Infected with Win32/Olmarik.TDL4.Trojan on Win 7 Home Premium 64 Bit

[aznplayer28]

Hello people and thanks for helping. I followed the instructions from the "I'm infected - What do I do now?" thread.

I have the DDS.txt and Attach.txt logs on my desktop, but the instructions says "Please include the following logs in your next reply: DDS.txt and Attach.txt

You can ignore the note about zipping the Attach.txt file in most cases."

I will wait for instructions from forum helpers.

[MrCharlie]

Welcome to the forum.

Can you post those logs and also.....

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[aznplayer28]

Here is the DDS.txt log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by 9310 at 13:52:25 on 2012-08-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2788 [GMT -5:00]

.

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://forums.malwarebytes.org/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{2F33FAC6-0BE0-4D01-B15D-BD3923E103CD} : DhcpNameServer = 75.75.76.76 75.75.75.75

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-12 18:46:13 20480 ----a-w- C:\Windows\svchost.exe

2012-08-12 18:39:36 -------- d-----w- C:\Users\9310\AppData\Roaming\Malwarebytes

2012-08-12 18:39:07 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-12 18:39:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-12 18:39:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-12 06:25:18 -------- d-----w- C:\Windows\Panther

2012-08-12 06:22:31 -------- d-----w- C:\Users\9310\AppData\Local\Apple Computer

2012-08-12 06:22:24 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-08-12 06:22:24 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-12 06:22:24 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-08-12 06:21:27 -------- d-----w- C:\Program Files\iPod

2012-08-12 06:21:26 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-08-12 06:21:26 -------- d-----w- C:\Program Files\iTunes

2012-08-12 06:21:26 -------- d-----w- C:\Program Files (x86)\iTunes

2012-08-12 06:20:24 -------- d-----w- C:\Users\9310\AppData\Local\Apple

2012-08-12 06:19:47 -------- d-----w- C:\Program Files\Bonjour

2012-08-12 06:19:47 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-08-12 05:53:33 -------- d-----w- C:\Program Files\Realtek

2012-08-12 05:53:32 -------- d-----w- C:\Windows\SysWow64\RTCOM

2012-08-12 05:48:10 -------- d-----w- C:\Users\9310\AppData\Roaming\ESET

2012-08-12 05:48:10 -------- d-----w- C:\Users\9310\AppData\Local\ESET

2012-08-12 05:45:16 -------- d-----w- C:\Program Files\ESET

2012-08-12 05:34:48 -------- d-sh--w- C:\Windows\Installer

2012-08-12 05:24:12 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-12 05:21:54 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-08-12 05:21:53 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-08-12 05:21:53 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-08-12 05:08:51 -------- d-----w- C:\Windows\SysWow64\Wat

2012-08-12 05:08:51 -------- d-----w- C:\Windows\System32\Wat

2012-08-12 05:05:34 -------- d-----w- C:\Program Files\LSI SoftModem

2012-08-12 04:58:23 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-08-12 04:58:13 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{382D8295-E871-44E2-BE12-68D3A25C13DB}\mpengine.dll

2012-08-12 04:57:06 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-08-12 04:57:06 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-08-12 04:57:06 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-08-12 04:57:06 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-08-12 04:57:06 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-12 04:57:06 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-12 04:57:06 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-08-12 04:55:28 540192 ----a-w- C:\Windows\System32\nvuninst.exe

2012-08-12 04:55:27 704000 ----a-w- C:\Windows\System32\cohelper.dll

2012-08-12 04:55:27 6136 ----a-w- C:\Windows\System32\drivers\nvphy.bin

2012-08-12 04:51:42 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-08-12 04:51:42 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-08-12 04:49:32 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-08-12 04:49:30 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-08-12 04:49:14 142336 ----a-w- C:\Windows\System32\poqexec.exe

2012-08-12 04:49:14 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2012-08-12 04:41:56 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-08-12 04:40:49 77312 ----a-w- C:\Windows\System32\packager.dll

2012-08-12 04:40:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-08-12 04:09:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-12 04:09:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-12 03:52:44 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-08-12 03:52:44 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-08-12 03:52:44 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-08-12 03:49:04 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-08-12 03:48:53 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-08-12 03:48:34 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-08-12 03:48:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-08-12 03:48:15 -------- d-----w- C:\Users\9310\AppData\Local\VirtualStore

.

==================== Find3M ====================

.

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 13:53:55.58 ===============

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: 9310 [Admin rights]

Mode: Scan -- Date: 08/12/2012 14:33:56

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 9 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++

--- User ---

[MBR] 6bcc06c034c949a70a2f7bf6bfce4405

[bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Attach.txt

[MrCharlie]

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[aznplayer28]

14:58:16.0072 4772 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

14:58:18.0073 4772 ============================================================

14:58:18.0073 4772 Current date / time: 2012/08/12 14:58:18.0073

14:58:18.0073 4772 SystemInfo:

14:58:18.0073 4772

14:58:18.0073 4772 OS Version: 6.1.7601 ServicePack: 1.0

14:58:18.0073 4772 Product type: Workstation

14:58:18.0073 4772 ComputerName: 9310-PC

14:58:18.0074 4772 UserName: 9310

14:58:18.0074 4772 Windows directory: C:\Windows

14:58:18.0074 4772 System windows directory: C:\Windows

14:58:18.0074 4772 Running under WOW64

14:58:18.0074 4772 Processor architecture: Intel x64

14:58:18.0074 4772 Number of processors: 2

14:58:18.0074 4772 Page size: 0x1000

14:58:18.0074 4772 Boot type: Normal boot

14:58:18.0074 4772 ============================================================

14:58:19.0451 4772 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

14:58:19.0482 4772 ============================================================

14:58:19.0482 4772 \Device\Harddisk0\DR0:

