Jump to content

I have trojan:Win32/Falsesysdef and I have run the DDS thing


Recommended Posts

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Thank you for your help, Mr. Charlie!

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: hp [Admin rights]

Mode: Scan -- Date: 04/18/2012 09:00:36

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : ceecebbcffdct ("C:\ProgramData\ceecebbcffdct.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2842777820-4150692197-663343814-1000[...]\Run : ceecebbcffdct ("C:\ProgramData\ceecebbcffdct.exe") -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

94.63.147.17 www.bing.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST932032 5AS SATA Disk Device +++++

--- User ---

[MBR] 5d04540ec21915685cc18d3be1f6d2a2

[bSP] 620b9f51b6886e7080a0182ce9161aaf : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 288225 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 590694400 | Size: 16716 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

OK, run RogueKiller again and click Scan

When the scan completes, click on the Registry Entries tab

Put a check next to these and uncheck the rest:

[sUSP PATH] HKCU\[...]\Run : ceecebbcffdct ("C:\ProgramData\ceecebbcffdct.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2842777820-4150692197-663343814-1000[...]\Run : ceecebbcffdct ("C:\ProgramData\ceecebbcffdct.exe") -> FOUND

Now click Delete on the right hand column.

-------------------------------

Next click HostFix on the right hand column.

---------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

09:33:56.0224 5240 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

09:33:56.0599 5240 ============================================================

09:33:56.0599 5240 Current date / time: 2012/04/18 09:33:56.0599

09:33:56.0599 5240 SystemInfo:

09:33:56.0599 5240

09:33:56.0599 5240 OS Version: 6.1.7601 ServicePack: 1.0

09:33:56.0599 5240 Product type: Workstation

09:33:56.0599 5240 ComputerName: HP-HP

09:33:56.0599 5240 UserName: hp

09:33:56.0599 5240 Windows directory: C:\Windows

09:33:56.0599 5240 System windows directory: C:\Windows

09:33:56.0599 5240 Running under WOW64

09:33:56.0599 5240 Processor architecture: Intel x64

09:33:56.0599 5240 Number of processors: 2

09:33:56.0599 5240 Page size: 0x1000

09:33:56.0599 5240 Boot type: Normal boot

09:33:56.0599 5240 ============================================================

09:33:57.0566 5240 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:33:57.0566 5240 \Device\Harddisk0\DR0:

09:33:57.0566 5240 MBR used

09:33:57.0566 5240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

09:33:57.0566 5240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x232F0800

09:33:57.0566 5240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23354800, BlocksNum 0x20A6000

09:33:57.0566 5240 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

09:33:57.0660 5240 Initialize success

09:33:57.0660 5240 ============================================================

09:34:44.0163 4416 ============================================================

09:34:44.0163 4416 Scan started

09:34:44.0163 4416 Mode: Manual; SigCheck; TDLFS;

09:34:44.0163 4416 ============================================================

09:34:45.0333 4416 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

09:34:45.0474 4416 1394ohci - ok

09:34:45.0583 4416 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

09:34:45.0598 4416 ACPI - ok

09:34:45.0692 4416 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

09:34:45.0817 4416 AcpiPmi - ok

09:34:45.0910 4416 ACT! Scheduler (01f43efe59c6edf99a40d66e0d33c237) C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe

09:34:45.0988 4416 ACT! Scheduler ( UnsignedFile.Multi.Generic ) - warning

09:34:45.0988 4416 ACT! Scheduler - detected UnsignedFile.Multi.Generic (1)

09:34:46.0113 4416 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:34:46.0129 4416 AdobeARMservice - ok

09:34:46.0238 4416 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:34:46.0238 4416 AdobeFlashPlayerUpdateSvc - ok

09:34:46.0332 4416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

09:34:46.0363 4416 adp94xx - ok

09:34:46.0410 4416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

09:34:46.0425 4416 adpahci - ok

09:34:46.0472 4416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

09:34:46.0488 4416 adpu320 - ok

09:34:46.0534 4416 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

09:34:46.0659 4416 AeLookupSvc - ok

09:34:46.0753 4416 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

09:34:46.0768 4416 AERTFilters - ok

09:34:46.0878 4416 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

09:34:46.0956 4416 AFD - ok

09:34:47.0065 4416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

09:34:47.0080 4416 agp440 - ok

09:34:47.0158 4416 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

09:34:47.0205 4416 ALG - ok

09:34:47.0268 4416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

09:34:47.0283 4416 aliide - ok

09:34:47.0330 4416 AMD External Events Utility (4609419a19891c706455c1a747431af9) C:\Windows\system32\atiesrxx.exe

09:34:47.0377 4416 AMD External Events Utility - ok

09:34:47.0486 4416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

09:34:47.0502 4416 amdide - ok

09:34:47.0533 4416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

09:34:47.0611 4416 AmdK8 - ok

09:34:47.0829 4416 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys

09:34:48.0048 4416 amdkmdag - ok

09:34:48.0126 4416 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys

09:34:48.0172 4416 amdkmdap - ok

09:34:48.0219 4416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

09:34:48.0266 4416 AmdPPM - ok

09:34:48.0313 4416 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys

09:34:48.0344 4416 amdsata - ok

09:34:48.0391 4416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

09:34:48.0406 4416 amdsbs - ok

09:34:48.0438 4416 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys

09:34:48.0438 4416 amdxata - ok

09:34:48.0484 4416 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

09:34:48.0672 4416 AppID - ok

09:34:48.0750 4416 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

09:34:48.0796 4416 AppIDSvc - ok

09:34:48.0937 4416 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

09:34:48.0984 4416 Appinfo - ok

09:34:49.0077 4416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

09:34:49.0093 4416 arc - ok

09:34:49.0140 4416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

09:34:49.0155 4416 arcsas - ok

09:34:49.0280 4416 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

09:34:49.0280 4416 aspnet_state - ok

09:34:49.0389 4416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

09:34:49.0436 4416 AsyncMac - ok

09:34:49.0483 4416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

09:34:49.0498 4416 atapi - ok

09:34:49.0623 4416 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

09:34:49.0639 4416 AtiHdmiService - ok

09:34:49.0670 4416 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

09:34:49.0686 4416 AtiPcie - ok

09:34:49.0732 4416 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:34:49.0795 4416 AudioEndpointBuilder - ok

09:34:49.0810 4416 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:34:49.0857 4416 AudioSrv - ok

09:34:49.0982 4416 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

09:34:50.0076 4416 AxInstSV - ok

09:34:50.0200 4416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

09:34:50.0263 4416 b06bdrv - ok

09:34:50.0388 4416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:34:50.0434 4416 b57nd60a - ok

09:34:50.0590 4416 BCM43XX (810be94a9e42309b3f74217ac28bc6ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

09:34:50.0731 4416 BCM43XX - ok

09:34:50.0762 4416 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

09:34:50.0809 4416 BDESVC - ok

09:34:50.0887 4416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

09:34:50.0949 4416 Beep - ok

09:34:51.0012 4416 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

09:34:51.0105 4416 BITS - ok

09:34:51.0214 4416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

09:34:51.0230 4416 blbdrive - ok

09:34:51.0277 4416 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

09:34:51.0292 4416 bowser - ok

09:34:51.0339 4416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:34:51.0417 4416 BrFiltLo - ok

09:34:51.0511 4416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:34:51.0526 4416 BrFiltUp - ok

09:34:51.0558 4416 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

09:34:51.0620 4416 Browser - ok

09:34:51.0682 4416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

09:34:51.0745 4416 Brserid - ok

09:34:51.0838 4416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

09:34:51.0870 4416 BrSerWdm - ok

09:34:51.0916 4416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:34:51.0948 4416 BrUsbMdm - ok

09:34:51.0994 4416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

09:34:52.0026 4416 BrUsbSer - ok

09:34:52.0135 4416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

09:34:52.0166 4416 BTHMODEM - ok

09:34:52.0213 4416 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

09:34:52.0275 4416 bthserv - ok

09:34:52.0384 4416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

09:34:52.0447 4416 cdfs - ok

09:34:52.0509 4416 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

09:34:52.0540 4416 cdrom - ok

09:34:52.0587 4416 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:34:52.0650 4416 CertPropSvc - ok

09:34:52.0743 4416 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

09:34:52.0759 4416 CinemaNow Service - ok

09:34:52.0852 4416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

09:34:52.0884 4416 circlass - ok

09:34:52.0930 4416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

09:34:52.0962 4416 CLFS - ok

09:34:53.0008 4416 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:34:53.0024 4416 clr_optimization_v2.0.50727_32 - ok

09:34:53.0055 4416 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:34:53.0071 4416 clr_optimization_v2.0.50727_64 - ok

09:34:53.0164 4416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:34:53.0180 4416 clr_optimization_v4.0.30319_32 - ok

09:34:53.0242 4416 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:34:53.0258 4416 clr_optimization_v4.0.30319_64 - ok

09:34:53.0336 4416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

09:34:53.0367 4416 CmBatt - ok

09:34:53.0414 4416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

09:34:53.0430 4416 cmdide - ok

09:34:53.0461 4416 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

09:34:53.0492 4416 CNG - ok

09:34:53.0523 4416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

09:34:53.0539 4416 Compbatt - ok

09:34:53.0570 4416 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

09:34:53.0617 4416 CompositeBus - ok

09:34:53.0664 4416 COMSysApp - ok

09:34:53.0726 4416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

09:34:53.0742 4416 crcdisk - ok

09:34:53.0788 4416 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

09:34:53.0835 4416 CryptSvc - ok

09:34:53.0944 4416 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

09:34:53.0976 4416 cvhsvc - ok

09:34:54.0054 4416 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:34:54.0132 4416 DcomLaunch - ok

09:34:54.0194 4416 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

09:34:54.0256 4416 defragsvc - ok

09:34:54.0319 4416 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

09:34:54.0366 4416 DfsC - ok

09:34:54.0444 4416 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

09:34:54.0490 4416 Dhcp - ok

09:34:54.0553 4416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

09:34:54.0600 4416 discache - ok

09:34:54.0709 4416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

09:34:54.0724 4416 Disk - ok

09:34:54.0787 4416 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

09:34:54.0849 4416 Dnscache - ok

09:34:54.0927 4416 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

09:34:54.0990 4416 dot3svc - ok

09:34:55.0036 4416 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

09:34:55.0083 4416 DPS - ok

09:34:55.0192 4416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

09:34:55.0224 4416 drmkaud - ok

09:34:55.0286 4416 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

09:34:55.0333 4416 DXGKrnl - ok

09:34:55.0411 4416 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

09:34:55.0458 4416 EapHost - ok

09:34:55.0582 4416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

09:34:55.0692 4416 ebdrv - ok

09:34:55.0770 4416 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

09:34:55.0816 4416 EFS - ok

09:34:56.0113 4416 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

09:34:56.0347 4416 ehRecvr - ok

09:34:56.0425 4416 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

09:34:56.0503 4416 ehSched - ok

09:34:56.0596 4416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

09:34:56.0612 4416 elxstor - ok

09:34:56.0659 4416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

09:34:56.0674 4416 ErrDev - ok

09:34:56.0784 4416 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

09:34:56.0846 4416 EventSystem - ok

09:34:56.0893 4416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

09:34:56.0955 4416 exfat - ok

09:34:56.0986 4416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

09:34:57.0049 4416 fastfat - ok

09:34:57.0142 4416 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

09:34:57.0189 4416 Fax - ok

09:34:57.0236 4416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

09:34:57.0267 4416 fdc - ok

09:34:57.0298 4416 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

09:34:57.0361 4416 fdPHost - ok

09:34:57.0392 4416 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

09:34:57.0439 4416 FDResPub - ok

09:34:57.0486 4416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

09:34:57.0486 4416 FileInfo - ok

09:34:57.0501 4416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

09:34:57.0564 4416 Filetrace - ok

09:34:57.0626 4416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

09:34:57.0626 4416 flpydisk - ok

09:34:57.0673 4416 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

09:34:57.0688 4416 FltMgr - ok

09:34:57.0751 4416 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

09:34:57.0844 4416 FontCache - ok

09:34:57.0922 4416 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:34:57.0922 4416 FontCache3.0.0.0 - ok

