Jump to content

2 Trojan.Agent SVChost.exe trojans won't go away.


Recommended Posts

Hello, I'm having a few problems with this annoying trojan.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.04.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Administrator :: PALS [administrator]

Protection: Enabled

9/5/2012 7:19:26 PM

mbam-log-2012-09-05 (19-19-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 255185

Time elapsed: 30 minute(s), 41 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 2068 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

2012/09/05 17:07:40 -0400 PALS Administrator MESSAGE Starting protection

2012/09/05 17:07:50 -0400 PALS Administrator MESSAGE Protection started successfully

2012/09/05 17:07:53 -0400 PALS Administrator MESSAGE Starting IP protection

2012/09/05 17:08:00 -0400 PALS Administrator MESSAGE IP Protection started successfully

2012/09/05 17:08:00 -0400 PALS Administrator MESSAGE Stopping IP protection

2012/09/05 17:14:59 -0400 PALS Administrator MESSAGE IP Protection stopped

2012/09/05 17:15:32 -0400 PALS Administrator DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

2012/09/05 18:34:08 -0400 PALS Administrator DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

2012/09/05 19:31:16 -0400 PALS Administrator DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

2012/09/05 19:31:18 -0400 PALS Administrator DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

2012/09/05 19:35:07 -0400 PALS Administrator DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

2012/09/05 19:35:07 -0400 PALS Administrator DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

2012/09/05 19:51:27 -0400 PALS Administrator DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

2012/09/05 19:51:27 -0400 PALS Administrator DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

Those are some logs from today. If these aren't the right logs, please tell me exactly where and how to find them. I'm not a tech-savvy person.

So these 2 trojans are always appearing, and Malwere can't seem to remove them. Help, please?

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Run by Administrator at 20:11:24 on 2012-09-05

Microsoft Black 7 VIII 6.1.7601.1.1252.1.1033.18.1983.371 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Administrator\Desktop\mIRC\mirc.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROCKET~1.LNK - C:\Program Files (x86)\RocketDock\RocketDock.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sg.jhsmiami.org/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{86127804-9C2A-4388-9FF0-04C63411C447} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{86127804-9C2A-4388-9FF0-04C63411C447}\2375942554135383 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{86127804-9C2A-4388-9FF0-04C63411C447}\C496C6F6 : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll

BHO-X64: blekko search bar - No File

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R3 DDMF_Audio;DDMF Audio Device;C:\Windows\system32\drivers\DDMFaudio.sys --> C:\Windows\system32\drivers\DDMFaudio.sys [?]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\system32\drivers\vasdDev.sys --> C:\Windows\system32\drivers\vasdDev.sys [?]

.

=============== Created Last 30 ================

.

2012-09-05 02:24:37 20480 ----a-w- C:\Windows\svchost.exe

2012-09-04 02:43:34 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-08-18 23:38:29 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-18 23:38:29 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-16 23:54:07 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-16 23:54:06 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-16 23:54:05 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-16 23:54:05 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-16 23:53:32 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-16 23:53:30 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-16 23:53:30 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-16 23:51:49 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-14 23:50:02 -------- d-----w- C:\Program Files (x86)\Citrix

2012-08-14 23:49:52 60304 ----a-w- C:\Users\Administrator\g2mdlhlpx.exe

.

==================== Find3M ====================

.

2012-09-02 19:13:52 1890 --sha-w- C:\ProgramData\KGyGaAvL.sys

2012-08-17 03:31:52 20268032 ----a-w- C:\Windows\SysWow64\imageres.dll

2012-08-17 03:24:14 332288 ----a-w- C:\Windows\System32\uxtheme.dll

2012-08-17 03:24:04 44544 ----a-w- C:\Windows\System32\themeservice.dll

2012-08-17 03:18:51 20268032 ----a-w- C:\Windows\System32\imageres.dll

2012-08-14 19:49:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-14 19:49:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-16 01:03:42 184891 ----a-w- C:\torrent.exe

2012-07-14 02:34:27 101376 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys

2012-07-11 01:18:03 3993600 ----a-w- C:\Program Files (x86)\GUT531F.tmp

2012-07-08 05:06:48 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-07-08 05:06:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-07-05 04:03:27 88 --sh--r- C:\ProgramData\43AACC869A.sys

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 20:15:04.38 ===============

I also ran Rougekiller, but I didn't get any logs from it.

Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 09/05/2012 20:30:15

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]

[sUSP PATH] mirc.exe -- C:\Users\Administrator\Desktop\mIRC\mirc.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND

[TASK][sUSP PATH] {0D4477AE-5D36-4CEB-9C93-0E8BEADD9C94} : C:\Users\Administrator\Desktop\Etc\mbam-setup.exe -> FOUND

[TASK][sUSP PATH] {46669B29-3FC1-4435-85F2-4F1F3C2B431A} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND

[TASK][sUSP PATH] {837337D6-CC6C-48F7-ADD3-4CBD5C832BE1} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND

[TASK][sUSP PATH] {96D7FF85-05E8-428F-96F2-7D503F210BFD} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND

[TASK][sUSP PATH] {AA96AD37-D42E-412D-99FD-8B10305B2114} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND

[TASK][sUSP PATH] {D468B566-B10B-47EA-AAC6-C306F821DC2D} : C:\Users\Administrator\Desktop\Etc\mbam-setup.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHY2160BH ATA Device +++++

--- User ---

[MBR] e3d79d75ad63981da9872586b6a60f9b

[bSP] 8da9bf924a0dd795bb1ca07506e422fe : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140435 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 287611695 | Size: 12189 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 5b6bcad3401964b14dbc0cf03be92fe9

[bSP] 8da9bf924a0dd795bb1ca07506e422fe : Windows 7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140435 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 287611695 | Size: 12189 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

That is the attached.txt from DDS

Link to post
Share on other sites

Log of Minitoolbox:

MiniToolBox by Farbar Version: 23-07-2012

Ran by Administrator (administrator) on 05-09-2012 at 21:55:53

Microsoft Black 7 VIII Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

=========================== Installed Programs ============================

Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.2)

Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)

Adobe Flash Player 11 Plugin (Version: 11.3.300.271)

Adobe Reader 9.5.0 (Version: 9.5.0)

Adobe Shockwave Player 11.6 (Version: 11.6.0.626)

Advertising Center (Version: 0.0.0.2)

Anti-phishing Domain Advisor (Version: 1.0.0.0)

Audacity 1.3.14 (Unicode)

Audacity 2.0

AVG Security Toolbar (Version: 12.2.5.32)

blekko search bar (Version: 1.5.18.12)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Disney Toontown Online (Version: )

DolbyFiles (Version: 2.0)

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0

Fraps (remove only)

Google Chrome (Version: 20.0.1132.47)

GoToMeeting 5.2.0.952 (Version: 5.2.0.952)

HP Product Detection (Version: 10.7.9.0)

ImgBurn 2.5.1.0 (remove only)

Java Auto Updater (Version: 2.0.4.1)

Java 6 Update 25 (Version: 6.0.250)

Juniper Networks Host Checker (Version: 6.5.0.15215)

Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.15215)

Juniper Networks Setup Client (Version: 2.1.2.5973)

K-Lite Codec Pack 5.8.3 (Full) (Version: 5.8.3)

Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Silverlight (Version: 4.1.10329.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

MSVCRT Redists (Version: 1.0)

Nero 9

Nero ControlCenter (Version: 9.0.0.1)

Nero InfoTool (Version: 6.4.12.100)

Nero Installer (Version: 4.4.9.0)

NeroBurningROM (Version: 9.4.26.100)

NeroExpress (Version: 9.4.26.100)

NVIDIA Drivers (Version: 1.3)

NVIDIA PhysX (Version: 9.09.0010)

PeerBlock 1.1 (r518) (Version: 1.1.0.518)

Realtek High Definition Audio Driver (Version: 6.0.1.6662)

RPG Maker VX (Version: 1.02)

RPG MAKER VX Ace (Version: 1.01a)

RPG MAKER VX Ace RTP (Version: 1.00)

RPG Maker VX RTP (Version: 1.02)

SharpKeys

Steam (Version: 1.0.0.0)

Team Fortress 2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Vegas Pro 11.0 (Version: 11.0.682)

Virtual Audio Cable 4.12

VLC media player 1.0.1 (Version: 1.0.1)

Windows Movie Maker 6.0.6000.16386

WinRAR 4.20 (32-bit) (Version: 4.20.0)

WinRAR archiver

Yontoo 1.10.02 (Version: 1.10.02)

**** End of log ****

Link to post
Share on other sites

I suggest you uninstall all of these if you didn't install them or don't want them:

blekko search bar (Version: 1.5.18.12)

Yontoo 1.10.02 (Version: 1.10.02)