14:58:19.0482 4772 MBR partitions:

14:58:19.0482 4772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

14:58:19.0482 4772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800

14:58:19.0482 4772 ============================================================

14:58:19.0510 4772 C: <-> \Device\Harddisk0\DR0\Partition1

14:58:19.0510 4772 ============================================================

14:58:19.0510 4772 Initialize success

14:58:19.0510 4772 ============================================================

14:58:48.0638 5012 ============================================================

14:58:48.0638 5012 Scan started

14:58:48.0638 5012 Mode: Manual; SigCheck; TDLFS;

14:58:48.0638 5012 ============================================================

14:58:53.0429 5012 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:58:53.0511 5012 1394ohci - ok

14:58:53.0571 5012 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:58:53.0581 5012 ACPI - ok

14:58:53.0633 5012 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:58:53.0663 5012 AcpiPmi - ok

14:58:53.0693 5012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

14:58:53.0736 5012 adp94xx - ok

14:58:53.0795 5012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

14:58:53.0835 5012 adpahci - ok

14:58:53.0877 5012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

14:58:53.0887 5012 adpu320 - ok

14:58:53.0926 5012 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:58:53.0979 5012 AeLookupSvc - ok

14:58:54.0031 5012 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

14:58:54.0061 5012 AFD - ok

14:58:54.0151 5012 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe

14:58:54.0171 5012 AgereModemAudio - ok

14:58:54.0211 5012 AGERESoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys

14:58:54.0293 5012 AGERESoftModem - ok

14:58:54.0353 5012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:58:54.0373 5012 agp440 - ok

14:58:54.0430 5012 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:58:54.0465 5012 ALG - ok

14:58:54.0545 5012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:58:54.0574 5012 aliide - ok

14:58:54.0597 5012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:58:54.0617 5012 amdide - ok

14:58:54.0637 5012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

14:58:54.0667 5012 AmdK8 - ok

14:58:54.0687 5012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:58:54.0717 5012 AmdPPM - ok

14:58:54.0787 5012 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:58:54.0857 5012 amdsata - ok

14:58:54.0907 5012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

14:58:54.0957 5012 amdsbs - ok

14:58:54.0982 5012 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:58:54.0999 5012 amdxata - ok

14:58:55.0029 5012 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:58:55.0109 5012 AppID - ok

14:58:55.0149 5012 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:58:55.0199 5012 AppIDSvc - ok

14:58:55.0229 5012 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

14:58:55.0299 5012 Appinfo - ok

14:58:55.0489 5012 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:58:55.0519 5012 Apple Mobile Device - ok

14:58:55.0579 5012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

14:58:55.0619 5012 arc - ok

14:58:55.0619 5012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

14:58:55.0639 5012 arcsas - ok

14:58:55.0679 5012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:58:55.0749 5012 AsyncMac - ok

14:58:55.0779 5012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:58:55.0809 5012 atapi - ok

14:58:55.0869 5012 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:58:55.0929 5012 AudioEndpointBuilder - ok

14:58:55.0949 5012 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:58:55.0979 5012 AudioSrv - ok

14:58:56.0009 5012 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

14:58:56.0059 5012 AxInstSV - ok

14:58:56.0119 5012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

14:58:56.0179 5012 b06bdrv - ok

14:58:56.0229 5012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:58:56.0279 5012 b57nd60a - ok

14:58:56.0349 5012 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:58:56.0389 5012 BDESVC - ok

14:58:56.0439 5012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:58:56.0529 5012 Beep - ok

14:58:56.0609 5012 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

14:58:56.0659 5012 BFE - ok

14:58:56.0719 5012 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

14:58:56.0789 5012 BITS - ok

14:58:56.0999 5012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:58:57.0059 5012 blbdrive - ok

14:58:57.0170 5012 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

14:58:57.0190 5012 Bonjour Service - ok

14:58:57.0230 5012 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:58:57.0290 5012 bowser - ok

14:58:57.0320 5012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

14:58:57.0370 5012 BrFiltLo - ok

14:58:57.0410 5012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

14:58:57.0450 5012 BrFiltUp - ok

14:58:57.0500 5012 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

14:58:57.0580 5012 Browser - ok

14:58:57.0609 5012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:58:57.0642 5012 Brserid - ok

14:58:57.0662 5012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:58:57.0712 5012 BrSerWdm - ok

14:58:57.0772 5012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:58:57.0832 5012 BrUsbMdm - ok

14:58:57.0852 5012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:58:57.0872 5012 BrUsbSer - ok

14:58:57.0882 5012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

14:58:57.0922 5012 BTHMODEM - ok

14:58:57.0992 5012 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:58:58.0032 5012 bthserv - ok

14:58:58.0082 5012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:58:58.0162 5012 cdfs - ok

14:58:58.0202 5012 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:58:58.0222 5012 cdrom - ok

14:58:58.0292 5012 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:58:58.0352 5012 CertPropSvc - ok

14:58:58.0412 5012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

14:58:58.0452 5012 circlass - ok

14:58:58.0482 5012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:58:58.0502 5012 CLFS - ok

14:58:58.0722 5012 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:58:58.0742 5012 clr_optimization_v2.0.50727_32 - ok

14:58:58.0912 5012 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:58:58.0932 5012 clr_optimization_v2.0.50727_64 - ok

14:58:59.0132 5012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:58:59.0162 5012 clr_optimization_v4.0.30319_32 - ok

14:58:59.0282 5012 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:58:59.0312 5012 clr_optimization_v4.0.30319_64 - ok

14:58:59.0372 5012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

14:58:59.0422 5012 CmBatt - ok

14:58:59.0432 5012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:58:59.0462 5012 cmdide - ok

14:58:59.0512 5012 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

14:58:59.0562 5012 CNG - ok

14:58:59.0632 5012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

14:58:59.0682 5012 Compbatt - ok

14:58:59.0712 5012 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:58:59.0742 5012 CompositeBus - ok