09:34:58.0000 4416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

09:34:58.0016 4416 FsDepends - ok

09:34:58.0047 4416 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

09:34:58.0047 4416 Fs_Rec - ok

09:34:58.0110 4416 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

09:34:58.0125 4416 fvevol - ok

09:34:58.0172 4416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

09:34:58.0188 4416 gagp30kx - ok

09:34:58.0266 4416 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

09:34:58.0281 4416 GameConsoleService - ok

09:34:58.0359 4416 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe

09:34:58.0359 4416 GoToAssist - ok

09:34:58.0484 4416 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

09:34:58.0546 4416 gpsvc - ok

09:34:58.0687 4416 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:34:58.0702 4416 gupdate - ok

09:34:58.0718 4416 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:34:58.0734 4416 gupdatem - ok

09:34:58.0812 4416 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

09:34:58.0812 4416 gusvc - ok

09:34:58.0890 4416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

09:34:58.0952 4416 hcw85cir - ok

09:34:59.0046 4416 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

09:34:59.0092 4416 HdAudAddService - ok

09:34:59.0155 4416 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

09:34:59.0186 4416 HDAudBus - ok

09:34:59.0248 4416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

09:34:59.0280 4416 HidBatt - ok

09:34:59.0358 4416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

09:34:59.0389 4416 HidBth - ok

09:34:59.0436 4416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

09:34:59.0467 4416 HidIr - ok

09:34:59.0529 4416 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

09:34:59.0576 4416 hidserv - ok

09:34:59.0654 4416 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

09:34:59.0670 4416 HidUsb - ok

09:34:59.0685 4416 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

09:34:59.0748 4416 hkmsvc - ok

09:34:59.0794 4416 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

09:34:59.0841 4416 HomeGroupListener - ok

09:34:59.0888 4416 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

09:34:59.0919 4416 HomeGroupProvider - ok

09:35:00.0028 4416 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

09:35:00.0028 4416 HP Support Assistant Service - ok

09:35:00.0106 4416 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

09:35:00.0122 4416 HP Wireless Assistant Service - ok

09:35:00.0200 4416 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

09:35:00.0216 4416 HPDrvMntSvc.exe - ok

09:35:00.0262 4416 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

09:35:00.0294 4416 hpqwmiex - ok

09:35:00.0403 4416 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

09:35:00.0418 4416 HpSAMD - ok

09:35:00.0528 4416 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

09:35:00.0543 4416 HPWMISVC - ok

09:35:00.0637 4416 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

09:35:00.0699 4416 HTTP - ok

09:35:00.0793 4416 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

09:35:00.0808 4416 hwpolicy - ok

09:35:00.0871 4416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

09:35:00.0886 4416 i8042prt - ok

09:35:00.0949 4416 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

09:35:00.0964 4416 iaStorV - ok

09:35:01.0074 4416 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:35:01.0105 4416 idsvc - ok

09:35:01.0308 4416 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

09:35:01.0510 4416 igfx - ok

09:35:01.0620 4416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

09:35:01.0620 4416 iirsp - ok

09:35:01.0698 4416 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

09:35:01.0744 4416 IKEEXT - ok

09:35:01.0854 4416 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys

09:35:01.0947 4416 IntcAzAudAddService - ok

09:35:01.0978 4416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

09:35:01.0994 4416 intelide - ok

09:35:02.0041 4416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

09:35:02.0072 4416 intelppm - ok

09:35:02.0119 4416 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

09:35:02.0166 4416 IPBusEnum - ok

09:35:02.0228 4416 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:35:02.0275 4416 IpFilterDriver - ok

09:35:02.0306 4416 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

09:35:02.0337 4416 IPMIDRV - ok

09:35:02.0462 4416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

09:35:02.0524 4416 IPNAT - ok

09:35:02.0571 4416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

09:35:02.0649 4416 IRENUM - ok

09:35:02.0743 4416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

09:35:02.0758 4416 isapnp - ok

09:35:02.0790 4416 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

09:35:02.0805 4416 iScsiPrt - ok

09:35:02.0836 4416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

09:35:02.0852 4416 kbdclass - ok

09:35:02.0899 4416 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

09:35:02.0930 4416 kbdhid - ok

09:35:03.0008 4416 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:35:03.0024 4416 KeyIso - ok

09:35:03.0055 4416 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

09:35:03.0070 4416 KSecDD - ok

09:35:03.0117 4416 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

09:35:03.0133 4416 KSecPkg - ok

09:35:03.0164 4416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

09:35:03.0211 4416 ksthunk - ok

09:35:03.0273 4416 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

09:35:03.0320 4416 KtmRm - ok

09:35:03.0429 4416 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

09:35:03.0476 4416 LanmanServer - ok

09:35:03.0523 4416 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

09:35:03.0585 4416 LanmanWorkstation - ok

09:35:03.0679 4416 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

09:35:03.0694 4416 LBTServ - ok

09:35:03.0772 4416 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys

09:35:03.0772 4416 LHidFilt - ok

09:35:03.0850 4416 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

09:35:03.0882 4416 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

09:35:03.0882 4416 LightScribeService - detected UnsignedFile.Multi.Generic (1)

09:35:03.0975 4416 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

09:35:04.0022 4416 lltdio - ok

09:35:04.0116 4416 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

09:35:04.0178 4416 lltdsvc - ok

09:35:04.0209 4416 lmab_device - ok

09:35:04.0240 4416 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

09:35:04.0272 4416 lmhosts - ok

09:35:04.0396 4416 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys

09:35:04.0396 4416 LMouFilt - ok

09:35:04.0443 4416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

09:35:04.0459 4416 LSI_FC - ok

09:35:04.0537 4416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

09:35:04.0537 4416 LSI_SAS - ok

09:35:04.0584 4416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:35:04.0599 4416 LSI_SAS2 - ok

09:35:04.0646 4416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:35:04.0662 4416 LSI_SCSI - ok

09:35:04.0708 4416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

09:35:04.0771 4416 luafv - ok

09:35:04.0880 4416 lxdnCATSCustConnectService (4208b958e35f0e596aa241efb664636b) C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe

09:35:04.0942 4416 lxdnCATSCustConnectService - ok

09:35:05.0020 4416 lxdn_device - ok

09:35:05.0114 4416 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

09:35:05.0130 4416 MBAMProtector - ok

09:35:05.0239 4416 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

09:35:05.0270 4416 MBAMService - ok

09:35:05.0348 4416 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

09:35:05.0364 4416 Mcx2Svc - ok

09:35:05.0426 4416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

09:35:05.0426 4416 megasas - ok

09:35:05.0473 4416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

09:35:05.0488 4416 MegaSR - ok

09:35:05.0535 4416 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:35:05.0582 4416 MMCSS - ok

09:35:05.0629 4416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

09:35:05.0691 4416 Modem - ok

09:35:05.0738 4416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

09:35:05.0769 4416 monitor - ok

09:35:05.0800 4416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

09:35:05.0816 4416 mouclass - ok

09:35:05.0863 4416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

09:35:05.0894 4416 mouhid - ok

09:35:05.0941 4416 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

09:35:05.0956 4416 mountmgr - ok

09:35:05.0988 4416 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

09:35:06.0003 4416 mpio - ok

09:35:06.0066 4416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

09:35:06.0097 4416 mpsdrv - ok

09:35:06.0128 4416 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

09:35:06.0159 4416 MRxDAV - ok

09:35:06.0206 4416 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:35:06.0268 4416 mrxsmb - ok

09:35:06.0331 4416 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:35:06.0362 4416 mrxsmb10 - ok

09:35:06.0378 4416 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:35:06.0393 4416 mrxsmb20 - ok

09:35:06.0440 4416 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

09:35:06.0440 4416 msahci - ok

09:35:06.0471 4416 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

09:35:06.0487 4416 msdsm - ok

09:35:06.0674 4416 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

09:35:06.0783 4416 MSDTC - ok

09:35:06.0908 4416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

09:35:06.0939 4416 Msfs - ok

09:35:06.0970 4416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

09:35:07.0002 4416 mshidkmdf - ok

09:35:07.0033 4416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

09:35:07.0048 4416 msisadrv - ok

09:35:07.0095 4416 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

09:35:07.0142 4416 MSiSCSI - ok

09:35:07.0158 4416 msiserver - ok

09:35:07.0204 4416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

09:35:07.0251 4416 MSKSSRV - ok

09:35:07.0298 4416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

09:35:07.0360 4416 MSPCLOCK - ok

09:35:07.0392 4416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

09:35:07.0438 4416 MSPQM - ok

09:35:07.0516 4416 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

09:35:07.0532 4416 MsRPC - ok

09:35:07.0579 4416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

09:35:07.0594 4416 mssmbios - ok

09:35:07.0688 4416 MSSQL$ACT7 - ok

09:35:07.0735 4416 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe

09:35:07.0735 4416 MSSQLServerADHelper - ok

09:35:07.0844 4416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

09:35:07.0891 4416 MSTEE - ok

09:35:07.0922 4416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

09:35:07.0953 4416 MTConfig - ok

09:35:08.0000 4416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

09:35:08.0016 4416 Mup - ok

09:35:08.0062 4416 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

09:35:08.0125 4416 napagent - ok

09:35:08.0234 4416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

09:35:08.0281 4416 NativeWifiP - ok

09:35:08.0421 4416 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

09:35:08.0468 4416 NDIS - ok

09:35:08.0593 4416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

09:35:08.0655 4416 NdisCap - ok

09:35:08.0780 4416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

09:35:08.0827 4416 NdisTapi - ok

09:35:08.0936 4416 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

09:35:08.0998 4416 Ndisuio - ok

09:35:09.0030 4416 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

09:35:09.0092 4416 NdisWan - ok

09:35:09.0170 4416 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

09:35:09.0201 4416 NDProxy - ok

09:35:09.0232 4416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

09:35:09.0295 4416 NetBIOS - ok

09:35:09.0342 4416 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

09:35:09.0373 4416 NetBT - ok

09:35:09.0420 4416 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:35:09.0420 4416 Netlogon - ok

09:35:09.0451 4416 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

09:35:09.0513 4416 Netman - ok

09:35:09.0622 4416 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:35:09.0638 4416 NetMsmqActivator - ok

09:35:09.0638 4416 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:35:09.0654 4416 NetPipeActivator - ok

09:35:09.0716 4416 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

09:35:09.0778 4416 netprofm - ok

09:35:09.0856 4416 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:35:09.0872 4416 NetTcpActivator - ok

09:35:09.0872 4416 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:35:09.0888 4416 NetTcpPortSharing - ok

09:35:10.0090 4416 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

09:35:10.0262 4416 netw5v64 - ok

09:35:10.0309 4416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

09:35:10.0324 4416 nfrd960 - ok

09:35:10.0402 4416 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

09:35:10.0465 4416 NlaSvc - ok

09:35:10.0543 4416 nlsX86cc (60ef6771e349eb9173142ab34afc5a4c) C:\Windows\SysWOW64\NLSSRV32.EXE