Anti-phishing Domain Advisor (Version: 1.0.0.0)

~~~~~~~~~~~~~~~~~~~~~~~~~~

Please read the directions carefully so you don't end up deleting something that is good!!

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

There are 2 that I found.

22:41:14.0430 2468 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

22:41:14.0878 2468 ============================================================

22:41:14.0878 2468 Current date / time: 2012/09/05 22:41:14.0878

22:41:14.0878 2468 SystemInfo:

22:41:14.0878 2468

22:41:14.0878 2468 OS Version: 6.1.7601 ServicePack: 1.0

22:41:14.0878 2468 Product type: Workstation

22:41:14.0878 2468 ComputerName: PALS

22:41:14.0878 2468 UserName: Administrator

22:41:14.0878 2468 Windows directory: C:\Windows

22:41:14.0878 2468 System windows directory: C:\Windows

22:41:14.0878 2468 Running under WOW64

22:41:14.0878 2468 Processor architecture: Intel x64

22:41:14.0878 2468 Number of processors: 2

22:41:14.0878 2468 Page size: 0x1000

22:41:14.0878 2468 Boot type: Normal boot

22:41:14.0878 2468 ============================================================

22:41:17.0068 2468 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:41:17.0194 2468 ============================================================

22:41:17.0194 2468 \Device\Harddisk0\DR0:

22:41:17.0197 2468 MBR partitions:

22:41:17.0197 2468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11249AF0

22:41:17.0197 2468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11249B2F, BlocksNum 0x17CEF92

22:41:17.0197 2468 ============================================================

22:41:17.0241 2468 C: <-> \Device\Harddisk0\DR0\Partition1

22:41:17.0365 2468 D: <-> \Device\Harddisk0\DR0\Partition2

22:41:17.0365 2468 ============================================================

22:41:17.0365 2468 Initialize success

22:41:17.0365 2468 ============================================================

22:42:05.0657 6272 ============================================================

22:42:05.0657 6272 Scan started

22:42:05.0657 6272 Mode: Manual; SigCheck; TDLFS;

22:42:05.0657 6272 ============================================================

22:42:09.0745 6272 ================ Scan system memory ========================

22:42:09.0745 6272 System memory - ok

22:42:09.0746 6272 ================ Scan services =============================

22:42:10.0252 6272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

22:42:10.0597 6272 1394ohci - ok

22:42:10.0676 6272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

22:42:10.0702 6272 ACPI - ok

22:42:10.0739 6272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

22:42:10.0888 6272 AcpiPmi - ok

22:42:11.0072 6272 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:42:11.0089 6272 AdobeFlashPlayerUpdateSvc - ok

22:42:11.0153 6272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

22:42:11.0195 6272 adp94xx - ok

22:42:11.0218 6272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

22:42:11.0241 6272 adpahci - ok

22:42:11.0284 6272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

22:42:11.0303 6272 adpu320 - ok

22:42:11.0336 6272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:42:11.0518 6272 AeLookupSvc - ok

22:42:11.0574 6272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

22:42:11.0670 6272 AFD - ok

22:42:11.0732 6272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

22:42:11.0747 6272 agp440 - ok

22:42:11.0784 6272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

22:42:11.0867 6272 ALG - ok

22:42:11.0889 6272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

22:42:11.0903 6272 aliide - ok

22:42:11.0923 6272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

22:42:11.0938 6272 amdide - ok

22:42:11.0996 6272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

22:42:12.0084 6272 AmdK8 - ok

22:42:12.0109 6272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

22:42:12.0160 6272 AmdPPM - ok

22:42:12.0218 6272 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:42:12.0235 6272 amdsata - ok

22:42:12.0254 6272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

22:42:12.0274 6272 amdsbs - ok

22:42:12.0282 6272 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:42:12.0299 6272 amdxata - ok

22:42:12.0342 6272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

22:42:12.0555 6272 AppID - ok

22:42:12.0584 6272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:42:12.0790 6272 AppIDSvc - ok

22:42:12.0834 6272 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

22:42:12.0921 6272 Appinfo - ok

22:42:12.0933 6272 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

22:42:13.0045 6272 AppMgmt - ok

22:42:13.0070 6272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

22:42:13.0086 6272 arc - ok

22:42:13.0098 6272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

22:42:13.0117 6272 arcsas - ok

22:42:13.0135 6272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:42:13.0212 6272 AsyncMac - ok

22:42:13.0249 6272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

22:42:13.0262 6272 atapi - ok

22:42:13.0355 6272 [ 8C56E93749BA53A4B645963D3439E01E ] athr C:\Windows\system32\DRIVERS\athrx.sys

22:42:13.0472 6272 athr - ok

22:42:13.0521 6272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:42:13.0622 6272 AudioEndpointBuilder - ok

22:42:13.0666 6272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

22:42:13.0720 6272 AudioSrv - ok

22:42:13.0824 6272 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys

22:42:13.0879 6272 avgtp - ok

22:42:13.0933 6272 AVP - ok

22:42:13.0969 6272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:42:14.0091 6272 AxInstSV - ok

22:42:14.0134 6272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

22:42:14.0242 6272 b06bdrv - ok

22:42:14.0284 6272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

22:42:14.0345 6272 b57nd60a - ok

22:42:14.0393 6272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

22:42:14.0495 6272 BDESVC - ok

22:42:14.0531 6272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

22:42:14.0609 6272 Beep - ok

22:42:14.0670 6272 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

22:42:14.0762 6272 BFE - ok

22:42:14.0833 6272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

22:42:14.0956 6272 BITS - ok

22:42:14.0992 6272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:42:15.0029 6272 blbdrive - ok

22:42:15.0080 6272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:42:15.0160 6272 bowser - ok

22:42:15.0231 6272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:42:15.0540 6272 BrFiltLo - ok

22:42:15.0556 6272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:42:15.0574 6272 BrFiltUp - ok

22:42:15.0621 6272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

22:42:15.0711 6272 Browser - ok

22:42:15.0745 6272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:42:15.0871 6272 Brserid - ok

22:42:15.0900 6272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:42:15.0941 6272 BrSerWdm - ok

22:42:15.0972 6272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:42:16.0026 6272 BrUsbMdm - ok

22:42:16.0053 6272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:42:16.0096 6272 BrUsbSer - ok

22:42:16.0108 6272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

22:42:16.0145 6272 BTHMODEM - ok

22:42:16.0184 6272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

22:42:16.0258 6272 bthserv - ok

22:42:16.0301 6272 c2wts - ok

22:42:16.0338 6272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:42:16.0411 6272 cdfs - ok

22:42:16.0464 6272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

22:42:16.0510 6272 cdrom - ok

22:42:16.0635 6272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

22:42:16.0717 6272 CertPropSvc - ok

22:42:16.0745 6272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

22:42:16.0801 6272 circlass - ok

22:42:16.0856 6272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

22:42:16.0880 6272 CLFS - ok

22:42:16.0947 6272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:42:16.0962 6272 clr_optimization_v2.0.50727_32 - ok

22:42:16.0999 6272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:42:17.0013 6272 clr_optimization_v2.0.50727_64 - ok

22:42:17.0090 6272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:42:17.0127 6272 clr_optimization_v4.0.30319_32 - ok

22:42:17.0172 6272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:42:17.0187 6272 clr_optimization_v4.0.30319_64 - ok

22:42:17.0223 6272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

22:42:17.0263 6272 CmBatt - ok

22:42:17.0338 6272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:42:17.0352 6272 cmdide - ok

22:42:17.0400 6272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

22:42:17.0472 6272 CNG - ok

22:42:17.0522 6272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

22:42:17.0537 6272 Compbatt - ok

22:42:17.0585 6272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

22:42:17.0633 6272 CompositeBus - ok

22:42:17.0640 6272 COMSysApp - ok

22:42:17.0683 6272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

22:42:17.0698 6272 crcdisk - ok

22:42:17.0759 6272 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:42:17.0862 6272 CryptSvc - ok

22:42:17.0912 6272 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

22:42:18.0024 6272 CSC - ok

22:42:18.0059 6272 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

22:42:18.0134 6272 CscService - ok

22:42:18.0201 6272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

22:42:18.0314 6272 DcomLaunch - ok

22:42:18.0377 6272 [ C5F8786D9D6D349CD70F32F3105A4A72 ] DDMF_Audio C:\Windows\system32\drivers\DDMFaudio.sys

22:42:18.0391 6272 DDMF_Audio - ok

22:42:18.0439 6272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

22:42:18.0492 6272 defragsvc - ok

22:42:18.0533 6272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:42:18.0598 6272 DfsC - ok

22:42:18.0640 6272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

22:42:18.0715 6272 Dhcp - ok

22:42:18.0764 6272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

22:42:18.0846 6272 discache - ok

22:42:18.0876 6272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

22:42:18.0892 6272 Disk - ok

22:42:18.0931 6272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:42:19.0012 6272 Dnscache - ok

22:42:19.0054 6272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

22:42:19.0130 6272 dot3svc - ok

22:42:19.0182 6272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

22:42:19.0253 6272 DPS - ok