14:58:59.0772 5012 COMSysApp - ok

14:58:59.0772 5012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

14:58:59.0792 5012 crcdisk - ok

14:58:59.0832 5012 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

14:58:59.0882 5012 CryptSvc - ok

14:58:59.0962 5012 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:59:00.0042 5012 DcomLaunch - ok

14:59:00.0112 5012 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:59:00.0212 5012 defragsvc - ok

14:59:00.0262 5012 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:59:00.0332 5012 DfsC - ok

14:59:00.0402 5012 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

14:59:00.0492 5012 Dhcp - ok

14:59:00.0502 5012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:59:00.0582 5012 discache - ok

14:59:00.0622 5012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

14:59:00.0672 5012 Disk - ok

14:59:00.0712 5012 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

14:59:00.0762 5012 Dnscache - ok

14:59:00.0822 5012 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

14:59:00.0912 5012 dot3svc - ok

14:59:00.0952 5012 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

14:59:01.0032 5012 DPS - ok

14:59:01.0072 5012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:59:01.0132 5012 drmkaud - ok

14:59:01.0222 5012 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:59:01.0292 5012 DXGKrnl - ok

14:59:01.0362 5012 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys

14:59:01.0402 5012 eamonm - ok

14:59:01.0442 5012 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

14:59:01.0482 5012 EapHost - ok

14:59:01.0682 5012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

14:59:01.0782 5012 ebdrv - ok

14:59:02.0122 5012 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

14:59:02.0172 5012 EFS - ok

14:59:02.0372 5012 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys

14:59:02.0422 5012 ehdrv - ok

14:59:02.0572 5012 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

14:59:02.0632 5012 ehRecvr - ok

14:59:02.0672 5012 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

14:59:02.0702 5012 ehSched - ok

14:59:02.0882 5012 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

14:59:02.0922 5012 ekrn - ok

14:59:03.0402 5012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

14:59:03.0452 5012 elxstor - ok

14:59:03.0502 5012 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys

14:59:03.0532 5012 epfw - ok

14:59:03.0562 5012 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys

14:59:03.0572 5012 EpfwLWF - ok

14:59:03.0612 5012 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys

14:59:03.0632 5012 epfwwfp - ok

14:59:03.0652 5012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:59:03.0712 5012 ErrDev - ok

14:59:03.0782 5012 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

14:59:03.0872 5012 EventSystem - ok

14:59:03.0922 5012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:59:04.0012 5012 exfat - ok

14:59:04.0032 5012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:59:04.0102 5012 fastfat - ok

14:59:04.0192 5012 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

14:59:04.0232 5012 Fax - ok

14:59:04.0262 5012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

14:59:04.0322 5012 fdc - ok

14:59:04.0342 5012 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

14:59:04.0382 5012 fdPHost - ok

14:59:04.0422 5012 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

14:59:04.0472 5012 FDResPub - ok

14:59:04.0512 5012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:59:04.0532 5012 FileInfo - ok

14:59:04.0562 5012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:59:04.0612 5012 Filetrace - ok

14:59:04.0632 5012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

14:59:04.0652 5012 flpydisk - ok

14:59:04.0702 5012 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:59:04.0742 5012 FltMgr - ok

14:59:04.0802 5012 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

14:59:04.0872 5012 FontCache - ok

14:59:04.0992 5012 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:59:05.0012 5012 FontCache3.0.0.0 - ok

14:59:05.0182 5012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:59:05.0232 5012 FsDepends - ok

14:59:05.0262 5012 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

14:59:05.0292 5012 Fs_Rec - ok

14:59:05.0332 5012 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:59:05.0352 5012 fvevol - ok

14:59:05.0392 5012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

14:59:05.0462 5012 gagp30kx - ok

14:59:05.0492 5012 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:59:05.0502 5012 GEARAspiWDM - ok

14:59:05.0552 5012 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

14:59:05.0622 5012 gpsvc - ok

14:59:05.0662 5012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:59:05.0702 5012 hcw85cir - ok

14:59:05.0762 5012 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

14:59:05.0812 5012 HdAudAddService - ok

14:59:05.0852 5012 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:59:05.0902 5012 HDAudBus - ok

14:59:05.0932 5012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

14:59:05.0992 5012 HidBatt - ok

14:59:06.0002 5012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

14:59:06.0042 5012 HidBth - ok

14:59:06.0062 5012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

14:59:06.0112 5012 HidIr - ok

14:59:06.0142 5012 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

14:59:06.0242 5012 hidserv - ok

14:59:06.0292 5012 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:59:06.0312 5012 HidUsb - ok

14:59:06.0342 5012 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

14:59:06.0402 5012 hkmsvc - ok

14:59:06.0422 5012 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

14:59:06.0432 5012 HomeGroupListener - ok

14:59:06.0492 5012 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

14:59:06.0542 5012 HomeGroupProvider - ok

14:59:06.0592 5012 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:59:06.0622 5012 HpSAMD - ok

14:59:06.0662 5012 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:59:06.0732 5012 HTTP - ok

14:59:06.0752 5012 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:59:06.0782 5012 hwpolicy - ok

14:59:06.0832 5012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

14:59:06.0902 5012 i8042prt - ok

14:59:06.0952 5012 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:59:07.0012 5012 iaStorV - ok

14:59:07.0173 5012 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:59:07.0233 5012 idsvc - ok

14:59:07.0263 5012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

14:59:07.0283 5012 iirsp - ok

14:59:07.0333 5012 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

14:59:07.0383 5012 IKEEXT - ok

14:59:07.0523 5012 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys

14:59:07.0573 5012 IntcAzAudAddService - ok

14:59:08.0073 5012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:59:08.0103 5012 intelide - ok