09:35:10.0558 4416 nlsX86cc - ok

09:35:10.0636 4416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

09:35:10.0683 4416 Npfs - ok

09:35:10.0714 4416 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

09:35:10.0761 4416 nsi - ok

09:35:10.0792 4416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

09:35:10.0839 4416 nsiproxy - ok

09:35:10.0917 4416 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

09:35:10.0980 4416 Ntfs - ok

09:35:11.0011 4416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

09:35:11.0042 4416 Null - ok

09:35:11.0073 4416 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

09:35:11.0089 4416 nvraid - ok

09:35:11.0104 4416 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

09:35:11.0120 4416 nvstor - ok

09:35:11.0167 4416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

09:35:11.0182 4416 nv_agp - ok

09:35:11.0245 4416 NWADI (91b17f9dbb2e60feaf27cadfb9998ffb) C:\Windows\system32\DRIVERS\NWADIenum.sys

09:35:11.0292 4416 NWADI - ok

09:35:11.0323 4416 NWUSBModem (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbmdm.sys

09:35:11.0370 4416 NWUSBModem - ok

09:35:11.0463 4416 NWUSBPort (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbser.sys

09:35:11.0479 4416 NWUSBPort - ok

09:35:11.0510 4416 NWUSBPort2 (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbser2.sys

09:35:11.0526 4416 NWUSBPort2 - ok

09:35:11.0557 4416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

09:35:11.0588 4416 ohci1394 - ok

09:35:11.0666 4416 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:35:11.0682 4416 ose - ok

09:35:11.0822 4416 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:35:11.0978 4416 osppsvc - ok

09:35:12.0103 4416 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:35:12.0150 4416 p2pimsvc - ok

09:35:12.0181 4416 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

09:35:12.0196 4416 p2psvc - ok

09:35:12.0243 4416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

09:35:12.0259 4416 Parport - ok

09:35:12.0290 4416 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

09:35:12.0306 4416 partmgr - ok

09:35:12.0337 4416 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

09:35:12.0368 4416 PcaSvc - ok

09:35:12.0415 4416 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

09:35:12.0430 4416 pci - ok

09:35:12.0462 4416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

09:35:12.0477 4416 pciide - ok

09:35:12.0508 4416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

09:35:12.0524 4416 pcmcia - ok

09:35:12.0555 4416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

09:35:12.0571 4416 pcw - ok

09:35:12.0602 4416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

09:35:12.0664 4416 PEAUTH - ok

09:35:12.0742 4416 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

09:35:12.0758 4416 PerfHost - ok

09:35:12.0867 4416 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

09:35:12.0945 4416 pla - ok

09:35:13.0008 4416 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

09:35:13.0054 4416 PlugPlay - ok

09:35:13.0086 4416 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

09:35:13.0117 4416 PNRPAutoReg - ok

09:35:13.0148 4416 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:35:13.0164 4416 PNRPsvc - ok

09:35:13.0210 4416 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

09:35:13.0257 4416 PolicyAgent - ok

09:35:13.0304 4416 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

09:35:13.0366 4416 Power - ok

09:35:13.0460 4416 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

09:35:13.0522 4416 PptpMiniport - ok

09:35:13.0554 4416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

09:35:13.0585 4416 Processor - ok

09:35:13.0632 4416 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

09:35:13.0694 4416 ProfSvc - ok

09:35:13.0756 4416 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:35:13.0756 4416 ProtectedStorage - ok

09:35:13.0834 4416 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

09:35:13.0881 4416 Psched - ok

09:35:13.0959 4416 PSI_SVC_2 (e0d0cb09aa07b22be984e4f7ec0326f5) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

09:35:13.0975 4416 PSI_SVC_2 - ok

09:35:14.0084 4416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

09:35:14.0146 4416 ql2300 - ok

09:35:14.0162 4416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

09:35:14.0178 4416 ql40xx - ok

09:35:14.0209 4416 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

09:35:14.0256 4416 QWAVE - ok

09:35:14.0318 4416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

09:35:14.0349 4416 QWAVEdrv - ok

09:35:14.0380 4416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

09:35:14.0443 4416 RasAcd - ok

09:35:14.0490 4416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:35:14.0521 4416 RasAgileVpn - ok

09:35:14.0552 4416 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

09:35:14.0614 4416 RasAuto - ok

09:35:14.0677 4416 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:35:14.0724 4416 Rasl2tp - ok

09:35:14.0802 4416 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

09:35:14.0848 4416 RasMan - ok

09:35:14.0911 4416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

09:35:14.0942 4416 RasPppoe - ok

09:35:14.0958 4416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

09:35:15.0020 4416 RasSstp - ok

09:35:15.0067 4416 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

09:35:15.0114 4416 rdbss - ok

09:35:15.0160 4416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

09:35:15.0176 4416 rdpbus - ok

09:35:15.0223 4416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:35:15.0270 4416 RDPCDD - ok

09:35:15.0332 4416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

09:35:15.0379 4416 RDPENCDD - ok

09:35:15.0410 4416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

09:35:15.0457 4416 RDPREFMP - ok

09:35:15.0550 4416 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

09:35:15.0597 4416 RDPWD - ok

09:35:15.0691 4416 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

09:35:15.0706 4416 rdyboost - ok

09:35:15.0753 4416 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

09:35:15.0816 4416 RemoteAccess - ok

09:35:15.0847 4416 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

09:35:15.0909 4416 RemoteRegistry - ok

09:35:16.0034 4416 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

09:35:16.0065 4416 RimUsb - ok

09:35:16.0096 4416 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

09:35:16.0143 4416 RpcEptMapper - ok

09:35:16.0190 4416 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

09:35:16.0206 4416 RpcLocator - ok

09:35:16.0237 4416 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:35:16.0284 4416 RpcSs - ok

09:35:16.0330 4416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

09:35:16.0362 4416 rspndr - ok

09:35:16.0455 4416 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

09:35:16.0471 4416 RSUSBSTOR - ok

09:35:16.0518 4416 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys

09:35:16.0533 4416 RTL8167 - ok

09:35:16.0596 4416 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

09:35:16.0611 4416 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning

09:35:16.0611 4416 RtVOsdService - detected UnsignedFile.Multi.Generic (1)

09:35:16.0689 4416 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:35:16.0705 4416 SamSs - ok

09:35:16.0736 4416 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

09:35:16.0752 4416 sbp2port - ok

09:35:16.0767 4416 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

09:35:16.0830 4416 SCardSvr - ok

09:35:16.0861 4416 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

09:35:16.0892 4416 scfilter - ok

09:35:16.0954 4416 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

09:35:17.0064 4416 Schedule - ok

09:35:17.0266 4416 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:35:17.0298 4416 SCPolicySvc - ok

09:35:17.0485 4416 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

09:35:17.0516 4416 sdbus - ok

09:35:17.0625 4416 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

09:35:17.0641 4416 SDRSVC - ok

09:35:17.0703 4416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:35:17.0750 4416 secdrv - ok

09:35:17.0781 4416 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

09:35:17.0828 4416 seclogon - ok

09:35:17.0859 4416 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

09:35:17.0890 4416 SENS - ok

09:35:17.0922 4416 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

09:35:17.0968 4416 SensrSvc - ok

09:35:18.0031 4416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

09:35:18.0046 4416 Serenum - ok

09:35:18.0078 4416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

09:35:18.0093 4416 Serial - ok

09:35:18.0124 4416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

09:35:18.0156 4416 sermouse - ok

09:35:18.0202 4416 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

09:35:18.0265 4416 SessionEnv - ok

09:35:18.0296 4416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

09:35:18.0343 4416 sffdisk - ok

09:35:18.0374 4416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

09:35:18.0405 4416 sffp_mmc - ok

09:35:18.0468 4416 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

09:35:18.0499 4416 sffp_sd - ok

09:35:18.0546 4416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

09:35:18.0546 4416 sfloppy - ok

09:35:18.0608 4416 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

09:35:18.0639 4416 Sftfs - ok

09:35:18.0748 4416 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

09:35:18.0764 4416 sftlist - ok

09:35:18.0858 4416 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

09:35:18.0873 4416 Sftplay - ok

09:35:18.0904 4416 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

09:35:18.0920 4416 Sftredir - ok

09:35:18.0951 4416 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

09:35:18.0951 4416 Sftvol - ok

09:35:19.0045 4416 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

09:35:19.0060 4416 sftvsa - ok

09:35:19.0138 4416 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

09:35:19.0201 4416 SharedAccess - ok

09:35:19.0279 4416 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

09:35:19.0341 4416 ShellHWDetection - ok

09:35:19.0419 4416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:35:19.0419 4416 SiSRaid2 - ok

09:35:19.0450 4416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

09:35:19.0466 4416 SiSRaid4 - ok

09:35:19.0528 4416 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe

09:35:19.0544 4416 SkypeUpdate - ok

09:35:19.0591 4416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

09:35:19.0638 4416 Smb - ok

09:35:19.0716 4416 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

09:35:19.0747 4416 SNMPTRAP - ok

09:35:19.0794 4416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

09:35:19.0809 4416 spldr - ok

09:35:19.0872 4416 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

09:35:19.0918 4416 Spooler - ok

09:35:20.0028 4416 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

09:35:20.0199 4416 sppsvc - ok

09:35:20.0246 4416 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

09:35:20.0293 4416 sppuinotify - ok

09:35:20.0402 4416 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

09:35:20.0418 4416 SQLBrowser - ok

09:35:20.0464 4416 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

09:35:20.0480 4416 SQLWriter - ok

09:35:20.0605 4416 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

09:35:20.0652 4416 srv - ok

09:35:20.0776 4416 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

09:35:20.0792 4416 srv2 - ok

09:35:20.0839 4416 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

09:35:20.0870 4416 SrvHsfHDA - ok

09:35:20.0964 4416 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

09:35:21.0057 4416 SrvHsfV92 - ok

09:35:21.0135 4416 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

09:35:21.0151 4416 SrvHsfWinac - ok

09:35:21.0198 4416 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

09:35:21.0229 4416 srvnet - ok

09:35:21.0276 4416 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

09:35:21.0322 4416 SSDPSRV - ok

09:35:21.0354 4416 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

09:35:21.0385 4416 SstpSvc - ok

09:35:21.0432 4416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

09:35:21.0432 4416 stexstor - ok

09:35:21.0478 4416 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

09:35:21.0541 4416 stisvc - ok

09:35:21.0572 4416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

09:35:21.0572 4416 swenum - ok

09:35:21.0619 4416 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

09:35:21.0681 4416 swprv - ok

09:35:21.0759 4416 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys

09:35:21.0775 4416 SynTP - ok

09:35:21.0837 4416 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

09:35:21.0931 4416 SysMain - ok

09:35:21.0978 4416 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

09:35:22.0009 4416 TabletInputService - ok

09:35:22.0024 4416 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

09:35:22.0071 4416 TapiSrv - ok

09:35:22.0102 4416 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

09:35:22.0134 4416 TBS - ok

09:35:22.0227 4416 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

09:35:22.0305 4416 Tcpip - ok

09:35:22.0368 4416 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

09:35:22.0414 4416 TCPIP6 - ok

09:35:22.0446 4416 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

09:35:22.0524 4416 tcpipreg - ok

09:35:22.0570 4416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

09:35:22.0586 4416 TDPIPE - ok

09:35:22.0633 4416 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

09:35:22.0664 4416 TDTCP - ok

09:35:22.0695 4416 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

09:35:22.0742 4416 tdx - ok

09:35:22.0758 4416 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

09:35:22.0773 4416 TermDD - ok

09:35:22.0820 4416 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

09:35:22.0867 4416 TermService - ok

09:35:22.0898 4416 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

09:35:22.0929 4416 Themes - ok

09:35:22.0960 4416 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:35:22.0992 4416 THREADORDER - ok

09:35:23.0007 4416 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

09:35:23.0054 4416 TrkWks - ok

09:35:23.0116 4416 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

09:35:23.0148 4416 TrustedInstaller - ok

09:35:23.0226 4416 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:35:23.0272 4416 tssecsrv - ok

