11:32.0266 5068 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3

10:11:32.0824 5068 \Device\Harddisk1\DR3 - ok

10:11:32.0856 5068 Boot (0x1200) (e5737555a0dda3c84b6bd9915f9afa29) \Device\Harddisk0\DR0\Partition0

10:11:32.0859 5068 \Device\Harddisk0\DR0\Partition0 - ok

10:11:32.0866 5068 Boot (0x1200) (4e8832d23b6c3fad5b3b98b540a8b060) \Device\Harddisk0\DR0\Partition1

10:11:32.0868 5068 \Device\Harddisk0\DR0\Partition1 - ok

10:11:32.0873 5068 Boot (0x1200) (9f74d2eeb2f0073e868159f551a0fca0) \Device\Harddisk1\DR3\Partition0

10:11:32.0875 5068 \Device\Harddisk1\DR3\Partition0 - ok

10:11:32.0875 5068 ============================================================

10:11:32.0875 5068 Scan finished

10:11:32.0875 5068 ============================================================

10:11:32.0886 2884 Detected object count: 2

10:11:32.0886 2884 Actual detected object count: 2

10:21:52.0274 2884 \Device\Harddisk0\DR0\# - copied to quarantine

10:21:52.0275 2884 \Device\Harddisk0\DR0 - copied to quarantine

10:21:52.0419 2884 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:21:52.0423 2884 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:21:52.0454 2884 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:21:52.0495 2884 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:21:52.0496 2884 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:21:52.0497 2884 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:21:52.0499 2884 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:21:52.0507 2884 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:21:52.0514 2884 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:21:52.0518 2884 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:21:52.0551 2884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

10:21:52.0553 2884 \Device\Harddisk0\DR0 - ok

10:21:52.0634 2884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

10:21:52.0635 2884 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:21:52.0635 2884 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:21:59.0749 6592 Deinitialize success

Link to post
Share on other sites

Finally a clean scan!!

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.01.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

ggalindo :: GGALINDO-LT7 [administrator]

Protection: Enabled

3/1/2012 10:31:26 AM

mbam-log-2012-03-01 (10-31-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189569

Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good job thumbup.gif

You can just delete TDSSKIller and RougeKiller

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.