14:59:08.0133 5012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

14:59:08.0203 5012 intelppm - ok

14:59:08.0253 5012 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

14:59:08.0333 5012 IPBusEnum - ok

14:59:08.0343 5012 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:59:08.0383 5012 IpFilterDriver - ok

14:59:08.0413 5012 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

14:59:08.0463 5012 iphlpsvc - ok

14:59:08.0503 5012 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:59:09.0464 5012 IPMIDRV - ok

14:59:09.0494 5012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:59:09.0604 5012 IPNAT - ok

14:59:09.0704 5012 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

14:59:09.0754 5012 iPod Service - ok

14:59:09.0794 5012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:59:09.0824 5012 IRENUM - ok

14:59:09.0844 5012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:59:09.0874 5012 isapnp - ok

14:59:09.0904 5012 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:59:09.0944 5012 iScsiPrt - ok

14:59:09.0964 5012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:59:09.0974 5012 kbdclass - ok

14:59:09.0984 5012 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

14:59:10.0004 5012 kbdhid - ok

14:59:10.0044 5012 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:59:10.0074 5012 KeyIso - ok

14:59:10.0084 5012 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

14:59:10.0104 5012 KSecDD - ok

14:59:10.0104 5012 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

14:59:10.0124 5012 KSecPkg - ok

14:59:10.0144 5012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:59:10.0204 5012 ksthunk - ok

14:59:10.0264 5012 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

14:59:10.0334 5012 KtmRm - ok

14:59:10.0404 5012 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

14:59:10.0484 5012 LanmanServer - ok

14:59:10.0534 5012 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

14:59:10.0624 5012 LanmanWorkstation - ok

14:59:10.0674 5012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:59:10.0754 5012 lltdio - ok

14:59:10.0814 5012 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

14:59:10.0924 5012 lltdsvc - ok

14:59:10.0934 5012 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

14:59:10.0974 5012 lmhosts - ok

14:59:11.0044 5012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

14:59:11.0094 5012 LSI_FC - ok

14:59:11.0104 5012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

14:59:11.0131 5012 LSI_SAS - ok

14:59:11.0136 5012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

14:59:11.0156 5012 LSI_SAS2 - ok

14:59:11.0156 5012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

14:59:11.0186 5012 LSI_SCSI - ok

14:59:11.0186 5012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:59:11.0236 5012 luafv - ok

14:59:11.0266 5012 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

14:59:11.0296 5012 Mcx2Svc - ok

14:59:11.0326 5012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

14:59:11.0386 5012 megasas - ok

14:59:11.0436 5012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

14:59:11.0486 5012 MegaSR - ok

14:59:11.0526 5012 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:59:11.0586 5012 MMCSS - ok

14:59:11.0616 5012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:59:11.0686 5012 Modem - ok

14:59:11.0726 5012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:59:11.0776 5012 monitor - ok

14:59:11.0836 5012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:59:11.0866 5012 mouclass - ok

14:59:11.0918 5012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:59:11.0948 5012 mouhid - ok

14:59:11.0968 5012 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:59:11.0978 5012 mountmgr - ok

14:59:11.0988 5012 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:59:12.0008 5012 mpio - ok

14:59:12.0008 5012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:59:12.0048 5012 mpsdrv - ok

14:59:12.0118 5012 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

14:59:12.0198 5012 MpsSvc - ok

14:59:12.0248 5012 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:59:12.0278 5012 MRxDAV - ok

14:59:12.0328 5012 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:59:12.0368 5012 mrxsmb - ok

14:59:12.0398 5012 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:59:12.0438 5012 mrxsmb10 - ok

14:59:12.0458 5012 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:59:12.0478 5012 mrxsmb20 - ok

14:59:12.0518 5012 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:59:12.0538 5012 msahci - ok

14:59:12.0548 5012 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:59:12.0578 5012 msdsm - ok

14:59:12.0618 5012 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

14:59:12.0648 5012 MSDTC - ok

14:59:12.0668 5012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:59:12.0708 5012 Msfs - ok

14:59:12.0758 5012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:59:12.0808 5012 mshidkmdf - ok

14:59:12.0838 5012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:59:12.0850 5012 msisadrv - ok

14:59:12.0910 5012 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

14:59:12.0950 5012 MSiSCSI - ok

14:59:12.0960 5012 msiserver - ok

14:59:13.0010 5012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:59:13.0050 5012 MSKSSRV - ok

14:59:13.0070 5012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:59:13.0110 5012 MSPCLOCK - ok

14:59:13.0120 5012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:59:13.0150 5012 MSPQM - ok

14:59:13.0170 5012 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:59:13.0190 5012 MsRPC - ok

14:59:13.0200 5012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:59:13.0210 5012 mssmbios - ok

14:59:13.0260 5012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:59:13.0330 5012 MSTEE - ok

14:59:13.0340 5012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

14:59:13.0360 5012 MTConfig - ok

14:59:13.0360 5012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:59:13.0380 5012 Mup - ok

14:59:13.0440 5012 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

14:59:13.0510 5012 napagent - ok

14:59:13.0590 5012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:59:13.0680 5012 NativeWifiP - ok

14:59:13.0740 5012 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

14:59:13.0790 5012 NDIS - ok

14:59:13.0840 5012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:59:13.0900 5012 NdisCap - ok

14:59:13.0940 5012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:59:13.0990 5012 NdisTapi - ok

14:59:13.0990 5012 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:59:14.0020 5012 Ndisuio - ok

14:59:14.0050 5012 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:59:14.0140 5012 NdisWan - ok

14:59:14.0150 5012 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:59:14.0220 5012 NDProxy - ok

14:59:14.0230 5012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:59:14.0280 5012 NetBIOS - ok

14:59:14.0300 5012 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:59:14.0330 5012 NetBT - ok