09:35:23.0350 4416 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

09:35:23.0413 4416 TsUsbFlt - ok

09:35:23.0444 4416 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

09:35:23.0491 4416 tunnel - ok

09:35:23.0538 4416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

09:35:23.0538 4416 uagp35 - ok

09:35:23.0584 4416 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

09:35:23.0631 4416 udfs - ok

09:35:23.0662 4416 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

09:35:23.0662 4416 UI0Detect - ok

09:35:23.0709 4416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

09:35:23.0725 4416 uliagpkx - ok

09:35:23.0787 4416 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

09:35:23.0818 4416 umbus - ok

09:35:23.0850 4416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

09:35:23.0881 4416 UmPass - ok

09:35:23.0928 4416 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

09:35:23.0959 4416 upnphost - ok

09:35:24.0021 4416 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

09:35:24.0037 4416 usbccgp - ok

09:35:24.0146 4416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

09:35:24.0162 4416 usbcir - ok

09:35:24.0193 4416 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

09:35:24.0224 4416 usbehci - ok

09:35:24.0255 4416 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

09:35:24.0271 4416 usbfilter - ok

09:35:24.0318 4416 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

09:35:24.0349 4416 usbhub - ok

09:35:24.0380 4416 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

09:35:24.0380 4416 usbohci - ok

09:35:24.0427 4416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

09:35:24.0474 4416 usbprint - ok

09:35:24.0520 4416 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

09:35:24.0552 4416 usbscan - ok

09:35:24.0583 4416 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:35:24.0645 4416 USBSTOR - ok

09:35:24.0692 4416 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

09:35:24.0723 4416 usbuhci - ok

09:35:24.0786 4416 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

09:35:24.0801 4416 usbvideo - ok

09:35:24.0817 4416 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

09:35:24.0879 4416 UxSms - ok

09:35:24.0910 4416 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:35:24.0926 4416 VaultSvc - ok

09:35:24.0973 4416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

09:35:24.0988 4416 vdrvroot - ok

09:35:25.0020 4416 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

09:35:25.0066 4416 vds - ok

09:35:25.0113 4416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

09:35:25.0129 4416 vga - ok

09:35:25.0160 4416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

09:35:25.0207 4416 VgaSave - ok

09:35:25.0254 4416 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

09:35:25.0269 4416 vhdmp - ok

09:35:25.0300 4416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

09:35:25.0300 4416 viaide - ok

09:35:25.0332 4416 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

09:35:25.0347 4416 volmgr - ok

09:35:25.0394 4416 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

09:35:25.0410 4416 volmgrx - ok

09:35:25.0441 4416 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

09:35:25.0456 4416 volsnap - ok

09:35:25.0503 4416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

09:35:25.0519 4416 vsmraid - ok

09:35:25.0581 4416 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

09:35:25.0675 4416 VSS - ok

09:35:25.0722 4416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

09:35:25.0753 4416 vwifibus - ok

09:35:25.0800 4416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

09:35:25.0831 4416 vwififlt - ok

09:35:25.0878 4416 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

09:35:25.0909 4416 W32Time - ok

09:35:25.0956 4416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

09:35:25.0987 4416 WacomPen - ok

09:35:26.0049 4416 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:35:26.0096 4416 WANARP - ok

09:35:26.0112 4416 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:35:26.0158 4416 Wanarpv6 - ok

09:35:26.0236 4416 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

09:35:26.0283 4416 WatAdminSvc - ok

09:35:26.0361 4416 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

09:35:26.0439 4416 wbengine - ok

09:35:26.0517 4416 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

09:35:26.0548 4416 WbioSrvc - ok

09:35:26.0595 4416 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

09:35:26.0642 4416 wcncsvc - ok

09:35:26.0673 4416 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

09:35:26.0720 4416 WcsPlugInService - ok

09:35:26.0767 4416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

09:35:26.0782 4416 Wd - ok

09:35:26.0829 4416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:35:26.0845 4416 Wdf01000 - ok

09:35:26.0876 4416 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:35:26.0985 4416 WdiServiceHost - ok

09:35:26.0985 4416 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:35:27.0001 4416 WdiSystemHost - ok

09:35:27.0063 4416 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

09:35:27.0094 4416 WebClient - ok

09:35:27.0141 4416 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

09:35:27.0204 4416 Wecsvc - ok

09:35:27.0219 4416 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

09:35:27.0282 4416 wercplsupport - ok

09:35:27.0328 4416 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

09:35:27.0391 4416 WerSvc - ok

09:35:27.0438 4416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

09:35:27.0484 4416 WfpLwf - ok

09:35:27.0516 4416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

09:35:27.0516 4416 WIMMount - ok

09:35:27.0547 4416 WinHttpAutoProxySvc - ok

09:35:27.0594 4416 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

09:35:27.0656 4416 Winmgmt - ok

09:35:27.0796 4416 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

09:35:27.0906 4416 WinRM - ok

09:35:28.0062 4416 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

09:35:28.0077 4416 WinUsb - ok

09:35:28.0124 4416 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

09:35:28.0186 4416 Wlansvc - ok

09:35:28.0311 4416 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:35:28.0389 4416 wlidsvc - ok

09:35:28.0498 4416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

09:35:28.0530 4416 WmiAcpi - ok

09:35:28.0576 4416 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

09:35:28.0623 4416 wmiApSrv - ok

09:35:28.0670 4416 WMPNetworkSvc - ok

09:35:28.0748 4416 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

09:35:28.0779 4416 WPCSvc - ok

09:35:28.0810 4416 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

09:35:28.0842 4416 WPDBusEnum - ok

09:35:28.0873 4416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

09:35:28.0920 4416 ws2ifsl - ok

09:35:28.0920 4416 WSearch - ok

09:35:29.0029 4416 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

09:35:29.0138 4416 wuauserv - ok

09:35:29.0247 4416 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

09:35:29.0294 4416 WudfPf - ok

09:35:29.0325 4416 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:35:29.0388 4416 WUDFRd - ok

09:35:29.0419 4416 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

09:35:29.0450 4416 wudfsvc - ok

09:35:29.0481 4416 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

09:35:29.0528 4416 WwanSvc - ok

09:35:29.0606 4416 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

09:35:29.0637 4416 yukonw7 - ok

09:35:29.0684 4416 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0

09:35:29.0715 4416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

09:35:29.0715 4416 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

09:35:29.0793 4416 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:35:29.0793 4416 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:35:29.0824 4416 Boot (0x1200) (3013caf807063eac5d92312d63d5a7e0) \Device\Harddisk0\DR0\Partition0

09:35:29.0824 4416 \Device\Harddisk0\DR0\Partition0 - ok

09:35:29.0824 4416 Boot (0x1200) (df17ad92ec529b04d7d2ce22deb0b6fd) \Device\Harddisk0\DR0\Partition1

09:35:29.0824 4416 \Device\Harddisk0\DR0\Partition1 - ok

09:35:29.0871 4416 Boot (0x1200) (2e37706e72ed968969cc8975478b19a2) \Device\Harddisk0\DR0\Partition2

09:35:29.0871 4416 \Device\Harddisk0\DR0\Partition2 - ok

09:35:29.0887 4416 Boot (0x1200) (1251ef5d2448f6c138d14b380da8ab30) \Device\Harddisk0\DR0\Partition3

09:35:29.0887 4416 \Device\Harddisk0\DR0\Partition3 - ok

09:35:29.0887 4416 ============================================================

09:35:29.0887 4416 Scan finished

09:35:29.0887 4416 ============================================================

09:35:29.0902 5284 Detected object count: 5

09:35:29.0902 5284 Actual detected object count: 5

09:37:53.0197 5284 ACT! Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user

09:37:53.0197 5284 ACT! Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:37:53.0212 5284 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

09:37:53.0212 5284 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:37:53.0212 5284 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user

09:37:53.0212 5284 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:37:53.0228 5284 \Device\Harddisk0\DR0\# - copied to quarantine

09:37:53.0228 5284 \Device\Harddisk0\DR0 - copied to quarantine

09:37:53.0290 5284 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

09:37:53.0290 5284 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

09:37:53.0353 5284 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

09:37:53.0384 5284 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

09:37:53.0384 5284 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

09:37:53.0384 5284 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

09:37:53.0384 5284 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

09:37:53.0384 5284 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

09:37:53.0384 5284 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

09:37:53.0384 5284 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

09:37:53.0400 5284 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

09:37:53.0400 5284 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

09:37:53.0431 5284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

09:37:53.0431 5284 \Device\Harddisk0\DR0 - ok

09:37:54.0226 5284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

09:37:54.0226 5284 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:37:54.0226 5284 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:38:24.0849 2356 Deinitialize success

Link to post
Share on other sites

09:58:52.0147 6044 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

09:58:52.0475 6044 ============================================================

09:58:52.0475 6044 Current date / time: 2012/04/18 09:58:52.0475

09:58:52.0475 6044 SystemInfo:

09:58:52.0475 6044

09:58:52.0475 6044 OS Version: 6.1.7601 ServicePack: 1.0

09:58:52.0475 6044 Product type: Workstation

09:58:52.0475 6044 ComputerName: HP-HP

09:58:52.0475 6044 UserName: hp

09:58:52.0475 6044 Windows directory: C:\Windows

09:58:52.0475 6044 System windows directory: C:\Windows

09:58:52.0475 6044 Running under WOW64

09:58:52.0475 6044 Processor architecture: Intel x64

09:58:52.0475 6044 Number of processors: 2

09:58:52.0475 6044 Page size: 0x1000

09:58:52.0475 6044 Boot type: Normal boot

09:58:52.0475 6044 ============================================================

09:58:53.0536 6044 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:58:53.0536 6044 \Device\Harddisk0\DR0:

09:58:53.0536 6044 MBR used

09:58:53.0536 6044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

09:58:53.0536 6044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x232F0800

09:58:53.0536 6044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23354800, BlocksNum 0x20A6000

09:58:53.0536 6044 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

09:58:53.0645 6044 Initialize success

09:58:53.0645 6044 ============================================================

09:59:26.0587 0312 ============================================================

09:59:26.0587 0312 Scan started

09:59:26.0587 0312 Mode: Manual; SigCheck; TDLFS;

09:59:26.0587 0312 ============================================================

09:59:28.0101 0312 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

09:59:28.0194 0312 1394ohci - ok

09:59:28.0257 0312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

09:59:28.0288 0312 ACPI - ok

09:59:28.0335 0312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

09:59:28.0444 0312 AcpiPmi - ok

09:59:28.0537 0312 ACT! Scheduler (01f43efe59c6edf99a40d66e0d33c237) C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe

09:59:28.0709 0312 ACT! Scheduler ( UnsignedFile.Multi.Generic ) - warning

09:59:28.0709 0312 ACT! Scheduler - detected UnsignedFile.Multi.Generic (1)

09:59:28.0818 0312 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:59:28.0834 0312 AdobeARMservice - ok

09:59:28.0943 0312 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:59:28.0959 0312 AdobeFlashPlayerUpdateSvc - ok

09:59:29.0037 0312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

09:59:29.0068 0312 adp94xx - ok

09:59:29.0115 0312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

09:59:29.0130 0312 adpahci - ok

09:59:29.0177 0312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

09:59:29.0193 0312 adpu320 - ok

09:59:29.0239 0312 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

09:59:29.0364 0312 AeLookupSvc - ok

09:59:29.0473 0312 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

09:59:29.0473 0312 AERTFilters - ok

09:59:29.0598 0312 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

09:59:29.0661 0312 AFD - ok

09:59:29.0770 0312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

09:59:29.0785 0312 agp440 - ok

09:59:29.0817 0312 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

09:59:29.0879 0312 ALG - ok

09:59:29.0957 0312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

09:59:29.0957 0312 aliide - ok

09:59:30.0004 0312 AMD External Events Utility (4609419a19891c706455c1a747431af9) C:\Windows\system32\atiesrxx.exe