22:42:19.0300 6272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:42:19.0342 6272 drmkaud - ok

22:42:19.0401 6272 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys

22:42:19.0477 6272 dsNcAdpt - ok

22:42:19.0557 6272 [ 321434D46097A2D4FD9C57717814AF87 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

22:42:19.0613 6272 dsNcService - ok

22:42:19.0684 6272 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:42:19.0745 6272 DXGKrnl - ok

22:42:19.0816 6272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

22:42:19.0893 6272 EapHost - ok

22:42:20.0034 6272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

22:42:20.0221 6272 ebdrv - ok

22:42:20.0253 6272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

22:42:20.0353 6272 EFS - ok

22:42:20.0435 6272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:42:20.0640 6272 ehRecvr - ok

22:42:20.0673 6272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

22:42:20.0747 6272 ehSched - ok

22:42:20.0784 6272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

22:42:20.0827 6272 elxstor - ok

22:42:20.0876 6272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

22:42:20.0998 6272 ErrDev - ok

22:42:21.0075 6272 [ CC28EC15E1A0603541D92F6F5F016437 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys

22:42:21.0092 6272 EuMusDesignVirtualAudioCableWdm - ok

22:42:21.0149 6272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

22:42:21.0230 6272 EventSystem - ok

22:42:21.0272 6272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

22:42:21.0350 6272 exfat - ok

22:42:21.0431 6272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:42:21.0498 6272 fastfat - ok

22:42:21.0568 6272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

22:42:21.0713 6272 Fax - ok

22:42:21.0740 6272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:42:21.0777 6272 fdc - ok

22:42:21.0820 6272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

22:42:21.0899 6272 fdPHost - ok

22:42:21.0930 6272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

22:42:22.0001 6272 FDResPub - ok

22:42:22.0037 6272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:42:22.0054 6272 FileInfo - ok

22:42:22.0073 6272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:42:22.0147 6272 Filetrace - ok

22:42:22.0154 6272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:42:22.0171 6272 flpydisk - ok

22:42:22.0234 6272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:42:22.0256 6272 FltMgr - ok

22:42:22.0319 6272 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

22:42:22.0461 6272 FontCache - ok

22:42:22.0525 6272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:42:22.0538 6272 FontCache3.0.0.0 - ok

22:42:22.0562 6272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:42:22.0577 6272 FsDepends - ok

22:42:22.0627 6272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:42:22.0642 6272 Fs_Rec - ok

22:42:22.0686 6272 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:42:22.0711 6272 fvevol - ok

22:42:22.0728 6272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

22:42:22.0743 6272 gagp30kx - ok

22:42:22.0793 6272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

22:42:22.0900 6272 gpsvc - ok

22:42:22.0908 6272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:42:22.0978 6272 hcw85cir - ok

22:42:23.0071 6272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

22:42:23.0118 6272 HdAudAddService - ok

22:42:23.0170 6272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

22:42:23.0211 6272 HDAudBus - ok

22:42:23.0250 6272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

22:42:23.0284 6272 HidBatt - ok

22:42:23.0292 6272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

22:42:23.0356 6272 HidBth - ok

22:42:23.0369 6272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

22:42:23.0401 6272 HidIr - ok

22:42:23.0441 6272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

22:42:23.0508 6272 hidserv - ok

22:42:23.0538 6272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

22:42:23.0581 6272 HidUsb - ok

22:42:23.0627 6272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:42:23.0691 6272 hkmsvc - ok

22:42:23.0746 6272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:42:23.0820 6272 HomeGroupListener - ok

22:42:23.0872 6272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:42:23.0914 6272 HomeGroupProvider - ok

22:42:23.0962 6272 [ E53D53D66D61794AF8160741946D0B43 ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys

22:42:24.0039 6272 HpqRemHid - ok

22:42:24.0120 6272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

22:42:24.0140 6272 HpSAMD - ok

22:42:24.0204 6272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:42:24.0302 6272 HTTP - ok

22:42:24.0354 6272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:42:24.0368 6272 hwpolicy - ok

22:42:24.0395 6272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

22:42:24.0413 6272 i8042prt - ok

22:42:24.0451 6272 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:42:24.0491 6272 iaStorV - ok

22:42:24.0553 6272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:42:24.0607 6272 idsvc - ok

22:42:24.0657 6272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

22:42:24.0671 6272 iirsp - ok

22:42:24.0725 6272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

22:42:24.0843 6272 IKEEXT - ok

22:42:24.0874 6272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

22:42:24.0894 6272 intelide - ok

22:42:24.0904 6272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:42:24.0949 6272 intelppm - ok

22:42:24.0999 6272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:42:25.0071 6272 IPBusEnum - ok

22:42:25.0113 6272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:42:25.0184 6272 IpFilterDriver - ok

22:42:25.0239 6272 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:42:25.0386 6272 iphlpsvc - ok

22:42:25.0444 6272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

22:42:25.0481 6272 IPMIDRV - ok

22:42:25.0527 6272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:42:25.0596 6272 IPNAT - ok

22:42:25.0632 6272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:42:25.0890 6272 IRENUM - ok

22:42:25.0940 6272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:42:25.0954 6272 isapnp - ok

22:42:25.0999 6272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

22:42:26.0021 6272 iScsiPrt - ok

22:42:26.0050 6272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

22:42:26.0064 6272 kbdclass - ok

22:42:26.0080 6272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

22:42:26.0120 6272 kbdhid - ok

22:42:26.0154 6272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

22:42:26.0169 6272 KeyIso - ok

22:42:26.0216 6272 KL1 - ok

22:42:26.0228 6272 kl2 - ok

22:42:26.0262 6272 KLIF - ok

22:42:26.0270 6272 KLIM6 - ok

22:42:26.0284 6272 klmouflt - ok

22:42:26.0326 6272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:42:26.0344 6272 KSecDD - ok

22:42:26.0396 6272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:42:26.0414 6272 KSecPkg - ok

22:42:26.0441 6272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

22:42:26.0508 6272 ksthunk - ok

22:42:26.0559 6272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

22:42:26.0644 6272 KtmRm - ok

22:42:26.0701 6272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

22:42:26.0783 6272 LanmanServer - ok

22:42:26.0833 6272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:42:26.0901 6272 LanmanWorkstation - ok

22:42:26.0928 6272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:42:26.0998 6272 lltdio - ok

22:42:27.0052 6272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:42:27.0126 6272 lltdsvc - ok

22:42:27.0164 6272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:42:27.0209 6272 lmhosts - ok

22:42:27.0252 6272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

22:42:27.0269 6272 LSI_FC - ok

22:42:27.0277 6272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

22:42:27.0298 6272 LSI_SAS - ok

22:42:27.0310 6272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:42:27.0328 6272 LSI_SAS2 - ok

22:42:27.0342 6272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:42:27.0359 6272 LSI_SCSI - ok

22:42:27.0391 6272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

22:42:27.0468 6272 luafv - ok

22:42:27.0534 6272 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

22:42:27.0549 6272 MBAMProtector - ok

22:42:27.0634 6272 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:42:27.0676 6272 MBAMService - ok

22:42:27.0723 6272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:42:27.0755 6272 Mcx2Svc - ok

22:42:27.0793 6272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

22:42:27.0808 6272 megasas - ok

22:42:27.0821 6272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

22:42:27.0843 6272 MegaSR - ok

22:42:27.0948 6272 Microsoft SharePoint Workspace Audit Service - ok

22:42:27.0979 6272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

22:42:28.0052 6272 MMCSS - ok

22:42:28.0108 6272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

22:42:28.0184 6272 Modem - ok

22:42:28.0215 6272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:42:28.0257 6272 monitor - ok

22:42:28.0291 6272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

22:42:28.0308 6272 mouclass - ok

22:42:28.0332 6272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:42:28.0371 6272 mouhid - ok

22:42:28.0420 6272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:42:28.0437 6272 mountmgr - ok

22:42:28.0487 6272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

22:42:28.0505 6272 mpio - ok

22:42:28.0577 6272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:42:28.0644 6272 mpsdrv - ok

22:42:28.0714 6272 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

22:42:28.0821 6272 MpsSvc - ok

22:42:28.0862 6272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:42:28.0908 6272 MRxDAV - ok

22:42:28.0962 6272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:42:29.0063 6272 mrxsmb - ok

22:42:29.0102 6272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:42:29.0146 6272 mrxsmb10 - ok

22:42:29.0181 6272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:42:29.0197 6272 mrxsmb20 - ok

22:42:29.0247 6272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

22:42:29.0261 6272 msahci - ok

22:42:29.0279 6272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:42:29.0299 6272 msdsm - ok

22:42:29.0320 6272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

22:42:29.0363 6272 MSDTC - ok

22:42:29.0413 6272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:42:29.0457 6272 Msfs - ok