14:59:14.0370 5012 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:59:14.0390 5012 Netlogon - ok

14:59:14.0460 5012 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

14:59:14.0560 5012 Netman - ok

14:59:14.0600 5012 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

14:59:14.0690 5012 netprofm - ok

14:59:14.0840 5012 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:59:14.0870 5012 NetTcpPortSharing - ok

14:59:14.0910 5012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

14:59:14.0980 5012 nfrd960 - ok

14:59:15.0050 5012 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

14:59:15.0130 5012 NlaSvc - ok

14:59:15.0150 5012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:59:15.0240 5012 Npfs - ok

14:59:15.0260 5012 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

14:59:15.0350 5012 nsi - ok

14:59:15.0350 5012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:59:15.0390 5012 nsiproxy - ok

14:59:15.0490 5012 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:59:15.0540 5012 Ntfs - ok

14:59:16.0070 5012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:59:16.0161 5012 Null - ok

14:59:16.0231 5012 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

14:59:16.0271 5012 NVENETFD - ok

14:59:16.0631 5012 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:59:16.0921 5012 nvlddmkm - ok

14:59:17.0453 5012 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

14:59:17.0493 5012 NVNET - ok

14:59:17.0513 5012 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:59:17.0523 5012 nvraid - ok

14:59:17.0553 5012 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:59:17.0563 5012 nvstor - ok

14:59:17.0583 5012 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys

14:59:17.0593 5012 nvstor64 - ok

14:59:17.0633 5012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:59:17.0673 5012 nv_agp - ok

14:59:17.0683 5012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:59:17.0703 5012 ohci1394 - ok

14:59:17.0763 5012 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:59:17.0813 5012 p2pimsvc - ok

14:59:17.0843 5012 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

14:59:17.0883 5012 p2psvc - ok

14:59:17.0913 5012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

14:59:17.0963 5012 Parport - ok

14:59:17.0993 5012 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

14:59:18.0023 5012 partmgr - ok

14:59:18.0043 5012 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

14:59:18.0083 5012 PcaSvc - ok

14:59:18.0093 5012 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:59:18.0143 5012 pci - ok

14:59:18.0153 5012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:59:18.0173 5012 pciide - ok

14:59:18.0223 5012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

14:59:18.0263 5012 pcmcia - ok

14:59:18.0273 5012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:59:18.0293 5012 pcw - ok

14:59:18.0323 5012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:59:18.0383 5012 PEAUTH - ok

14:59:18.0595 5012 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

14:59:18.0655 5012 PerfHost - ok

14:59:18.0747 5012 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

14:59:18.0827 5012 pla - ok

14:59:18.0909 5012 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

14:59:18.0959 5012 PlugPlay - ok

14:59:19.0009 5012 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

14:59:19.0029 5012 PNRPAutoReg - ok

14:59:19.0059 5012 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:59:19.0079 5012 PNRPsvc - ok

14:59:19.0139 5012 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

14:59:19.0199 5012 PolicyAgent - ok

14:59:19.0249 5012 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

14:59:19.0339 5012 Power - ok

14:59:19.0561 5012 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:59:19.0633 5012 PptpMiniport - ok

14:59:19.0673 5012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

14:59:19.0713 5012 Processor - ok

14:59:19.0753 5012 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

14:59:19.0783 5012 ProfSvc - ok

14:59:19.0813 5012 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:59:19.0833 5012 ProtectedStorage - ok

14:59:19.0893 5012 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:59:19.0953 5012 Psched - ok

14:59:20.0013 5012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

14:59:20.0063 5012 ql2300 - ok

14:59:20.0565 5012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

14:59:20.0605 5012 ql40xx - ok

14:59:20.0655 5012 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

14:59:20.0675 5012 QWAVE - ok

14:59:20.0675 5012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:59:20.0735 5012 QWAVEdrv - ok

14:59:20.0775 5012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:59:20.0845 5012 RasAcd - ok

14:59:20.0915 5012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:59:20.0987 5012 RasAgileVpn - ok

14:59:21.0020 5012 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

14:59:21.0047 5012 RasAuto - ok

14:59:21.0067 5012 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:59:21.0149 5012 Rasl2tp - ok

14:59:21.0169 5012 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

14:59:21.0199 5012 RasMan - ok

14:59:21.0243 5012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:59:21.0291 5012 RasPppoe - ok

14:59:21.0311 5012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:59:21.0351 5012 RasSstp - ok

14:59:21.0382 5012 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:59:21.0423 5012 rdbss - ok

14:59:21.0463 5012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

14:59:21.0520 5012 rdpbus - ok

14:59:21.0532 5012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:59:21.0565 5012 RDPCDD - ok

14:59:21.0607 5012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:59:21.0657 5012 RDPENCDD - ok

14:59:21.0691 5012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:59:21.0718 5012 RDPREFMP - ok

14:59:21.0749 5012 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

14:59:21.0779 5012 RDPWD - ok

14:59:21.0839 5012 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:59:21.0859 5012 rdyboost - ok

14:59:21.0899 5012 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

14:59:21.0939 5012 RemoteAccess - ok

14:59:21.0999 5012 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

14:59:22.0029 5012 RemoteRegistry - ok

14:59:22.0039 5012 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

14:59:22.0075 5012 RpcEptMapper - ok

14:59:22.0121 5012 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

14:59:22.0131 5012 RpcLocator - ok

14:59:22.0151 5012 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:59:22.0181 5012 RpcSs - ok

14:59:22.0311 5012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:59:22.0367 5012 rspndr - ok

14:59:22.0443 5012 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:59:22.0473 5012 SamSs - ok

14:59:22.0493 5012 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:59:22.0533 5012 sbp2port - ok