09:59:30.0066 0312 AMD External Events Utility - ok

09:59:30.0175 0312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

09:59:30.0175 0312 amdide - ok

09:59:30.0222 0312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

09:59:30.0285 0312 AmdK8 - ok

09:59:30.0519 0312 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys

09:59:30.0737 0312 amdkmdag - ok

09:59:30.0815 0312 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys

09:59:30.0862 0312 amdkmdap - ok

09:59:30.0955 0312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

09:59:30.0987 0312 AmdPPM - ok

09:59:31.0033 0312 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys

09:59:31.0096 0312 amdsata - ok

09:59:31.0189 0312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

09:59:31.0205 0312 amdsbs - ok

09:59:31.0221 0312 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys

09:59:31.0236 0312 amdxata - ok

09:59:31.0283 0312 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

09:59:31.0470 0312 AppID - ok

09:59:31.0548 0312 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

09:59:31.0611 0312 AppIDSvc - ok

09:59:31.0689 0312 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

09:59:31.0735 0312 Appinfo - ok

09:59:31.0876 0312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

09:59:31.0891 0312 arc - ok

09:59:31.0923 0312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

09:59:31.0938 0312 arcsas - ok

09:59:32.0047 0312 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

09:59:32.0063 0312 aspnet_state - ok

09:59:32.0125 0312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

09:59:32.0188 0312 AsyncMac - ok

09:59:32.0250 0312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

09:59:32.0266 0312 atapi - ok

09:59:32.0375 0312 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

09:59:32.0375 0312 AtiHdmiService - ok

09:59:32.0437 0312 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

09:59:32.0453 0312 AtiPcie - ok

09:59:32.0500 0312 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:59:32.0578 0312 AudioEndpointBuilder - ok

09:59:32.0578 0312 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:59:32.0625 0312 AudioSrv - ok

09:59:32.0765 0312 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

09:59:32.0859 0312 AxInstSV - ok

09:59:32.0968 0312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

09:59:33.0030 0312 b06bdrv - ok

09:59:33.0186 0312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:59:33.0295 0312 b57nd60a - ok

09:59:33.0436 0312 BCM43XX (810be94a9e42309b3f74217ac28bc6ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

09:59:33.0545 0312 BCM43XX - ok

09:59:33.0576 0312 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

09:59:33.0639 0312 BDESVC - ok

09:59:33.0732 0312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

09:59:33.0795 0312 Beep - ok

09:59:33.0857 0312 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

09:59:33.0935 0312 BITS - ok

09:59:34.0044 0312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

09:59:34.0075 0312 blbdrive - ok

09:59:34.0122 0312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

09:59:34.0153 0312 bowser - ok

09:59:34.0185 0312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:59:34.0278 0312 BrFiltLo - ok

09:59:34.0356 0312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:59:34.0372 0312 BrFiltUp - ok

09:59:34.0403 0312 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

09:59:34.0481 0312 Browser - ok

09:59:34.0543 0312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

09:59:34.0606 0312 Brserid - ok

09:59:34.0637 0312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

09:59:34.0668 0312 BrSerWdm - ok

09:59:34.0684 0312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:59:34.0715 0312 BrUsbMdm - ok

09:59:34.0746 0312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

09:59:34.0777 0312 BrUsbSer - ok

09:59:34.0824 0312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

09:59:34.0855 0312 BTHMODEM - ok

09:59:34.0949 0312 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

09:59:35.0011 0312 bthserv - ok

09:59:35.0058 0312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

09:59:35.0121 0312 cdfs - ok

09:59:35.0199 0312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

09:59:35.0230 0312 cdrom - ok

09:59:35.0277 0312 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:59:35.0339 0312 CertPropSvc - ok

09:59:35.0433 0312 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

09:59:35.0448 0312 CinemaNow Service - ok

09:59:35.0542 0312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

09:59:35.0573 0312 circlass - ok

09:59:35.0635 0312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

09:59:35.0651 0312 CLFS - ok

09:59:35.0698 0312 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:59:35.0713 0312 clr_optimization_v2.0.50727_32 - ok

09:59:35.0760 0312 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:59:35.0776 0312 clr_optimization_v2.0.50727_64 - ok

09:59:35.0885 0312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:59:35.0947 0312 clr_optimization_v4.0.30319_32 - ok

09:59:36.0025 0312 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:59:36.0072 0312 clr_optimization_v4.0.30319_64 - ok

09:59:36.0150 0312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

09:59:36.0197 0312 CmBatt - ok

09:59:36.0213 0312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

09:59:36.0228 0312 cmdide - ok

09:59:36.0259 0312 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

09:59:36.0291 0312 CNG - ok

09:59:36.0353 0312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

09:59:36.0353 0312 Compbatt - ok

09:59:36.0384 0312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

09:59:36.0431 0312 CompositeBus - ok

09:59:36.0447 0312 COMSysApp - ok

09:59:36.0478 0312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

09:59:36.0493 0312 crcdisk - ok

09:59:36.0540 0312 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

09:59:36.0587 0312 CryptSvc - ok

09:59:36.0696 0312 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

09:59:36.0727 0312 cvhsvc - ok

09:59:36.0805 0312 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:59:36.0868 0312 DcomLaunch - ok

09:59:36.0915 0312 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

09:59:36.0977 0312 defragsvc - ok

09:59:37.0039 0312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

09:59:37.0086 0312 DfsC - ok

09:59:37.0180 0312 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

09:59:37.0242 0312 Dhcp - ok

09:59:37.0289 0312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

09:59:37.0351 0312 discache - ok

09:59:37.0461 0312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

09:59:37.0461 0312 Disk - ok

09:59:37.0523 0312 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

09:59:37.0585 0312 Dnscache - ok

09:59:37.0663 0312 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

09:59:37.0726 0312 dot3svc - ok

09:59:37.0773 0312 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

09:59:37.0819 0312 DPS - ok

09:59:37.0929 0312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

09:59:37.0960 0312 drmkaud - ok

09:59:38.0022 0312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

09:59:38.0069 0312 DXGKrnl - ok

09:59:38.0131 0312 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

09:59:38.0194 0312 EapHost - ok

09:59:38.0303 0312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

09:59:38.0412 0312 ebdrv - ok

09:59:38.0506 0312 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

09:59:38.0521 0312 EFS - ok

09:59:38.0584 0312 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

09:59:38.0646 0312 ehRecvr - ok

09:59:38.0677 0312 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

09:59:38.0709 0312 ehSched - ok

09:59:38.0787 0312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

09:59:38.0818 0312 elxstor - ok

09:59:38.0849 0312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

09:59:38.0880 0312 ErrDev - ok

09:59:38.0943 0312 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

09:59:39.0005 0312 EventSystem - ok

09:59:39.0067 0312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

09:59:39.0130 0312 exfat - ok

09:59:39.0192 0312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

09:59:39.0255 0312 fastfat - ok

09:59:39.0348 0312 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

09:59:39.0395 0312 Fax - ok

09:59:39.0426 0312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

09:59:39.0473 0312 fdc - ok

09:59:39.0535 0312 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

09:59:39.0598 0312 fdPHost - ok

09:59:39.0629 0312 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

09:59:39.0660 0312 FDResPub - ok

09:59:39.0707 0312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

09:59:39.0723 0312 FileInfo - ok

09:59:39.0738 0312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

09:59:39.0801 0312 Filetrace - ok

09:59:39.0832 0312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

09:59:39.0847 0312 flpydisk - ok

09:59:39.0879 0312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

09:59:39.0910 0312 FltMgr - ok

09:59:39.0972 0312 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

09:59:40.0050 0312 FontCache - ok

09:59:40.0113 0312 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:59:40.0128 0312 FontCache3.0.0.0 - ok

09:59:40.0206 0312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

09:59:40.0206 0312 FsDepends - ok

09:59:40.0237 0312 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

09:59:40.0253 0312 Fs_Rec - ok

09:59:40.0300 0312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

09:59:40.0331 0312 fvevol - ok

09:59:40.0378 0312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

09:59:40.0378 0312 gagp30kx - ok

09:59:40.0471 0312 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

09:59:40.0487 0312 GameConsoleService - ok

09:59:40.0549 0312 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe

09:59:40.0565 0312 GoToAssist - ok

09:59:40.0643 0312 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

09:59:40.0721 0312 gpsvc - ok

09:59:40.0846 0312 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:59:40.0861 0312 gupdate - ok

09:59:40.0877 0312 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:59:40.0893 0312 gupdatem - ok

09:59:40.0924 0312 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

09:59:40.0924 0312 gusvc - ok

09:59:41.0002 0312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

09:59:41.0064 0312 hcw85cir - ok

09:59:41.0142 0312 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

09:59:41.0189 0312 HdAudAddService - ok

09:59:41.0298 0312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

09:59:41.0329 0312 HDAudBus - ok

09:59:41.0376 0312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

09:59:41.0407 0312 HidBatt - ok

09:59:41.0439 0312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

09:59:41.0470 0312 HidBth - ok

09:59:41.0501 0312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

09:59:41.0548 0312 HidIr - ok

09:59:41.0579 0312 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

09:59:41.0641 0312 hidserv - ok

09:59:41.0751 0312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

09:59:41.0751 0312 HidUsb - ok

09:59:41.0782 0312 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

09:59:41.0844 0312 hkmsvc - ok

09:59:41.0875 0312 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

09:59:41.0922 0312 HomeGroupListener - ok

09:59:41.0969 0312 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

09:59:42.0000 0312 HomeGroupProvider - ok

09:59:42.0109 0312 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

09:59:42.0109 0312 HP Support Assistant Service - ok

09:59:42.0187 0312 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

09:59:42.0187 0312 HP Wireless Assistant Service - ok

09:59:42.0265 0312 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

09:59:42.0281 0312 HPDrvMntSvc.exe - ok

09:59:42.0328 0312 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

09:59:42.0359 0312 hpqwmiex - ok

09:59:42.0468 0312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

09:59:42.0484 0312 HpSAMD - ok

09:59:42.0593 0312 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

09:59:42.0609 0312 HPWMISVC - ok

09:59:42.0718 0312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

09:59:42.0780 0312 HTTP - ok

09:59:42.0827 0312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

09:59:42.0843 0312 hwpolicy - ok

09:59:42.0874 0312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

09:59:42.0889 0312 i8042prt - ok

09:59:42.0936 0312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

09:59:42.0952 0312 iaStorV - ok

09:59:43.0045 0312 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:59:43.0092 0312 idsvc - ok

09:59:43.0295 0312 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

09:59:43.0498 0312 igfx - ok

09:59:43.0591 0312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

09:59:43.0607 0312 iirsp - ok

09:59:43.0669 0312 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

09:59:43.0747 0312 IKEEXT - ok

09:59:43.0888 0312 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys

09:59:43.0981 0312 IntcAzAudAddService - ok

09:59:44.0013 0312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

09:59:44.0028 0312 intelide - ok

09:59:44.0075 0312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

09:59:44.0106 0312 intelppm - ok

09:59:44.0153 0312 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

09:59:44.0200 0312 IPBusEnum - ok

09:59:44.0309 0312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:59:44.0356 0312 IpFilterDriver - ok

09:59:44.0387 0312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

09:59:44.0418 0312 IPMIDRV - ok

09:59:44.0543 0312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

09:59:44.0590 0312 IPNAT - ok

09:59:44.0637 0312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

09:59:44.0715 0312 IRENUM - ok

09:59:44.0824 0312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

09:59:44.0839 0312 isapnp - ok

09:59:44.0902 0312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

09:59:44.0917 0312 iScsiPrt - ok

09:59:44.0949 0312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

09:59:44.0964 0312 kbdclass - ok

09:59:45.0011 0312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

09:59:45.0042 0312 kbdhid - ok

09:59:45.0120 0312 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:59:45.0136 0312 KeyIso - ok