22:42:29.0473 6272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:42:29.0544 6272 mshidkmdf - ok

22:42:29.0573 6272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:42:29.0587 6272 msisadrv - ok

22:42:29.0618 6272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:42:29.0687 6272 MSiSCSI - ok

22:42:29.0694 6272 msiserver - ok

22:42:29.0743 6272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:42:29.0816 6272 MSKSSRV - ok

22:42:29.0857 6272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:42:29.0926 6272 MSPCLOCK - ok

22:42:29.0939 6272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:42:29.0991 6272 MSPQM - ok

22:42:30.0047 6272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:42:30.0073 6272 MsRPC - ok

22:42:30.0118 6272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

22:42:30.0134 6272 mssmbios - ok

22:42:30.0170 6272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:42:30.0233 6272 MSTEE - ok

22:42:30.0264 6272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

22:42:30.0304 6272 MTConfig - ok

22:42:30.0330 6272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

22:42:30.0346 6272 Mup - ok

22:42:30.0421 6272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

22:42:30.0510 6272 napagent - ok

22:42:30.0575 6272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:42:30.0626 6272 NativeWifiP - ok

22:42:30.0681 6272 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

22:42:30.0740 6272 NDIS - ok

22:42:30.0766 6272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:42:30.0841 6272 NdisCap - ok

22:42:30.0876 6272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:42:30.0975 6272 NdisTapi - ok

22:42:31.0026 6272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:42:31.0097 6272 Ndisuio - ok

22:42:31.0164 6272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:42:31.0230 6272 NdisWan - ok

22:42:31.0283 6272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:42:31.0353 6272 NDProxy - ok

22:42:31.0380 6272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:42:31.0442 6272 NetBIOS - ok

22:42:31.0486 6272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:42:31.0554 6272 NetBT - ok

22:42:31.0589 6272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

22:42:31.0610 6272 Netlogon - ok

22:42:31.0648 6272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

22:42:31.0746 6272 Netman - ok

22:42:31.0792 6272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

22:42:31.0873 6272 netprofm - ok

22:42:31.0910 6272 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:42:31.0924 6272 NetTcpPortSharing - ok

22:42:31.0945 6272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

22:42:31.0973 6272 nfrd960 - ok

22:42:32.0019 6272 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

22:42:32.0073 6272 NlaSvc - ok

22:42:32.0109 6272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:42:32.0177 6272 Npfs - ok

22:42:32.0228 6272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

22:42:32.0297 6272 nsi - ok

22:42:32.0336 6272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:42:32.0399 6272 nsiproxy - ok

22:42:32.0507 6272 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:42:32.0600 6272 Ntfs - ok

22:42:32.0617 6272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

22:42:32.0693 6272 Null - ok

22:42:32.0785 6272 [ 1AC8BE0BBCE42C7C0DD46B854803C911 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys

22:42:32.0861 6272 NVENETFD - ok

22:42:33.0219 6272 [ 5CB8D35FD04C38181B36CE32B4EA053B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:42:33.0672 6272 nvlddmkm - ok

22:42:33.0714 6272 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:42:33.0733 6272 nvraid - ok

22:42:33.0763 6272 [ 76B304C8156779D4D39530118ACF1D1A ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys

22:42:33.0775 6272 nvsmu - ok

22:42:33.0808 6272 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:42:33.0827 6272 nvstor - ok

22:42:33.0878 6272 [ CB22CA74B37EA3C87BE05E551DEB7EB3 ] nvsvc C:\Windows\system32\nvvsvc.exe

22:42:33.0900 6272 nvsvc - ok

22:42:33.0926 6272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:42:33.0944 6272 nv_agp - ok

22:42:33.0980 6272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

22:42:34.0057 6272 ohci1394 - ok

22:42:34.0190 6272 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:42:34.0206 6272 ose - ok

22:42:34.0440 6272 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:42:34.0664 6272 osppsvc - ok

22:42:34.0745 6272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:42:34.0825 6272 p2pimsvc - ok

22:42:34.0871 6272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

22:42:34.0898 6272 p2psvc - ok

22:42:34.0932 6272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

22:42:34.0949 6272 Parport - ok

22:42:34.0984 6272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:42:35.0001 6272 partmgr - ok

22:42:35.0020 6272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:42:35.0070 6272 PcaSvc - ok

22:42:35.0114 6272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

22:42:35.0134 6272 pci - ok

22:42:35.0147 6272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

22:42:35.0163 6272 pciide - ok

22:42:35.0175 6272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

22:42:35.0199 6272 pcmcia - ok

22:42:35.0274 6272 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys

22:42:35.0354 6272 pcouffin - ok

22:42:35.0379 6272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

22:42:35.0395 6272 pcw - ok

22:42:35.0427 6272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:42:35.0498 6272 PEAUTH - ok

22:42:35.0567 6272 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

22:42:35.0715 6272 PeerDistSvc - ok

22:42:35.0794 6272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

22:42:35.0835 6272 PerfHost - ok

22:42:35.0929 6272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

22:42:36.0069 6272 pla - ok

22:42:36.0168 6272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:42:36.0336 6272 PlugPlay - ok

22:42:36.0372 6272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:42:36.0390 6272 PNRPAutoReg - ok

22:42:36.0412 6272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:42:36.0431 6272 PNRPsvc - ok

22:42:36.0513 6272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:42:36.0611 6272 PolicyAgent - ok

22:42:36.0663 6272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

22:42:36.0739 6272 Power - ok

22:42:36.0777 6272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:42:36.0848 6272 PptpMiniport - ok

22:42:36.0892 6272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

22:42:36.0935 6272 Processor - ok

22:42:36.0987 6272 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

22:42:37.0069 6272 ProfSvc - ok

22:42:37.0090 6272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:42:37.0112 6272 ProtectedStorage - ok

22:42:37.0150 6272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:42:37.0217 6272 Psched - ok

22:42:37.0287 6272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

22:42:37.0366 6272 ql2300 - ok

22:42:37.0376 6272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

22:42:37.0394 6272 ql40xx - ok

22:42:37.0426 6272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

22:42:37.0452 6272 QWAVE - ok

22:42:37.0460 6272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:42:37.0499 6272 QWAVEdrv - ok

22:42:37.0526 6272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:42:37.0597 6272 RasAcd - ok

22:42:37.0633 6272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:42:37.0680 6272 RasAgileVpn - ok

22:42:37.0699 6272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

22:42:37.0771 6272 RasAuto - ok

22:42:37.0824 6272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:42:37.0895 6272 Rasl2tp - ok

22:42:37.0941 6272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

22:42:37.0993 6272 RasMan - ok

22:42:38.0030 6272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:42:38.0105 6272 RasPppoe - ok

22:42:38.0197 6272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:42:38.0269 6272 RasSstp - ok

22:42:38.0327 6272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:42:38.0378 6272 rdbss - ok

22:42:38.0392 6272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:42:38.0434 6272 rdpbus - ok

22:42:38.0460 6272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:42:38.0510 6272 RDPCDD - ok

22:42:38.0575 6272 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

22:42:38.0642 6272 RDPDR - ok

22:42:38.0693 6272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:42:38.0774 6272 RDPENCDD - ok

22:42:38.0815 6272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:42:38.0859 6272 RDPREFMP - ok

22:42:38.0931 6272 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

22:42:39.0071 6272 RdpVideoMiniport - ok

22:42:39.0116 6272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:42:39.0210 6272 RDPWD - ok

22:42:39.0264 6272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:42:39.0284 6272 rdyboost - ok

22:42:39.0315 6272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:42:39.0394 6272 RemoteAccess - ok

22:42:39.0448 6272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:42:39.0525 6272 RemoteRegistry - ok

22:42:39.0580 6272 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys

22:42:39.0605 6272 rismxdp - ok

22:42:39.0623 6272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:42:39.0678 6272 RpcEptMapper - ok

22:42:39.0686 6272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

22:42:39.0706 6272 RpcLocator - ok

22:42:39.0761 6272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

22:42:39.0818 6272 RpcSs - ok

22:42:39.0855 6272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:42:39.0907 6272 rspndr - ok

22:42:39.0946 6272 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

22:42:40.0041 6272 s3cap - ok

22:42:40.0057 6272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

22:42:40.0076 6272 SamSs - ok

22:42:40.0234 6272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:42:40.0292 6272 sbp2port - ok

22:42:40.0340 6272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:42:40.0421 6272 SCardSvr - ok

22:42:40.0537 6272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:42:40.0611 6272 scfilter - ok

22:42:40.0685 6272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

22:42:40.0837 6272 Schedule - ok

22:42:40.0884 6272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:42:40.0931 6272 SCPolicySvc - ok