14:59:22.0573 5012 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

14:59:22.0643 5012 SCardSvr - ok

14:59:22.0643 5012 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:59:22.0703 5012 scfilter - ok

14:59:22.0753 5012 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

14:59:22.0823 5012 Schedule - ok

14:59:22.0873 5012 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:59:22.0903 5012 SCPolicySvc - ok

14:59:22.0953 5012 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

14:59:22.0983 5012 SDRSVC - ok

14:59:23.0184 5012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:59:23.0294 5012 secdrv - ok

14:59:23.0344 5012 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

14:59:23.0374 5012 seclogon - ok

14:59:23.0384 5012 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

14:59:23.0454 5012 SENS - ok

14:59:23.0504 5012 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

14:59:23.0524 5012 SensrSvc - ok

14:59:23.0584 5012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

14:59:23.0644 5012 Serenum - ok

14:59:23.0664 5012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

14:59:23.0774 5012 Serial - ok

14:59:23.0784 5012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

14:59:23.0804 5012 sermouse - ok

14:59:23.0854 5012 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

14:59:23.0914 5012 SessionEnv - ok

14:59:23.0934 5012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:59:23.0964 5012 sffdisk - ok

14:59:23.0974 5012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:59:24.0014 5012 sffp_mmc - ok

14:59:24.0014 5012 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:59:24.0036 5012 sffp_sd - ok

14:59:24.0042 5012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

14:59:24.0086 5012 sfloppy - ok

14:59:24.0136 5012 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

14:59:24.0176 5012 SharedAccess - ok

14:59:24.0216 5012 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

14:59:24.0246 5012 ShellHWDetection - ok

14:59:24.0276 5012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

14:59:24.0306 5012 SiSRaid2 - ok

14:59:24.0326 5012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

14:59:24.0356 5012 SiSRaid4 - ok

14:59:24.0376 5012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:59:24.0406 5012 Smb - ok

14:59:24.0446 5012 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

14:59:24.0456 5012 SNMPTRAP - ok

14:59:24.0476 5012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:59:24.0486 5012 spldr - ok

14:59:24.0516 5012 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

14:59:24.0556 5012 Spooler - ok

14:59:24.0676 5012 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

14:59:24.0736 5012 sppsvc - ok

14:59:25.0126 5012 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

14:59:25.0186 5012 sppuinotify - ok

14:59:25.0366 5012 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:59:25.0446 5012 srv - ok

14:59:25.0486 5012 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:59:25.0556 5012 srv2 - ok

14:59:25.0596 5012 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:59:25.0616 5012 srvnet - ok

14:59:25.0666 5012 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

14:59:25.0706 5012 SSDPSRV - ok

14:59:25.0736 5012 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

14:59:25.0766 5012 SstpSvc - ok

14:59:25.0816 5012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

14:59:25.0836 5012 stexstor - ok

14:59:25.0896 5012 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

14:59:25.0926 5012 stisvc - ok

14:59:25.0946 5012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:59:25.0996 5012 swenum - ok

14:59:26.0056 5012 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

14:59:26.0096 5012 swprv - ok

14:59:26.0146 5012 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

14:59:26.0197 5012 SysMain - ok

14:59:26.0557 5012 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

14:59:26.0587 5012 TabletInputService - ok

14:59:26.0617 5012 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

14:59:26.0657 5012 TapiSrv - ok

14:59:26.0677 5012 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

14:59:26.0727 5012 TBS - ok

14:59:26.0987 5012 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

14:59:27.0027 5012 Tcpip - ok

14:59:27.0568 5012 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

14:59:27.0608 5012 TCPIP6 - ok

14:59:28.0138 5012 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:59:28.0178 5012 tcpipreg - ok

14:59:28.0188 5012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:59:28.0208 5012 TDPIPE - ok

14:59:28.0248 5012 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

14:59:28.0288 5012 TDTCP - ok

14:59:28.0338 5012 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:59:28.0378 5012 tdx - ok

14:59:28.0388 5012 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

14:59:28.0408 5012 TermDD - ok

14:59:28.0478 5012 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

14:59:28.0518 5012 TermService - ok

14:59:28.0528 5012 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

14:59:28.0548 5012 Themes - ok

14:59:28.0588 5012 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:59:28.0638 5012 THREADORDER - ok

14:59:28.0658 5012 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

14:59:28.0698 5012 TrkWks - ok

14:59:28.0748 5012 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

14:59:28.0778 5012 TrustedInstaller - ok

14:59:28.0798 5012 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:59:28.0848 5012 tssecsrv - ok

14:59:28.0898 5012 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:59:28.0978 5012 TsUsbFlt - ok

14:59:29.0028 5012 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

14:59:29.0088 5012 TsUsbGD - ok

14:59:29.0219 5012 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:59:29.0279 5012 tunnel - ok

14:59:29.0289 5012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

14:59:29.0319 5012 uagp35 - ok

14:59:29.0349 5012 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:59:29.0399 5012 udfs - ok

14:59:29.0459 5012 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

14:59:29.0489 5012 UI0Detect - ok

14:59:29.0499 5012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:59:30.0039 5012 uliagpkx - ok

14:59:30.0139 5012 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

14:59:30.0199 5012 umbus - ok

14:59:30.0219 5012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

14:59:30.0249 5012 UmPass - ok

14:59:30.0309 5012 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

14:59:30.0379 5012 upnphost - ok

14:59:30.0429 5012 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

14:59:30.0499 5012 USBAAPL64 - ok

14:59:30.0689 5012 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:59:30.0719 5012 usbccgp - ok

14:59:30.0779 5012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:59:30.0819 5012 usbcir - ok

14:59:30.0859 5012 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

14:59:30.0929 5012 usbehci - ok

14:59:30.0989 5012 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:59:31.0019 5012 usbhub - ok