09:59:45.0167 0312 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

09:59:45.0183 0312 KSecDD - ok

09:59:45.0245 0312 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

09:59:45.0261 0312 KSecPkg - ok

09:59:45.0292 0312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

09:59:45.0339 0312 ksthunk - ok

09:59:45.0417 0312 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

09:59:45.0463 0312 KtmRm - ok

09:59:45.0635 0312 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

09:59:45.0682 0312 LanmanServer - ok

09:59:45.0713 0312 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

09:59:45.0760 0312 LanmanWorkstation - ok

09:59:45.0869 0312 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

09:59:45.0885 0312 LBTServ - ok

09:59:45.0963 0312 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys

09:59:45.0963 0312 LHidFilt - ok

09:59:46.0056 0312 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

09:59:46.0087 0312 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

09:59:46.0087 0312 LightScribeService - detected UnsignedFile.Multi.Generic (1)

09:59:46.0197 0312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

09:59:46.0259 0312 lltdio - ok

09:59:46.0353 0312 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

09:59:46.0415 0312 lltdsvc - ok

09:59:46.0446 0312 lmab_device - ok

09:59:46.0462 0312 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

09:59:46.0509 0312 lmhosts - ok

09:59:46.0618 0312 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys

09:59:46.0633 0312 LMouFilt - ok

09:59:46.0680 0312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

09:59:46.0696 0312 LSI_FC - ok

09:59:46.0727 0312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

09:59:46.0743 0312 LSI_SAS - ok

09:59:46.0774 0312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:59:46.0789 0312 LSI_SAS2 - ok

09:59:46.0821 0312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:59:46.0836 0312 LSI_SCSI - ok

09:59:46.0883 0312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

09:59:46.0930 0312 luafv - ok

09:59:47.0055 0312 lxdnCATSCustConnectService (4208b958e35f0e596aa241efb664636b) C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe

09:59:47.0133 0312 lxdnCATSCustConnectService - ok

09:59:47.0195 0312 lxdn_device - ok

09:59:47.0289 0312 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

09:59:47.0304 0312 MBAMProtector - ok

09:59:47.0413 0312 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

09:59:47.0429 0312 MBAMService - ok

09:59:47.0507 0312 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

09:59:47.0538 0312 Mcx2Svc - ok

09:59:47.0585 0312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

09:59:47.0601 0312 megasas - ok

09:59:47.0647 0312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

09:59:47.0663 0312 MegaSR - ok

09:59:47.0694 0312 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:59:47.0741 0312 MMCSS - ok

09:59:47.0788 0312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

09:59:47.0835 0312 Modem - ok

09:59:47.0881 0312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

09:59:47.0913 0312 monitor - ok

09:59:47.0959 0312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

09:59:47.0959 0312 mouclass - ok

09:59:48.0006 0312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

09:59:48.0037 0312 mouhid - ok

09:59:48.0069 0312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

09:59:48.0084 0312 mountmgr - ok

09:59:48.0115 0312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

09:59:48.0131 0312 mpio - ok

09:59:48.0162 0312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

09:59:48.0193 0312 mpsdrv - ok

09:59:48.0225 0312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

09:59:48.0271 0312 MRxDAV - ok

09:59:48.0318 0312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:59:48.0365 0312 mrxsmb - ok

09:59:48.0427 0312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:59:48.0459 0312 mrxsmb10 - ok

09:59:48.0490 0312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:59:48.0490 0312 mrxsmb20 - ok

09:59:48.0537 0312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

09:59:48.0552 0312 msahci - ok

09:59:48.0583 0312 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

09:59:48.0583 0312 msdsm - ok

09:59:48.0615 0312 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

09:59:48.0646 0312 MSDTC - ok

09:59:48.0693 0312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

09:59:48.0739 0312 Msfs - ok

09:59:48.0755 0312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

09:59:48.0786 0312 mshidkmdf - ok

09:59:48.0833 0312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

09:59:48.0833 0312 msisadrv - ok

09:59:48.0880 0312 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

09:59:48.0942 0312 MSiSCSI - ok

09:59:48.0942 0312 msiserver - ok

09:59:48.0989 0312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

09:59:49.0051 0312 MSKSSRV - ok

09:59:49.0098 0312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

09:59:49.0145 0312 MSPCLOCK - ok

09:59:49.0176 0312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

09:59:49.0239 0312 MSPQM - ok

09:59:49.0285 0312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

09:59:49.0301 0312 MsRPC - ok

09:59:49.0332 0312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

09:59:49.0348 0312 mssmbios - ok

09:59:49.0441 0312 MSSQL$ACT7 - ok

09:59:49.0488 0312 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe

09:59:49.0504 0312 MSSQLServerADHelper - ok

09:59:49.0597 0312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

09:59:49.0644 0312 MSTEE - ok

09:59:49.0675 0312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

09:59:49.0707 0312 MTConfig - ok

09:59:49.0816 0312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

09:59:49.0831 0312 Mup - ok

09:59:49.0863 0312 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

09:59:49.0925 0312 napagent - ok

09:59:50.0097 0312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

09:59:50.0128 0312 NativeWifiP - ok

09:59:50.0268 0312 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

09:59:50.0315 0312 NDIS - ok

09:59:50.0424 0312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

09:59:50.0471 0312 NdisCap - ok

09:59:50.0549 0312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

09:59:50.0596 0312 NdisTapi - ok

09:59:50.0705 0312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

09:59:50.0767 0312 Ndisuio - ok

09:59:50.0799 0312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

09:59:50.0861 0312 NdisWan - ok

09:59:50.0939 0312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

09:59:50.0970 0312 NDProxy - ok

09:59:51.0001 0312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

09:59:51.0064 0312 NetBIOS - ok

09:59:51.0111 0312 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

09:59:51.0142 0312 NetBT - ok

09:59:51.0189 0312 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:59:51.0189 0312 Netlogon - ok

09:59:51.0235 0312 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

09:59:51.0298 0312 Netman - ok

09:59:51.0423 0312 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:59:51.0454 0312 NetMsmqActivator - ok

09:59:51.0454 0312 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:59:51.0469 0312 NetPipeActivator - ok

09:59:51.0532 0312 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

09:59:51.0594 0312 netprofm - ok

09:59:51.0688 0312 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:59:51.0688 0312 NetTcpActivator - ok

09:59:51.0703 0312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:59:51.0719 0312 NetTcpPortSharing - ok

09:59:51.0937 0312 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

09:59:52.0093 0312 netw5v64 - ok

09:59:52.0187 0312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

09:59:52.0187 0312 nfrd960 - ok

09:59:52.0265 0312 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

09:59:52.0327 0312 NlaSvc - ok

09:59:52.0421 0312 nlsX86cc (60ef6771e349eb9173142ab34afc5a4c) C:\Windows\SysWOW64\NLSSRV32.EXE

09:59:52.0437 0312 nlsX86cc - ok

09:59:52.0499 0312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

09:59:52.0546 0312 Npfs - ok

09:59:52.0561 0312 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

09:59:52.0624 0312 nsi - ok

09:59:52.0655 0312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

09:59:52.0702 0312 nsiproxy - ok

09:59:52.0780 0312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

09:59:52.0858 0312 Ntfs - ok

09:59:52.0889 0312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

09:59:52.0920 0312 Null - ok

09:59:52.0951 0312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

09:59:52.0967 0312 nvraid - ok

09:59:52.0983 0312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

09:59:52.0998 0312 nvstor - ok

09:59:53.0045 0312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

09:59:53.0061 0312 nv_agp - ok

09:59:53.0107 0312 NWADI (91b17f9dbb2e60feaf27cadfb9998ffb) C:\Windows\system32\DRIVERS\NWADIenum.sys

09:59:53.0154 0312 NWADI - ok

09:59:53.0232 0312 NWUSBModem (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbmdm.sys

09:59:53.0279 0312 NWUSBModem - ok

09:59:53.0341 0312 NWUSBPort (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbser.sys

09:59:53.0357 0312 NWUSBPort - ok

09:59:53.0373 0312 NWUSBPort2 (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbser2.sys

09:59:53.0388 0312 NWUSBPort2 - ok

09:59:53.0419 0312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

09:59:53.0451 0312 ohci1394 - ok

09:59:53.0544 0312 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:59:53.0560 0312 ose - ok

09:59:53.0700 0312 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:59:53.0778 0312 osppsvc - ok

09:59:53.0887 0312 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:59:53.0934 0312 p2pimsvc - ok

09:59:53.0965 0312 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

09:59:53.0981 0312 p2psvc - ok

09:59:54.0028 0312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

09:59:54.0043 0312 Parport - ok

09:59:54.0075 0312 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

09:59:54.0090 0312 partmgr - ok

09:59:54.0121 0312 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

09:59:54.0153 0312 PcaSvc - ok

09:59:54.0184 0312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

09:59:54.0199 0312 pci - ok

09:59:54.0246 0312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

09:59:54.0246 0312 pciide - ok

09:59:54.0293 0312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

09:59:54.0309 0312 pcmcia - ok

09:59:54.0340 0312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

09:59:54.0355 0312 pcw - ok

09:59:54.0387 0312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

09:59:54.0449 0312 PEAUTH - ok

09:59:54.0511 0312 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

09:59:54.0543 0312 PerfHost - ok

09:59:54.0652 0312 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

09:59:54.0730 0312 pla - ok

09:59:54.0808 0312 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

09:59:54.0855 0312 PlugPlay - ok

09:59:54.0886 0312 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

09:59:54.0917 0312 PNRPAutoReg - ok

09:59:54.0948 0312 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:59:54.0964 0312 PNRPsvc - ok

09:59:55.0011 0312 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

09:59:55.0073 0312 PolicyAgent - ok

09:59:55.0120 0312 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

09:59:55.0182 0312 Power - ok

09:59:55.0229 0312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

09:59:55.0291 0312 PptpMiniport - ok

09:59:55.0323 0312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

09:59:55.0354 0312 Processor - ok

09:59:55.0401 0312 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

09:59:55.0463 0312 ProfSvc - ok

09:59:55.0494 0312 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:59:55.0510 0312 ProtectedStorage - ok

09:59:55.0572 0312 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

09:59:55.0635 0312 Psched - ok

09:59:55.0713 0312 PSI_SVC_2 (e0d0cb09aa07b22be984e4f7ec0326f5) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

09:59:55.0728 0312 PSI_SVC_2 - ok

09:59:55.0837 0312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

09:59:55.0884 0312 ql2300 - ok

09:59:55.0915 0312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

09:59:55.0931 0312 ql40xx - ok

09:59:55.0962 0312 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

09:59:56.0009 0312 QWAVE - ok

09:59:56.0056 0312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

09:59:56.0103 0312 QWAVEdrv - ok

09:59:56.0134 0312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

09:59:56.0196 0312 RasAcd - ok

09:59:56.0227 0312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:59:56.0274 0312 RasAgileVpn - ok

09:59:56.0305 0312 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

09:59:56.0368 0312 RasAuto - ok

09:59:56.0430 0312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:59:56.0477 0312 Rasl2tp - ok

09:59:56.0539 0312 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

09:59:56.0571 0312 RasMan - ok

09:59:56.0633 0312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

09:59:56.0664 0312 RasPppoe - ok

09:59:56.0695 0312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

09:59:56.0758 0312 RasSstp - ok

09:59:56.0805 0312 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

09:59:56.0851 0312 rdbss - ok

09:59:56.0898 0312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

09:59:56.0929 0312 rdpbus - ok

09:59:56.0961 0312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:59:57.0023 0312 RDPCDD - ok