22:42:40.0982 6272 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

22:42:41.0004 6272 sdbus - ok

22:42:41.0056 6272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:42:41.0137 6272 SDRSVC - ok

22:42:41.0172 6272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:42:41.0218 6272 secdrv - ok

22:42:41.0260 6272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

22:42:41.0305 6272 seclogon - ok

22:42:41.0353 6272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

22:42:41.0419 6272 SENS - ok

22:42:41.0454 6272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:42:41.0543 6272 SensrSvc - ok

22:42:41.0563 6272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

22:42:41.0599 6272 Serenum - ok

22:42:41.0607 6272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

22:42:41.0627 6272 Serial - ok

22:42:41.0665 6272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

22:42:41.0705 6272 sermouse - ok

22:42:41.0774 6272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

22:42:41.0841 6272 SessionEnv - ok

22:42:41.0886 6272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

22:42:41.0968 6272 sffdisk - ok

22:42:41.0988 6272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:42:42.0023 6272 sffp_mmc - ok

22:42:42.0051 6272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

22:42:42.0103 6272 sffp_sd - ok

22:42:42.0155 6272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

22:42:42.0181 6272 sfloppy - ok

22:42:42.0702 6272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:42:42.0784 6272 SharedAccess - ok

22:42:42.0851 6272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:42:42.0941 6272 ShellHWDetection - ok

22:42:42.0987 6272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:42:43.0002 6272 SiSRaid2 - ok

22:42:43.0011 6272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

22:42:43.0029 6272 SiSRaid4 - ok

22:42:43.0041 6272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:42:43.0118 6272 Smb - ok

22:42:43.0171 6272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:42:43.0212 6272 SNMPTRAP - ok

22:42:43.0247 6272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

22:42:43.0261 6272 spldr - ok

22:42:43.0313 6272 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

22:42:43.0442 6272 Spooler - ok

22:42:43.0584 6272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

22:42:43.0790 6272 sppsvc - ok

22:42:43.0923 6272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:42:44.0001 6272 sppuinotify - ok

22:42:44.0062 6272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

22:42:44.0177 6272 srv - ok

22:42:44.0230 6272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:42:44.0275 6272 srv2 - ok

22:42:44.0349 6272 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

22:42:44.0371 6272 SrvHsfHDA - ok

22:42:44.0428 6272 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

22:42:44.0499 6272 SrvHsfV92 - ok

22:42:44.0533 6272 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

22:42:44.0586 6272 SrvHsfWinac - ok

22:42:44.0628 6272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:42:44.0672 6272 srvnet - ok

22:42:44.0742 6272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:42:44.0822 6272 SSDPSRV - ok

22:42:44.0852 6272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:42:44.0902 6272 SstpSvc - ok

22:42:44.0960 6272 Steam Client Service - ok

22:42:44.0991 6272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

22:42:45.0006 6272 stexstor - ok

22:42:45.0060 6272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

22:42:45.0135 6272 stisvc - ok

22:42:45.0160 6272 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

22:42:45.0175 6272 storflt - ok

22:42:45.0240 6272 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

22:42:45.0258 6272 storvsc - ok

22:42:45.0281 6272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

22:42:45.0297 6272 swenum - ok

22:42:45.0341 6272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

22:42:45.0430 6272 swprv - ok

22:42:45.0460 6272 Synth3dVsc - ok

22:42:45.0556 6272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

22:42:45.0673 6272 SysMain - ok

22:42:45.0721 6272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:42:45.0778 6272 TabletInputService - ok

22:42:45.0857 6272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

22:42:45.0935 6272 TapiSrv - ok

22:42:45.0974 6272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

22:42:46.0022 6272 TBS - ok

22:42:46.0187 6272 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:42:46.0292 6272 Tcpip - ok

22:42:46.0365 6272 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:42:46.0417 6272 TCPIP6 - ok

22:42:46.0528 6272 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:42:46.0638 6272 tcpipreg - ok

22:42:46.0689 6272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:42:46.0856 6272 TDPIPE - ok

22:42:46.0893 6272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:42:46.0908 6272 TDTCP - ok

22:42:46.0946 6272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:42:46.0996 6272 tdx - ok

22:42:47.0016 6272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

22:42:47.0034 6272 TermDD - ok

22:42:47.0099 6272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

22:42:47.0179 6272 TermService - ok

22:42:47.0210 6272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

22:42:47.0256 6272 Themes - ok

22:42:47.0294 6272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

22:42:47.0343 6272 THREADORDER - ok

22:42:47.0382 6272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

22:42:47.0457 6272 TrkWks - ok

22:42:47.0541 6272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:42:47.0590 6272 TrustedInstaller - ok

22:42:47.0629 6272 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:42:47.0776 6272 tssecsrv - ok

22:42:47.0837 6272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

22:42:47.0915 6272 TsUsbFlt - ok

22:42:47.0921 6272 tsusbhub - ok

22:42:47.0959 6272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:42:48.0029 6272 tunnel - ok

22:42:48.0071 6272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

22:42:48.0094 6272 uagp35 - ok

22:42:48.0158 6272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:42:48.0213 6272 udfs - ok

22:42:48.0261 6272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:42:48.0280 6272 UI0Detect - ok

22:42:48.0308 6272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:42:48.0323 6272 uliagpkx - ok

22:42:48.0371 6272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

22:42:48.0413 6272 umbus - ok

22:42:48.0444 6272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

22:42:48.0483 6272 UmPass - ok

22:42:48.0533 6272 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

22:42:48.0554 6272 UmRdpService - ok

22:42:48.0587 6272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

22:42:48.0643 6272 upnphost - ok

22:42:48.0661 6272 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:42:48.0722 6272 usbccgp - ok

22:42:48.0747 6272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:42:48.0768 6272 usbcir - ok

22:42:48.0795 6272 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:42:48.0854 6272 usbehci - ok

22:42:48.0890 6272 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:42:48.0940 6272 usbhub - ok

22:42:48.0979 6272 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

22:42:48.0993 6272 usbohci - ok

22:42:49.0053 6272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:42:49.0099 6272 usbprint - ok

22:42:49.0130 6272 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

22:42:49.0248 6272 USBSTOR - ok

22:42:49.0273 6272 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

22:42:49.0308 6272 usbuhci - ok

22:42:49.0354 6272 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

22:42:49.0377 6272 usbvideo - ok

22:42:49.0406 6272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

22:42:49.0480 6272 UxSms - ok

22:42:49.0605 6272 [ 34812F7FAAFE329D15F55C4EB6DB44DA ] VASDeviceDrm C:\Windows\system32\drivers\vasdDev.sys

22:42:49.0681 6272 VASDeviceDrm - ok

22:42:49.0703 6272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

22:42:49.0727 6272 VaultSvc - ok

22:42:49.0774 6272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

22:42:49.0788 6272 vdrvroot - ok

22:42:49.0859 6272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

22:42:49.0934 6272 vds - ok

22:42:49.0972 6272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:42:49.0990 6272 vga - ok

22:42:50.0009 6272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

22:42:50.0084 6272 VgaSave - ok

22:42:50.0116 6272 VGPU - ok

22:42:50.0170 6272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

22:42:50.0190 6272 vhdmp - ok

22:42:50.0241 6272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

22:42:50.0255 6272 viaide - ok

22:42:50.0279 6272 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

22:42:50.0299 6272 vmbus - ok

22:42:50.0317 6272 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

22:42:50.0354 6272 VMBusHID - ok

22:42:50.0390 6272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:42:50.0406 6272 volmgr - ok

22:42:50.0461 6272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:42:50.0485 6272 volmgrx - ok

22:42:50.0513 6272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:42:50.0535 6272 volsnap - ok

22:42:50.0586 6272 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys

22:42:50.0605 6272 vpcbus - ok

22:42:50.0666 6272 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys

22:42:50.0755 6272 vpcnfltr - ok

22:42:50.0789 6272 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys

22:42:50.0833 6272 vpcusb - ok

22:42:50.0895 6272 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys

22:42:50.0936 6272 vpcvmm - ok

22:42:50.0978 6272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

22:42:50.0997 6272 vsmraid - ok

22:42:51.0067 6272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

22:42:51.0200 6272 VSS - ok

22:42:51.0368 6272 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

22:42:51.0422 6272 vToolbarUpdater12.2.6 - ok

22:42:51.0460 6272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

22:42:51.0506 6272 vwifibus - ok

22:42:51.0560 6272 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

22:42:51.0603 6272 vwififlt - ok

22:42:51.0632 6272 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

22:42:51.0671 6272 vwifimp - ok

22:42:51.0721 6272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

22:42:51.0879 6272 W32Time - ok

22:42:51.0900 6272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