14:59:31.0039 5012 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

14:59:31.0069 5012 usbohci - ok

14:59:31.0139 5012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

14:59:31.0219 5012 usbprint - ok

14:59:31.0269 5012 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

14:59:31.0349 5012 USBSTOR - ok

14:59:31.0389 5012 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:59:31.0409 5012 usbuhci - ok

14:59:31.0459 5012 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

14:59:31.0509 5012 UxSms - ok

14:59:31.0559 5012 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:59:31.0589 5012 VaultSvc - ok

14:59:31.0659 5012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:59:31.0719 5012 vdrvroot - ok

14:59:31.0749 5012 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

14:59:31.0789 5012 vds - ok

14:59:31.0789 5012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:59:31.0805 5012 vga - ok

14:59:31.0805 5012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:59:31.0867 5012 VgaSave - ok

14:59:31.0883 5012 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:59:31.0898 5012 vhdmp - ok

14:59:31.0945 5012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:59:32.0008 5012 viaide - ok

14:59:32.0008 5012 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:59:32.0054 5012 volmgr - ok

14:59:32.0070 5012 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:59:32.0086 5012 volmgrx - ok

14:59:32.0101 5012 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:59:32.0132 5012 volsnap - ok

14:59:32.0132 5012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

14:59:32.0164 5012 vsmraid - ok

14:59:32.0257 5012 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

14:59:32.0320 5012 VSS - ok

14:59:32.0841 5012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

14:59:32.0901 5012 vwifibus - ok

14:59:32.0971 5012 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

14:59:33.0041 5012 W32Time - ok

14:59:33.0081 5012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

14:59:33.0111 5012 WacomPen - ok

14:59:33.0211 5012 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:59:33.0281 5012 WANARP - ok

14:59:33.0291 5012 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:59:33.0321 5012 Wanarpv6 - ok

14:59:33.0391 5012 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

14:59:33.0431 5012 WatAdminSvc - ok

14:59:33.0541 5012 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

14:59:33.0571 5012 wbengine - ok

14:59:33.0921 5012 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

14:59:33.0941 5012 WbioSrvc - ok

14:59:33.0971 5012 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

14:59:33.0991 5012 wcncsvc - ok

14:59:34.0001 5012 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

14:59:34.0021 5012 WcsPlugInService - ok

14:59:34.0231 5012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

14:59:34.0261 5012 Wd - ok

14:59:34.0371 5012 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

14:59:34.0431 5012 WDC_SAM - ok

14:59:34.0491 5012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:59:34.0551 5012 Wdf01000 - ok

14:59:34.0601 5012 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:59:34.0621 5012 WdiServiceHost - ok

14:59:34.0631 5012 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:59:34.0651 5012 WdiSystemHost - ok

14:59:34.0691 5012 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

14:59:34.0771 5012 WebClient - ok

14:59:34.0811 5012 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

14:59:34.0861 5012 Wecsvc - ok

14:59:34.0891 5012 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

14:59:34.0921 5012 wercplsupport - ok

14:59:34.0971 5012 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

14:59:35.0071 5012 WerSvc - ok

14:59:35.0319 5012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:59:35.0389 5012 WfpLwf - ok

14:59:35.0409 5012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:59:35.0449 5012 WIMMount - ok

14:59:35.0489 5012 WinDefend - ok

14:59:35.0509 5012 WinHttpAutoProxySvc - ok

14:59:35.0619 5012 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

14:59:35.0679 5012 Winmgmt - ok

14:59:35.0779 5012 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

14:59:35.0849 5012 WinRM - ok

14:59:36.0259 5012 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

14:59:36.0319 5012 Wlansvc - ok

14:59:36.0499 5012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

14:59:36.0549 5012 WmiAcpi - ok

14:59:36.0659 5012 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

14:59:36.0729 5012 wmiApSrv - ok

14:59:36.0789 5012 WMPNetworkSvc - ok

14:59:36.0839 5012 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

14:59:36.0869 5012 WPCSvc - ok

14:59:36.0909 5012 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

14:59:36.0949 5012 WPDBusEnum - ok

14:59:36.0999 5012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:59:37.0079 5012 ws2ifsl - ok

14:59:37.0099 5012 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

14:59:37.0129 5012 wscsvc - ok

14:59:37.0129 5012 WSearch - ok

14:59:37.0229 5012 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

14:59:37.0289 5012 wuauserv - ok

14:59:37.0792 5012 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:59:37.0870 5012 WudfPf - ok

14:59:37.0886 5012 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:59:37.0932 5012 WUDFRd - ok

14:59:37.0979 5012 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

14:59:38.0042 5012 wudfsvc - ok

14:59:38.0073 5012 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

14:59:38.0088 5012 WwanSvc - ok

14:59:38.0135 5012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:59:38.0198 5012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

14:59:38.0198 5012 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

14:59:38.0244 5012 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

14:59:38.0244 5012 \Device\Harddisk0\DR0 - detected TDSS File System (1)

14:59:38.0260 5012 Boot (0x1200) (4e8d1624ccded6ea27e3b1697004feda) \Device\Harddisk0\DR0\Partition0

14:59:38.0260 5012 \Device\Harddisk0\DR0\Partition0 - ok

14:59:38.0291 5012 Boot (0x1200) (c0410ce3781a5d1c94d6da88895306c8) \Device\Harddisk0\DR0\Partition1