09:59:57.0085 0312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

09:59:57.0132 0312 RDPENCDD - ok

09:59:57.0163 0312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

09:59:57.0195 0312 RDPREFMP - ok

09:59:57.0241 0312 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

09:59:57.0335 0312 RDPWD - ok

09:59:57.0507 0312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

09:59:57.0569 0312 rdyboost - ok

09:59:57.0631 0312 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

09:59:57.0678 0312 RemoteAccess - ok

09:59:57.0725 0312 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

09:59:57.0787 0312 RemoteRegistry - ok

09:59:57.0912 0312 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

09:59:57.0943 0312 RimUsb - ok

09:59:57.0975 0312 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

09:59:58.0037 0312 RpcEptMapper - ok

09:59:58.0068 0312 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

09:59:58.0084 0312 RpcLocator - ok

09:59:58.0115 0312 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:59:58.0162 0312 RpcSs - ok

09:59:58.0209 0312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

09:59:58.0255 0312 rspndr - ok

09:59:58.0302 0312 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

09:59:58.0318 0312 RSUSBSTOR - ok

09:59:58.0380 0312 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys

09:59:58.0396 0312 RTL8167 - ok

09:59:58.0458 0312 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

09:59:58.0474 0312 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning

09:59:58.0474 0312 RtVOsdService - detected UnsignedFile.Multi.Generic (1)

09:59:58.0552 0312 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:59:58.0567 0312 SamSs - ok

09:59:58.0599 0312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

09:59:58.0614 0312 sbp2port - ok

09:59:58.0645 0312 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

09:59:58.0692 0312 SCardSvr - ok

09:59:58.0739 0312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

09:59:58.0770 0312 scfilter - ok

09:59:58.0833 0312 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

09:59:58.0926 0312 Schedule - ok

09:59:58.0973 0312 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:59:59.0004 0312 SCPolicySvc - ok

09:59:59.0067 0312 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

09:59:59.0113 0312 sdbus - ok

09:59:59.0145 0312 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

09:59:59.0160 0312 SDRSVC - ok

09:59:59.0238 0312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:59:59.0285 0312 secdrv - ok

09:59:59.0316 0312 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

09:59:59.0363 0312 seclogon - ok

09:59:59.0410 0312 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

09:59:59.0441 0312 SENS - ok

09:59:59.0472 0312 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

09:59:59.0519 0312 SensrSvc - ok

09:59:59.0613 0312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

09:59:59.0644 0312 Serenum - ok

09:59:59.0659 0312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

09:59:59.0675 0312 Serial - ok

09:59:59.0706 0312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

09:59:59.0737 0312 sermouse - ok

09:59:59.0784 0312 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

09:59:59.0847 0312 SessionEnv - ok

09:59:59.0893 0312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

09:59:59.0940 0312 sffdisk - ok

10:00:00.0003 0312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:00:00.0034 0312 sffp_mmc - ok

10:00:00.0065 0312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:00:00.0096 0312 sffp_sd - ok

10:00:00.0127 0312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:00:00.0143 0312 sfloppy - ok

10:00:00.0205 0312 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

10:00:00.0252 0312 Sftfs - ok

10:00:00.0346 0312 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

10:00:00.0377 0312 sftlist - ok

10:00:00.0455 0312 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

10:00:00.0455 0312 Sftplay - ok

10:00:00.0486 0312 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

10:00:00.0486 0312 Sftredir - ok

10:00:00.0517 0312 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

10:00:00.0533 0312 Sftvol - ok

10:00:00.0611 0312 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

10:00:00.0627 0312 sftvsa - ok

10:00:00.0689 0312 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:00:00.0751 0312 SharedAccess - ok

10:00:00.0845 0312 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:00:00.0907 0312 ShellHWDetection - ok

10:00:01.0048 0312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:00:01.0048 0312 SiSRaid2 - ok

10:00:01.0126 0312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:00:01.0157 0312 SiSRaid4 - ok

10:00:01.0235 0312 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe

10:00:01.0251 0312 SkypeUpdate - ok

10:00:01.0360 0312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:00:01.0407 0312 Smb - ok

10:00:01.0578 0312 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:00:01.0609 0312 SNMPTRAP - ok

10:00:01.0734 0312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:00:01.0750 0312 spldr - ok

10:00:01.0921 0312 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:00:01.0968 0312 Spooler - ok

10:00:02.0389 0312 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:00:02.0545 0312 sppsvc - ok

10:00:02.0717 0312 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:00:02.0748 0312 sppuinotify - ok

10:00:02.0889 0312 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

10:00:02.0904 0312 SQLBrowser - ok

10:00:02.0982 0312 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

10:00:02.0998 0312 SQLWriter - ok

10:00:03.0138 0312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:00:03.0232 0312 srv - ok

10:00:03.0388 0312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:00:03.0419 0312 srv2 - ok

10:00:03.0513 0312 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

10:00:03.0544 0312 SrvHsfHDA - ok

10:00:03.0653 0312 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

10:00:03.0762 0312 SrvHsfV92 - ok

10:00:03.0871 0312 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

10:00:03.0887 0312 SrvHsfWinac - ok

10:00:03.0934 0312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:00:03.0965 0312 srvnet - ok

10:00:04.0027 0312 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:00:04.0074 0312 SSDPSRV - ok

10:00:04.0105 0312 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:00:04.0137 0312 SstpSvc - ok

10:00:04.0183 0312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:00:04.0183 0312 stexstor - ok

10:00:04.0230 0312 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:00:04.0293 0312 stisvc - ok

10:00:04.0339 0312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:00:04.0355 0312 swenum - ok

10:00:04.0386 0312 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:00:04.0449 0312 swprv - ok

10:00:04.0573 0312 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys

10:00:04.0589 0312 SynTP - ok

10:00:04.0667 0312 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:00:04.0761 0312 SysMain - ok

10:00:04.0792 0312 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:00:04.0823 0312 TabletInputService - ok

10:00:04.0854 0312 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:00:04.0901 0312 TapiSrv - ok

10:00:04.0932 0312 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:00:04.0963 0312 TBS - ok

10:00:05.0057 0312 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:00:05.0135 0312 Tcpip - ok

10:00:05.0213 0312 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:00:05.0244 0312 TCPIP6 - ok

10:00:05.0291 0312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:00:05.0322 0312 tcpipreg - ok

10:00:05.0353 0312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:00:05.0400 0312 TDPIPE - ok

10:00:05.0431 0312 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

10:00:05.0478 0312 TDTCP - ok

10:00:05.0650 0312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:00:05.0681 0312 tdx - ok

10:00:05.0712 0312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:00:05.0728 0312 TermDD - ok

10:00:05.0775 0312 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:00:05.0821 0312 TermService - ok

10:00:05.0853 0312 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:00:05.0884 0312 Themes - ok

10:00:05.0915 0312 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:00:05.0962 0312 THREADORDER - ok

10:00:05.0977 0312 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:00:06.0024 0312 TrkWks - ok

10:00:06.0087 0312 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:00:06.0118 0312 TrustedInstaller - ok

10:00:06.0196 0312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:00:06.0243 0312 tssecsrv - ok

10:00:06.0352 0312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:00:06.0399 0312 TsUsbFlt - ok

10:00:06.0477 0312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:00:06.0523 0312 tunnel - ok

10:00:06.0586 0312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:00:06.0586 0312 uagp35 - ok

10:00:06.0633 0312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:00:06.0679 0312 udfs - ok

10:00:06.0695 0312 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:00:06.0711 0312 UI0Detect - ok

10:00:06.0742 0312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:00:06.0757 0312 uliagpkx - ok

10:00:06.0804 0312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:00:06.0820 0312 umbus - ok

10:00:06.0851 0312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:00:06.0882 0312 UmPass - ok

10:00:06.0929 0312 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:00:06.0976 0312 upnphost - ok

10:00:07.0007 0312 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:00:07.0023 0312 usbccgp - ok

10:00:07.0069 0312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:00:07.0085 0312 usbcir - ok

10:00:07.0116 0312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:00:07.0147 0312 usbehci - ok

10:00:07.0194 0312 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

10:00:07.0210 0312 usbfilter - ok

10:00:07.0257 0312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:00:07.0288 0312 usbhub - ok

10:00:07.0303 0312 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

10:00:07.0319 0312 usbohci - ok

10:00:07.0366 0312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:00:07.0413 0312 usbprint - ok

10:00:07.0444 0312 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:00:07.0475 0312 usbscan - ok

10:00:07.0506 0312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:00:07.0569 0312 USBSTOR - ok

10:00:07.0615 0312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:00:07.0647 0312 usbuhci - ok

10:00:07.0709 0312 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

10:00:07.0725 0312 usbvideo - ok

10:00:07.0756 0312 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:00:07.0803 0312 UxSms - ok

10:00:07.0834 0312 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:00:07.0849 0312 VaultSvc - ok

10:00:07.0896 0312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:00:07.0912 0312 vdrvroot - ok

10:00:07.0943 0312 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:00:07.0990 0312 vds - ok

10:00:08.0037 0312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:00:08.0052 0312 vga - ok

10:00:08.0083 0312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:00:08.0130 0312 VgaSave - ok

10:00:08.0177 0312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:00:08.0193 0312 vhdmp - ok

10:00:08.0239 0312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:00:08.0239 0312 viaide - ok

10:00:08.0271 0312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:00:08.0286 0312 volmgr - ok

10:00:08.0333 0312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:00:08.0349 0312 volmgrx - ok

10:00:08.0380 0312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:00:08.0395 0312 volsnap - ok

10:00:08.0442 0312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:00:08.0458 0312 vsmraid - ok

10:00:08.0505 0312 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:00:08.0614 0312 VSS - ok

10:00:08.0661 0312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:00:08.0692 0312 vwifibus - ok

10:00:08.0739 0312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:00:08.0770 0312 vwififlt - ok

10:00:08.0801 0312 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:00:08.0848 0312 W32Time - ok

10:00:08.0895 0312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:00:08.0926 0312 WacomPen - ok

10:00:08.0973 0312 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:00:09.0019 0312 WANARP - ok

10:00:09.0051 0312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:00:09.0082 0312 Wanarpv6 - ok

10:00:09.0160 0312 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:00:09.0207 0312 WatAdminSvc - ok

10:00:09.0285 0312 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:00:09.0378 0312 wbengine - ok

10:00:09.0441 0312 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:00:09.0472 0312 WbioSrvc - ok

10:00:09.0519 0312 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:00:09.0565 0312 wcncsvc - ok

10:00:09.0597 0312 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:00:09.0643 0312 WcsPlugInService - ok

10:00:09.0690 0312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:00:09.0706 0312 Wd - ok

10:00:09.0753 0312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:00:09.0784 0312 Wdf01000 - ok

10:00:09.0831 0312 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:00:09.0940 0312 WdiServiceHost - ok

10:00:09.0940 0312 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:00:09.0955 0312 WdiSystemHost - ok

10:00:10.0033 0312 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:00:10.0065 0312 WebClient - ok

10:00:10.0111 0312 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:00:10.0174 0312 Wecsvc - ok

10:00:10.0189 0312 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:00:10.0252 0312 wercplsupport - ok

10:00:10.0299 0312 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:00:10.0345 0312 WerSvc - ok

10:00:10.0408 0312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:00:10.0439 0312 WfpLwf - ok

10:00:10.0486 0312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:00:10.0486 0312 WIMMount - ok

10:00:10.0517 0312 WinHttpAutoProxySvc - ok

10:00:10.0564 0312 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:00:10.0626 0312 Winmgmt - ok

10:00:10.0767 0312 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:00:10.0876 0312 WinRM - ok

10:00:11.0032 0312 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:00:11.0047 0312 WinUsb - ok

10:00:11.0094 0312 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:00:11.0157 0312 Wlansvc - ok