22:42:51.0915 6272 WacomPen - ok

22:42:51.0953 6272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:42:52.0016 6272 WANARP - ok

22:42:52.0028 6272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:42:52.0076 6272 Wanarpv6 - ok

22:42:52.0180 6272 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:42:52.0258 6272 WatAdminSvc - ok

22:42:52.0337 6272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

22:42:52.0487 6272 wbengine - ok

22:42:52.0547 6272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:42:52.0574 6272 WbioSrvc - ok

22:42:52.0617 6272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:42:52.0676 6272 wcncsvc - ok

22:42:52.0715 6272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:42:52.0765 6272 WcsPlugInService - ok

22:42:52.0801 6272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

22:42:52.0815 6272 Wd - ok

22:42:52.0861 6272 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:42:52.0904 6272 Wdf01000 - ok

22:42:52.0925 6272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:42:53.0037 6272 WdiServiceHost - ok

22:42:53.0047 6272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:42:53.0073 6272 WdiSystemHost - ok

22:42:53.0108 6272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

22:42:53.0166 6272 WebClient - ok

22:42:53.0218 6272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:42:53.0271 6272 Wecsvc - ok

22:42:53.0291 6272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:42:53.0365 6272 wercplsupport - ok

22:42:53.0409 6272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

22:42:53.0459 6272 WerSvc - ok

22:42:53.0491 6272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:42:53.0563 6272 WfpLwf - ok

22:42:53.0590 6272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:42:53.0604 6272 WIMMount - ok

22:42:53.0630 6272 WinDefend - ok

22:42:53.0638 6272 WinHttpAutoProxySvc - ok

22:42:53.0706 6272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:42:53.0775 6272 Winmgmt - ok

22:42:53.0872 6272 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

22:42:54.0002 6272 WinRM - ok

22:42:54.0102 6272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

22:42:54.0161 6272 Wlansvc - ok

22:42:54.0210 6272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

22:42:54.0239 6272 WmiAcpi - ok

22:42:54.0276 6272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:42:54.0361 6272 wmiApSrv - ok

22:42:54.0399 6272 WMPNetworkSvc - ok

22:42:54.0415 6272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:42:54.0473 6272 WPCSvc - ok

22:42:54.0526 6272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:42:54.0546 6272 WPDBusEnum - ok

22:42:54.0580 6272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:42:54.0645 6272 ws2ifsl - ok

22:42:54.0689 6272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

22:42:54.0742 6272 wscsvc - ok

22:42:54.0750 6272 WSearch - ok

22:42:54.0873 6272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

22:42:54.0996 6272 wuauserv - ok

22:42:55.0017 6272 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:42:55.0090 6272 WudfPf - ok

22:42:55.0150 6272 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:42:55.0197 6272 WUDFRd - ok

22:42:55.0231 6272 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:42:55.0281 6272 wudfsvc - ok

22:42:55.0308 6272 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

22:42:55.0410 6272 WwanSvc - ok

22:42:55.0451 6272 ================ Scan global ===============================

22:42:55.0503 6272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

22:42:55.0544 6272 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

22:42:55.0558 6272 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

22:42:55.0584 6272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

22:42:55.0621 6272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

22:42:55.0629 6272 [Global] - ok

22:42:55.0629 6272 ================ Scan MBR ==================================

22:42:55.0643 6272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

22:42:55.0643 6272 Suspicious mbr (Forged): \Device\Harddisk0\DR0

22:42:55.0677 6272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

22:42:55.0677 6272 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

22:42:55.0734 6272 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

22:42:55.0734 6272 \Device\Harddisk0\DR0 - detected TDSS File System (1)

22:42:55.0734 6272 ================ Scan VBR ==================================

22:42:55.0739 6272 [ 76965CAF4992CD12CC24D16FD676FD8D ] \Device\Harddisk0\DR0\Partition1

22:42:55.0742 6272 \Device\Harddisk0\DR0\Partition1 - ok

22:42:55.0795 6272 [ 40B9D2CF8F6A6FFD4C3117B398D26BAA ] \Device\Harddisk0\DR0\Partition2

22:42:55.0796 6272 \Device\Harddisk0\DR0\Partition2 - ok

22:42:55.0797 6272 ============================================================

22:42:55.0797 6272 Scan finished

22:42:55.0797 6272 ============================================================

22:42:55.0818 2788 Detected object count: 2

22:42:55.0818 2788 Actual detected object count: 2

22:50:34.0275 2788 \Device\Harddisk0\DR0\# - copied to quarantine

22:50:34.0279 2788 \Device\Harddisk0\DR0 - copied to quarantine

22:50:34.0319 2788 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

22:50:34.0321 2788 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

22:50:34.0326 2788 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

22:50:34.0334 2788 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

22:50:34.0348 2788 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

22:50:34.0356 2788 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

22:50:34.0358 2788 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

22:50:34.0359 2788 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

22:50:34.0361 2788 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

22:50:34.0363 2788 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

22:50:34.0366 2788 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

22:50:34.0367 2788 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

22:50:34.0369 2788 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

22:50:34.0371 2788 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

22:50:34.0381 2788 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

22:50:34.0410 2788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

22:50:34.0411 2788 \Device\Harddisk0\DR0 - ok

22:50:35.0026 2788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

22:50:35.0028 2788 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

22:50:35.0029 2788 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

22:54:50.0767 3300 Deinitialize success

Link to post
Share on other sites

And another one...

23:00:04.0262 2544 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

23:00:04.0759 2544 ============================================================

23:00:04.0759 2544 Current date / time: 2012/09/05 23:00:04.0759

23:00:04.0759 2544 SystemInfo:

23:00:04.0759 2544

23:00:04.0760 2544 OS Version: 6.1.7601 ServicePack: 1.0

23:00:04.0760 2544 Product type: Workstation

23:00:04.0760 2544 ComputerName: PALS

23:00:04.0760 2544 UserName: Administrator

23:00:04.0760 2544 Windows directory: C:\Windows

23:00:04.0760 2544 System windows directory: C:\Windows

23:00:04.0760 2544 Running under WOW64

23:00:04.0760 2544 Processor architecture: Intel x64

23:00:04.0760 2544 Number of processors: 2

23:00:04.0760 2544 Page size: 0x1000

23:00:04.0760 2544 Boot type: Normal boot

23:00:04.0761 2544 ============================================================

23:00:24.0348 2544 BG loaded

23:00:25.0128 2544 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:00:25.0140 2544 ============================================================

23:00:25.0140 2544 \Device\Harddisk0\DR0:

23:00:25.0149 2544 MBR partitions:

23:00:25.0149 2544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11249AF0

23:00:25.0149 2544 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11249B2F, BlocksNum 0x17CEF92

23:00:25.0149 2544 ============================================================

23:00:25.0372 2544 C: <-> \Device\Harddisk0\DR0\Partition1

23:00:25.0675 2544 D: <-> \Device\Harddisk0\DR0\Partition2

23:00:25.0675 2544 ============================================================

23:00:25.0675 2544 Initialize success

23:00:25.0675 2544 ============================================================

23:02:20.0133 3360 ============================================================

23:02:20.0133 3360 Scan started

23:02:20.0133 3360 Mode: Manual;

23:02:20.0133 3360 ============================================================

23:02:21.0885 3360 ================ Scan system memory ========================

23:02:21.0885 3360 System memory - ok

23:02:21.0890 3360 ================ Scan services =============================

23:02:22.0081 3360 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:02:22.0083 3360 1394ohci - ok

23:02:22.0141 3360 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:02:22.0147 3360 ACPI - ok

23:02:22.0168 3360 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:02:22.0169 3360 AcpiPmi - ok

23:02:22.0345 3360 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:02:22.0350 3360 AdobeFlashPlayerUpdateSvc - ok

23:02:22.0425 3360 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:02:22.0449 3360 adp94xx - ok

23:02:22.0478 3360 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:02:22.0484 3360 adpahci - ok

23:02:22.0534 3360 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:02:22.0538 3360 adpu320 - ok

23:02:22.0575 3360 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:02:22.0576 3360 AeLookupSvc - ok

23:02:22.0640 3360 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

23:02:22.0644 3360 AFD - ok

23:02:22.0693 3360 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:02:22.0695 3360 agp440 - ok

23:02:22.0723 3360 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

23:02:22.0725 3360 ALG - ok

23:02:22.0751 3360 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

23:02:22.0752 3360 aliide - ok

23:02:22.0773 3360 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

23:02:22.0774 3360 amdide - ok

23:02:22.0836 3360 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:02:22.0837 3360 AmdK8 - ok

23:02:22.0859 3360 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:02:22.0861 3360 AmdPPM - ok

23:02:22.0924 3360 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:02:22.0927 3360 amdsata - ok