14:59:38.0291 5012 \Device\Harddisk0\DR0\Partition1 - ok

14:59:38.0291 5012 ============================================================

14:59:38.0291 5012 Scan finished

14:59:38.0291 5012 ============================================================

14:59:38.0307 5060 Detected object count: 2

14:59:38.0307 5060 Actual detected object count: 2

15:01:01.0048 5060 \Device\Harddisk0\DR0\# - copied to quarantine

15:01:01.0048 5060 \Device\Harddisk0\DR0 - copied to quarantine

15:01:01.0079 5060 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

15:01:01.0360 5060 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

15:01:01.0543 5060 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

15:01:01.0713 5060 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

15:01:01.0983 5060 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

15:01:02.0203 5060 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

15:01:02.0423 5060 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

15:01:02.0433 5060 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

15:01:02.0443 5060 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

15:01:02.0453 5060 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

15:01:02.0643 5060 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

15:01:02.0813 5060 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

15:01:02.0823 5060 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

15:01:02.0823 5060 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

15:01:02.0893 5060 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

15:01:02.0923 5060 \Device\Harddisk0\DR0 - ok

15:01:03.0324 5060 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

15:01:03.0324 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:01:03.0324 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:01:23.0347 4156 Deinitialize success

[MrCharlie]

Just run TDSSKiller again and choose Delete for this one only: (you don't have to post the log)

15:01:03.0324 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:01:03.0324 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

---------------------------------

Then.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[aznplayer28]

ComboFix 12-08-10.02 - 9310 08/12/2012 15:16:51.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2693 [GMT -5:00]

Running from: c:\users\9310\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))

.

.

2012-08-12 20:20 . 2012-08-12 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-12 20:01 . 2012-08-12 20:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-12 18:39 . 2012-08-12 18:39 -------- d-----w- c:\programdata\Malwarebytes

2012-08-12 18:39 . 2012-08-12 18:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-12 18:39 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-12 06:25 . 2012-08-12 03:47 -------- d-----w- c:\windows\Panther

2012-08-12 06:22 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-12 06:22 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-12 06:22 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-12 06:22 . 2012-08-12 06:22 -------- dc----w- c:\windows\system32\DRVSTORE

2012-08-12 06:21 . 2012-08-12 06:21 -------- d-----w- c:\program files\iPod

2012-08-12 06:21 . 2012-08-12 06:22 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-08-12 06:21 . 2012-08-12 06:22 -------- d-----w- c:\program files\iTunes

2012-08-12 06:21 . 2012-08-12 06:22 -------- d-----w- c:\program files (x86)\iTunes

2012-08-12 06:21 . 2012-08-12 06:21 -------- d-----w- c:\programdata\Apple Computer

2012-08-12 06:20 . 2012-08-12 06:20 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-08-12 06:19 . 2012-08-12 06:19 -------- d-----w- c:\program files\Common Files\Apple

2012-08-12 06:19 . 2012-08-12 06:19 -------- d-----w- c:\program files\Bonjour

2012-08-12 06:19 . 2012-08-12 06:19 -------- d-----w- c:\program files (x86)\Bonjour

2012-08-12 06:19 . 2012-08-12 06:21 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-08-12 06:19 . 2012-08-12 06:20 -------- d-----w- c:\programdata\Apple

2012-08-12 05:53 . 2012-08-12 05:53 -------- d-----w- c:\program files\Realtek

2012-08-12 05:53 . 2012-08-12 05:53 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-08-12 05:45 . 2012-08-12 05:45 -------- d-----w- c:\program files\ESET

2012-08-12 05:36 . 2012-08-12 05:36 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-08-12 05:34 . 2012-08-12 05:35 -------- d-----w- c:\program files\WinRAR

2012-08-12 05:34 . 2012-08-12 07:16 -------- d-sh--w- c:\windows\Installer

2012-08-12 05:24 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-12 05:21 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-08-12 05:21 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-08-12 05:21 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-08-12 05:08 . 2012-08-12 05:08 -------- d-----w- c:\windows\SysWow64\Wat

2012-08-12 05:08 . 2012-08-12 05:08 -------- d-----w- c:\windows\system32\Wat

2012-08-12 05:05 . 2012-08-12 05:05 -------- d-----w- c:\program files\LSI SoftModem

2012-08-12 05:03 . 2012-07-03 08:19 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-08-12 04:58 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{382D8295-E871-44E2-BE12-68D3A25C13DB}\mpengine.dll

2012-08-12 04:57 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-08-12 04:57 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-08-12 04:57 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-08-12 04:57 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-08-12 04:57 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-12 04:57 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-08-12 04:57 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-08-12 04:55 . 2009-07-30 12:28 540192 ----a-w- c:\windows\system32\nvuninst.exe

2012-08-12 04:55 . 2009-07-31 04:48 704000 ----a-w- c:\windows\system32\cohelper.dll

2012-08-12 04:55 . 2009-07-31 04:39 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2012-08-12 04:51 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-08-12 04:51 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-08-12 04:49 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-08-12 04:49 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-08-12 04:49 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-08-12 04:49 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2012-08-12 04:41 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-08-12 04:40 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-08-12 04:40 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-08-12 04:09 . 2012-08-12 04:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-12 04:09 . 2012-08-12 04:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-12 04:09 . 2012-08-12 04:09 -------- d-----w- c:\windows\SysWow64\Macromed

2012-08-12 04:09 . 2012-08-12 04:09 -------- d-----w- c:\windows\system32\Macromed

2012-08-12 03:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-08-12 03:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-08-12 03:52 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-08-12 03:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-12 03:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-12 03:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-12 03:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-12 03:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-08-12 03:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-08-12 03:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-08-12 03:48 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-12 03:48 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-12 03:47 . 2012-08-12 03:48 -------- d-----w- c:\users\9310

2012-08-12 03:47 . 2012-08-12 03:47 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-12 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://forums.malwarebytes.org/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2012-08-12 15:25:39 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-12 20:25

.

Pre-Run: 271,222,865,920 bytes free

Post-Run: 271,353,372,672 bytes free

.

- - End Of File - - C1F76F922DAEB2AC7154C6A73EBD4A1B

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[aznplayer28]

Everything is running great and no sign of the virus on ESET Smart Security.

Thank you so much man. You are the best.

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!