10:00:11.0281 0312 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:00:11.0359 0312 wlidsvc - ok

10:00:11.0469 0312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:00:11.0500 0312 WmiAcpi - ok

10:00:11.0547 0312 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:00:11.0593 0312 wmiApSrv - ok

10:00:11.0640 0312 WMPNetworkSvc - ok

10:00:11.0703 0312 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:00:11.0734 0312 WPCSvc - ok

10:00:11.0781 0312 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:00:11.0796 0312 WPDBusEnum - ok

10:00:11.0827 0312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:00:11.0874 0312 ws2ifsl - ok

10:00:11.0890 0312 WSearch - ok

10:00:11.0968 0312 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

10:00:12.0093 0312 wuauserv - ok

10:00:12.0186 0312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:00:12.0249 0312 WudfPf - ok

10:00:12.0280 0312 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:00:12.0342 0312 WUDFRd - ok

10:00:12.0373 0312 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:00:12.0420 0312 wudfsvc - ok

10:00:12.0451 0312 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:00:12.0498 0312 WwanSvc - ok

10:00:12.0623 0312 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

10:00:12.0654 0312 yukonw7 - ok

10:00:12.0685 0312 MBR (0x1B8) (5b0cd9c50984ebb5552e113de7417575) \Device\Harddisk0\DR0

10:00:12.0795 0312 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:00:12.0795 0312 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:00:12.0826 0312 Boot (0x1200) (3013caf807063eac5d92312d63d5a7e0) \Device\Harddisk0\DR0\Partition0

10:00:12.0826 0312 \Device\Harddisk0\DR0\Partition0 - ok

10:00:12.0841 0312 Boot (0x1200) (df17ad92ec529b04d7d2ce22deb0b6fd) \Device\Harddisk0\DR0\Partition1

10:00:12.0841 0312 \Device\Harddisk0\DR0\Partition1 - ok

10:00:12.0873 0312 Boot (0x1200) (2e37706e72ed968969cc8975478b19a2) \Device\Harddisk0\DR0\Partition2

10:00:12.0888 0312 \Device\Harddisk0\DR0\Partition2 - ok

10:00:12.0904 0312 Boot (0x1200) (1251ef5d2448f6c138d14b380da8ab30) \Device\Harddisk0\DR0\Partition3

10:00:12.0904 0312 \Device\Harddisk0\DR0\Partition3 - ok

10:00:12.0904 0312 ============================================================

10:00:12.0904 0312 Scan finished

10:00:12.0904 0312 ============================================================

10:00:12.0919 0868 Detected object count: 4

10:00:12.0919 0868 Actual detected object count: 4

10:01:05.0772 0868 ACT! Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user

10:01:05.0772 0868 ACT! Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:01:05.0772 0868 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

10:01:05.0772 0868 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:01:05.0772 0868 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user

10:01:05.0772 0868 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:01:05.0788 0868 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:01:05.0804 0868 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:01:05.0882 0868 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:01:05.0928 0868 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:01:05.0928 0868 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:01:05.0928 0868 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:01:05.0928 0868 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:01:05.0944 0868 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:01:05.0944 0868 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:01:05.0944 0868 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

10:01:05.0944 0868 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:01:05.0944 0868 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

10:01:05.0944 0868 \Device\Harddisk0\DR0\TDLFS - deleted

10:01:05.0944 0868 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Link to post
Share on other sites

OK...next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-04-17.01 - hp 04/18/2012 10:33:15.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1801 [GMT -4:00]

Running from: c:\users\hp\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\fEjvOImgR63Ik6

c:\programdata\SPL9990.tmp

c:\users\hp\AppData\Local\assembly\tmp

c:\users\hp\Documents\~WRL1427.tmp

c:\users\hp\Documents\~WRL2390.tmp

c:\users\hp\g2mdlhlpx.exe

c:\users\hp\GoToAssistDownloadHelper.exe

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\svchost.exe

.

Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))

.

.

2012-04-18 15:25 . 2012-04-18 15:25 -------- d-----w- c:\users\Kiosk\AppData\Local\temp

2012-04-18 15:25 . 2012-04-18 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-18 13:37 . 2012-04-18 14:01 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-18 01:39 . 2012-04-18 01:39 -------- d-----w- c:\program files\Java

2012-04-18 01:38 . 2012-04-18 01:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-18 01:38 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-16 13:04 . 2012-04-16 13:04 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes

2012-04-16 13:03 . 2012-04-16 13:03 -------- d-----w- c:\programdata\Malwarebytes

2012-04-14 12:10 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-14 12:07 . 2012-04-16 13:36 -------- d-----w- c:\programdata\AVAST Software

2012-04-14 12:07 . 2012-04-15 22:25 -------- d-----w- c:\program files\AVAST Software

2012-04-14 02:43 . 2012-04-14 17:31 -------- d-----w- c:\windows\system32\MpEngineStore

2012-04-13 18:33 . 2012-04-13 18:33 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-12 11:02 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 11:02 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 11:02 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 10:58 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 10:58 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 10:58 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 10:58 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 10:58 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 10:58 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 10:58 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-07 12:27 . 2012-04-07 12:27 -------- d-----w- c:\programdata\Act

2012-04-07 12:19 . 2012-04-18 02:02 952 --sha-w- c:\programdata\KGyGaAvL.sys

2012-04-07 12:19 . 2012-04-07 12:19 88 --sh--r- c:\programdata\7F5348C2C7.sys

2012-04-07 12:19 . 2012-04-07 12:19 -------- d-----w- c:\users\hp\AppData\Roaming\IsolatedStorage

2012-04-07 12:19 . 2012-04-07 12:19 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage

2012-04-07 12:18 . 2003-08-28 18:08 536576 ------w- c:\windows\SysWow64\msvcr70d.dll

2012-04-07 12:18 . 2003-08-28 18:06 94208 ------w- c:\windows\SysWow64\msvci70d.dll

2012-04-07 12:18 . 2002-07-17 07:37 344064 ------w- c:\windows\SysWow64\msvcr70.dll

2012-04-07 12:17 . 2012-04-07 12:17 -------- d-----w- c:\programdata\Sage Software, Inc

2012-04-07 12:16 . 2012-04-07 12:16 -------- d-----w- c:\program files (x86)\Common Files\Protexis

2012-04-07 12:10 . 2012-04-07 12:11 -------- d-----w- c:\program files\Microsoft SQL Server

2012-04-07 12:10 . 2012-04-07 13:03 -------- d-----w- c:\users\hp\AppData\Roaming\ACT

2012-04-07 12:10 . 2012-04-08 07:02 -------- d-----w- c:\program files (x86)\Microsoft SQL Server

2012-04-07 12:10 . 2012-04-07 12:10 -------- d-----w- c:\program files (x86)\ACT

2012-04-07 12:02 . 2012-04-13 18:34 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-07 11:32 . 2012-04-07 11:32 -------- d-----w- C:\ACT!2010

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-18 01:40 . 2010-07-11 05:29 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-13 18:34 . 2011-09-19 13:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 14:18 . 2010-09-20 22:54 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 11:20 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 11:20 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 11:20 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 11:20 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36 . 2012-03-14 11:21 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 11:21 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-09 00:34 . 2012-02-09 00:34 70136 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE

2012-02-09 00:33 . 2012-02-21 03:36 30200 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-02-09 00:33 . 2012-02-21 03:36 18424 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-02-03 04:34 . 2012-03-14 11:21 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-14 11:21 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-14 11:21 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-14 11:21 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9427041a-a8dc-4d06-9a68-93873486e957}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Productivity_3.1\prxtbProd.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{9427041a-a8dc-4d06-9a68-93873486e957}"= "c:\program files (x86)\Productivity_3.1\prxtbProd.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{9427041a-a8dc-4d06-9a68-93873486e957}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]

"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2009-02-21 590504]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-01-21 28672]

"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2010-01-21 331776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-01-21 81920]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 1044648]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [2009-04-28 29184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-02-09 70136]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:34]

.

2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 18:12]

.

2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 18:12]

.

2012-04-07 c:\windows\Tasks\HPCeeScheduleForhp.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-07 6489704]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]

"lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]

"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-07-18 20480]

"LMPSSDMON"="c:\program files\Lexmark\Monitor\ACO\LMabMON.exe" [2009-02-21 753664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.envoymortgage.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: usda.gov\gus.sc.egov

TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

Toolbar-Locked - (no file)

WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{9427041A-A8DC-4D06-9A68-93873486E957}"=hex:51,66,7a,6c,4c,1d,38,12,74,07,34,

90,ee,e6,68,08,e5,7e,d0,c7,31,d8,ad,43

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D5233FCD-D258-4903-89B8-FB1568E7413D}"=hex:51,66,7a,6c,4c,1d,38,12,a3,3c,30,

d1,6a,9c,6d,0c,f6,ae,b8,55,6d,b9,05,29

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a2,55,ba,70,45,1a,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe

c:\windows\System32\spool\drivers\x64\3\WrtProc.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

.

**************************************************************************

.

Completion time: 2012-04-18 11:37:58 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-18 15:37

.

Pre-Run: 209,108,574,208 bytes free

Post-Run: 209,841,827,840 bytes free

.

- - End Of File - - 8E3B92A4AC02607D298D8E6717951450

Link to post
Share on other sites

Please find this file and upload it to VirusTotal for a free scan, post back the results...just copy back the url.

c:\programdata\7F5348C2C7.sys

http://www.virustotal.com/

---------------------------------

Then........

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

--------------------------------

Last......

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Link to post
Share on other sites

Can you right click on it and choose copy?

If so, copy it somewhere else and then zip it up and attach ot to you next post.

Can you right click on it and choose "Scan with Malwarebytes Anti-malware"

-----------------------------

Run TFC and MB as outlined above.

----------------------

Reinstall Microsoft Security Essentials, update it and scan the system.

You should also be able to right click on the file and choose "Scan with Microsoft Security Essentials"

Let me know if it finds anything.

MrC

Link to post
Share on other sites

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff....temLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :Filefind
    7F5348C2C7.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------

Please reinstall MSE, update and run a scan.

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 13:53 on 18/04/2012 by hp

Administrator - Elevation successful

========== Filefind ==========

Searching for "7F5348C2C7.sys"

C:\ProgramData\7F5348C2C7.sys -r-hs-- 88 bytes [12:19 07/04/2012] [12:19 07/04/2012] A8A7E11DF9B935A97F927F6A48531BEB

C:\Users\All Users\7F5348C2C7.sys -r-hs-- 88 bytes [12:19 07/04/2012] [12:19 07/04/2012] A8A7E11DF9B935A97F927F6A48531BEB

-= EOF =-

Link to post
Share on other sites

Looks like it has the same date as IsolatedStorage, is this an HP computer?

2012-04-07 12:19 . 2012-04-07 12:19 88 --sh--r- c:\programdata\7F5348C2C7.sys

2012-04-07 12:19 . 2012-04-07 12:19 -------- d-----w- c:\users\hp\AppData\Roaming\IsolatedStorage

2012-04-07 12:19 . 2012-04-07 12:19 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage

------------------------------------

Complete the rest of it.

MrC

Link to post
Share on other sites

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

--------------------------------

Next.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

-------------------------------------

Last....

Reinstall Microsoft Security Essentials, update it and scan the system.

Let me know if it finds anything, MrC

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.18.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

hp :: HP-HP [administrator]

Protection: Enabled

4/18/2012 3:24:24 PM

mbam-log-2012-04-18 (15-24-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236024

Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I uninstalled that and nothing comes up when I search for it,. i noticed when I had a first responce from Malwarebytes it said if the current security (MSE) let this through payme I want a paid version of malware. What is your suggestion? And why, if you are Malware, did we use Kaspersky? I don't mind paying for the protection as long as I get a suggestion? Are you able to do that or against policy? I can install MSE also.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.