23:02:22.0947 3360 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:02:22.0951 3360 amdsbs - ok

23:02:22.0964 3360 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:02:22.0965 3360 amdxata - ok

23:02:23.0015 3360 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

23:02:23.0017 3360 AppID - ok

23:02:23.0057 3360 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:02:23.0060 3360 AppIDSvc - ok

23:02:23.0107 3360 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

23:02:23.0109 3360 Appinfo - ok

23:02:23.0125 3360 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

23:02:23.0129 3360 AppMgmt - ok

23:02:23.0164 3360 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

23:02:23.0166 3360 arc - ok

23:02:23.0193 3360 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:02:23.0195 3360 arcsas - ok

23:02:23.0218 3360 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:02:23.0220 3360 AsyncMac - ok

23:02:23.0254 3360 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

23:02:23.0255 3360 atapi - ok

23:02:23.0361 3360 [ 8C56E93749BA53A4B645963D3439E01E ] athr C:\Windows\system32\DRIVERS\athrx.sys

23:02:23.0372 3360 athr - ok

23:02:23.0427 3360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:02:23.0433 3360 AudioEndpointBuilder - ok

23:02:23.0460 3360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:02:23.0466 3360 AudioSrv - ok

23:02:23.0541 3360 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys

23:02:23.0542 3360 avgtp - ok

23:02:23.0620 3360 AVP - ok

23:02:23.0664 3360 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:02:23.0676 3360 AxInstSV - ok

23:02:23.0728 3360 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

23:02:23.0737 3360 b06bdrv - ok

23:02:23.0768 3360 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:02:23.0773 3360 b57nd60a - ok

23:02:23.0810 3360 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:02:23.0812 3360 BDESVC - ok

23:02:23.0848 3360 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:02:23.0849 3360 Beep - ok

23:02:23.0909 3360 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

23:02:23.0915 3360 BFE - ok

23:02:23.0984 3360 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

23:02:23.0992 3360 BITS - ok

23:02:24.0020 3360 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:02:24.0021 3360 blbdrive - ok

23:02:24.0074 3360 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:02:24.0076 3360 bowser - ok

23:02:24.0103 3360 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:02:24.0105 3360 BrFiltLo - ok

23:02:24.0129 3360 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:02:24.0130 3360 BrFiltUp - ok

23:02:24.0182 3360 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

23:02:24.0184 3360 Browser - ok

23:02:24.0217 3360 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:02:24.0223 3360 Brserid - ok

23:02:24.0249 3360 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:02:24.0251 3360 BrSerWdm - ok

23:02:24.0277 3360 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:02:24.0278 3360 BrUsbMdm - ok

23:02:24.0314 3360 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:02:24.0315 3360 BrUsbSer - ok

23:02:24.0327 3360 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:02:24.0329 3360 BTHMODEM - ok

23:02:24.0367 3360 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

23:02:24.0369 3360 bthserv - ok

23:02:24.0418 3360 c2wts - ok

23:02:24.0444 3360 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:02:24.0446 3360 cdfs - ok

23:02:24.0489 3360 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

23:02:24.0491 3360 cdrom - ok

23:02:24.0529 3360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

23:02:24.0531 3360 CertPropSvc - ok

23:02:24.0550 3360 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:02:24.0552 3360 circlass - ok

23:02:24.0628 3360 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

23:02:24.0634 3360 CLFS - ok

23:02:24.0719 3360 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:02:24.0724 3360 clr_optimization_v2.0.50727_32 - ok

23:02:24.0782 3360 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:02:24.0787 3360 clr_optimization_v2.0.50727_64 - ok

23:02:24.0873 3360 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:02:24.0911 3360 clr_optimization_v4.0.30319_32 - ok

23:02:24.0955 3360 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:02:24.0957 3360 clr_optimization_v4.0.30319_64 - ok

23:02:25.0002 3360 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:02:25.0003 3360 CmBatt - ok

23:02:25.0176 3360 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:02:25.0178 3360 cmdide - ok

23:02:25.0239 3360 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

23:02:25.0262 3360 CNG - ok

23:02:25.0316 3360 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:02:25.0318 3360 Compbatt - ok

23:02:25.0368 3360 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

23:02:25.0370 3360 CompositeBus - ok

23:02:25.0384 3360 COMSysApp - ok

23:02:25.0411 3360 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:02:25.0412 3360 crcdisk - ok

23:02:25.0471 3360 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:02:25.0474 3360 CryptSvc - ok

23:02:25.0528 3360 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

23:02:25.0533 3360 CSC - ok

23:02:25.0574 3360 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

23:02:25.0580 3360 CscService - ok

23:02:25.0639 3360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:02:25.0645 3360 DcomLaunch - ok

23:02:25.0793 3360 [ C5F8786D9D6D349CD70F32F3105A4A72 ] DDMF_Audio C:\Windows\system32\drivers\DDMFaudio.sys

23:02:25.0794 3360 DDMF_Audio - ok

23:02:25.0833 3360 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

23:02:25.0839 3360 defragsvc - ok

23:02:25.0882 3360 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:02:25.0884 3360 DfsC - ok

23:02:25.0934 3360 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

23:02:25.0937 3360 Dhcp - ok

23:02:26.0002 3360 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

23:02:26.0003 3360 discache - ok

23:02:26.0025 3360 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:02:26.0027 3360 Disk - ok

23:02:26.0081 3360 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:02:26.0083 3360 Dnscache - ok

23:02:26.0137 3360 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

23:02:26.0142 3360 dot3svc - ok

23:02:26.0187 3360 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

23:02:26.0190 3360 DPS - ok

23:02:26.0249 3360 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:02:26.0250 3360 drmkaud - ok

23:02:26.0306 3360 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys

23:02:26.0307 3360 dsNcAdpt - ok

23:02:26.0385 3360 [ 321434D46097A2D4FD9C57717814AF87 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

23:02:26.0390 3360 dsNcService - ok

23:02:26.0511 3360 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:02:26.0519 3360 DXGKrnl - ok

23:02:26.0588 3360 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:02:26.0590 3360 EapHost - ok

23:02:26.0795 3360 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

23:02:26.0910 3360 ebdrv - ok

23:02:26.0947 3360 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

23:02:26.0949 3360 EFS - ok

23:02:27.0029 3360 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:02:27.0063 3360 ehRecvr - ok

23:02:27.0100 3360 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

23:02:27.0103 3360 ehSched - ok

23:02:27.0145 3360 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:02:27.0154 3360 elxstor - ok

23:02:27.0192 3360 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:02:27.0193 3360 ErrDev - ok

23:02:27.0269 3360 [ CC28EC15E1A0603541D92F6F5F016437 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys

23:02:27.0270 3360 EuMusDesignVirtualAudioCableWdm - ok

23:02:27.0343 3360 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

23:02:27.0347 3360 EventSystem - ok

23:02:27.0377 3360 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

23:02:27.0381 3360 exfat - ok

23:02:27.0413 3360 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:02:27.0418 3360 fastfat - ok

23:02:27.0472 3360 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

23:02:27.0479 3360 Fax - ok

23:02:27.0512 3360 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:02:27.0513 3360 fdc - ok

23:02:27.0537 3360 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:02:27.0538 3360 fdPHost - ok

23:02:27.0568 3360 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:02:27.0570 3360 FDResPub - ok

23:02:27.0597 3360 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:02:27.0599 3360 FileInfo - ok

23:02:27.0622 3360 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:02:27.0634 3360 Filetrace - ok

23:02:27.0647 3360 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:02:27.0648 3360 flpydisk - ok

23:02:27.0695 3360 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:02:27.0698 3360 FltMgr - ok

23:02:27.0768 3360 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

23:02:27.0778 3360 FontCache - ok

23:02:27.0852 3360 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:02:27.0855 3360 FontCache3.0.0.0 - ok

23:02:27.0889 3360 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:02:27.0890 3360 FsDepends - ok

23:02:27.0933 3360 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:02:27.0934 3360 Fs_Rec - ok

23:02:27.0979 3360 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:02:27.0984 3360 fvevol - ok

23:02:28.0088 3360 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:02:28.0090 3360 gagp30kx - ok

23:02:28.0154 3360 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

23:02:28.0161 3360 gpsvc - ok

23:02:28.0174 3360 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:02:28.0176 3360 hcw85cir - ok

23:02:28.0253 3360 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:02:28.0256 3360 HdAudAddService - ok

23:02:28.0308 3360 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

23:02:28.0310 3360 HDAudBus - ok

23:02:28.0339 3360 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:02:28.0340 3360 HidBatt - ok

23:02:28.0355 3360 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:02:28.0357 3360 HidBth - ok

23:02:28.0371 3360 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:02:28.0373 3360 HidIr - ok

23:02:28.0412 3360 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

23:02:28.0413 3360 hidserv - ok

23:02:28.0443 3360 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

23:02:28.0444 3360 HidUsb - ok

23:02:28.0488 3360 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:02:28.0491 3360 hkmsvc - ok

23:02:28.0540 3360 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:02:28.0543 3360 HomeGroupListener - ok

23:02:28.0588 3360 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:02:28.0591 3360 HomeGroupProvider - ok

23:02:28.0655 3360 [ E53D53D66D61794AF8160741946D0B43 ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys

23:02:28.0656 3360 HpqRemHid - ok

23:02:28.0792 3360 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:02:28.0794 3360 HpSAMD - ok

23:02:28.0853 3360 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:02:28.0860 3360 HTTP - ok

23:02:28.0903 3360 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:02:28.0905 3360 hwpolicy - ok

23:02:28.0936 3360 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

23:02:28.0938 3360 i8042prt - ok

23:02:28.0978 3360 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:02:29.0001 3360 iaStorV - ok

23:02:29.0079 3360 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:02:29.0124 3360 idsvc - ok

23:02:29.0161 3360 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:02:29.0163 3360 iirsp - ok

23:02:29.0207 3360 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

23:02:29.0215 3360 IKEEXT - ok

23:02:29.0245 3360 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

23:02:29.0246 3360 intelide - ok

23:02:29.0260 3360 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:02:29.0262 3360 intelppm - ok

23:02:29.0304 3360 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:02:29.0307 3360 IPBusEnum - ok

23:02:29.0351 3360 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:02:29.0353 3360 IpFilterDriver - ok

23:02:29.0410 3360 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:02:29.0416 3360 iphlpsvc - ok

23:02:29.0460 3360 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:02:29.0462 3360 IPMIDRV - ok

23:02:29.0476 3360 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:02:29.0479 3360 IPNAT - ok

23:02:29.0504 3360 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:02:29.0505 3360 IRENUM - ok

23:02:29.0567 3360 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:02:29.0568 3360 isapnp - ok

23:02:29.0603 3360 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:02:29.0609 3360 iScsiPrt - ok

23:02:29.0631 3360 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

23:02:29.0632 3360 kbdclass - ok

23:02:29.0662 3360 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

23:02:29.0718 3360 kbdhid - ok

23:02:29.0781 3360 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

23:02:29.0783 3360 KeyIso - ok

23:02:29.0850 3360 KL1 - ok

23:02:29.0865 3360 kl2 - ok

23:02:29.0902 3360 KLIF - ok

23:02:29.0916 3360 KLIM6 - ok

23:02:29.0932 3360 klmouflt - ok

23:02:29.0987 3360 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:02:29.0990 3360 KSecDD - ok

23:02:30.0034 3360 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:02:30.0037 3360 KSecPkg - ok

23:02:30.0068 3360 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:02:30.0069 3360 ksthunk - ok

23:02:30.0120 3360 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

23:02:30.0128 3360 KtmRm - ok

23:02:30.0172 3360 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

23:02:30.0176 3360 LanmanServer - ok

23:02:30.0227 3360 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:02:30.0230 3360 LanmanWorkstation - ok

23:02:30.0255 3360 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:02:30.0256 3360 lltdio - ok

23:02:30.0290 3360 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:02:30.0298 3360 lltdsvc - ok

23:02:30.0325 3360 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:02:30.0327 3360 lmhosts - ok

23:02:30.0356 3360 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:02:30.0359 3360 LSI_FC - ok

23:02:30.0374 3360 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:02:30.0376 3360 LSI_SAS - ok

23:02:30.0391 3360 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:02:30.0393 3360 LSI_SAS2 - ok

23:02:30.0407 3360 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:02:30.0410 3360 LSI_SCSI - ok

23:02:30.0442 3360 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

23:02:30.0444 3360 luafv - ok

23:02:30.0516 3360 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

23:02:30.0517 3360 MBAMProtector - ok

23:02:30.0605 3360 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:02:30.0611 3360 MBAMService - ok

23:02:30.0660 3360 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:02:30.0673 3360 Mcx2Svc - ok

23:02:30.0695 3360 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:02:30.0697 3360 megasas - ok

23:02:30.0715 3360 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:02:30.0720 3360 MegaSR - ok

23:02:30.0841 3360 Microsoft SharePoint Workspace Audit Service - ok

23:02:30.0872 3360 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

23:02:30.0874 3360 MMCSS - ok

23:02:30.0901 3360 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:02:30.0902 3360 Modem - ok

23:02:30.0919 3360 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:02:30.0920 3360 monitor - ok

23:02:30.0940 3360 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

23:02:30.0941 3360 mouclass - ok

23:02:30.0969 3360 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:02:30.0971 3360 mouhid - ok

23:02:31.0014 3360 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:02:31.0016 3360 mountmgr - ok

23:02:31.0059 3360 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

23:02:31.0062 3360 mpio - ok

23:02:31.0092 3360 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:02:31.0094 3360 mpsdrv - ok

23:02:31.0162 3360 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:02:31.0170 3360 MpsSvc - ok

23:02:31.0222 3360 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:02:31.0225 3360 MRxDAV - ok

23:02:31.0266 3360 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:02:31.0268 3360 mrxsmb - ok

23:02:31.0317 3360 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:02:31.0320 3360 mrxsmb10 - ok

23:02:31.0374 3360 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:02:31.0376 3360 mrxsmb20 - ok

23:02:31.0417 3360 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

23:02:31.0419 3360 msahci - ok

23:02:31.0439 3360 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:02:31.0447 3360 msdsm - ok

23:02:31.0479 3360 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

23:02:31.0483 3360 MSDTC - ok

23:02:31.0528 3360 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:02:31.0529 3360 Msfs - ok

23:02:31.0555 3360 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:02:31.0556 3360 mshidkmdf - ok

23:02:31.0577 3360 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:02:31.0579 3360 msisadrv - ok

23:02:31.0612 3360 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:02:31.0616 3360 MSiSCSI - ok

23:02:31.0628 3360 msiserver - ok

23:02:31.0680 3360 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:02:31.0682 3360 MSKSSRV - ok

23:02:31.0706 3360 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:02:31.0707 3360 MSPCLOCK - ok

23:02:31.0721 3360 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:02:31.0722 3360 MSPQM - ok

23:02:31.0785 3360 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:02:31.0792 3360 MsRPC - ok

23:02:31.0844 3360 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

23:02:31.0845 3360 mssmbios - ok

23:02:31.0907 3360 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:02:31.0928 3360 MSTEE - ok

23:02:31.0957 3360 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:02:31.0969 3360 MTConfig - ok

23:02:31.0991 3360 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:02:31.0993 3360 Mup - ok

23:02:32.0058 3360 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

23:02:32.0064 3360 napagent - ok

23:02:32.0154 3360 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:02:32.0157 3360 NativeWifiP - ok

23:02:32.0407 3360 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

23:02:32.0442 3360 NDIS - ok

23:02:32.0515 3360 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:02:32.0516 3360 NdisCap - ok

23:02:32.0558 3360 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:02:32.0559 3360 NdisTapi - ok

23:02:32.0597 3360 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:02:32.0598 3360 Ndisuio - ok

23:02:32.0782 3360 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:02:32.0784 3360 NdisWan - ok

23:02:32.0832 3360 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:02:32.0833 3360 NDProxy - ok

23:02:32.0862 3360 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:02:32.0863 3360 NetBIOS - ok

23:02:32.0936 3360 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:02:32.0939 3360 NetBT - ok

23:02:33.0004 3360 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

23:02:33.0006 3360 Netlogon - ok

23:02:33.0091 3360 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

23:02:33.0096 3360 Netman - ok

23:02:33.0174 3360 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

23:02:33.0180 3360 netprofm - ok

23:02:33.0225 3360 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:02:33.0245 3360 NetTcpPortSharing - ok

23:02:33.0294 3360 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:02:33.0311 3360 nfrd960 - ok

23:02:33.0420 3360 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:02:33.0424 3360 NlaSvc - ok

23:02:33.0457 3360 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:02:33.0458 3360 Npfs - ok

23:02:33.0555 3360 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:02:33.0557 3360 nsi - ok

23:02:33.0573 3360 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:02:33.0574 3360 nsiproxy - ok

23:02:33.0855 3360 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:02:33.0883 3360 Ntfs - ok

23:02:33.0921 3360 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

23:02:33.0922 3360 Null - ok

23:02:34.0063 3360 [ 1AC8BE0BBCE42C7C0DD46B854803C911 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys

23:02:34.0079 3360 NVENETFD - ok

23:02:35.0117 3360 [ 5CB8D35FD04C38181B36CE32B4EA053B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:02:35.0190 3360 nvlddmkm - ok

23:02:35.0251 3360 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:02:35.0262 3360 nvraid - ok

23:02:35.0323 3360 [ 76B304C8156779D4D39530118ACF1D1A ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys

23:02:35.0323 3360 nvsmu - ok

23:02:35.0389 3360 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:02:35.0404 3360 nvstor - ok

23:02:35.0482 3360 [ CB22CA74B37EA3C87BE05E551DEB7EB3 ] nvsvc C:\Windows\system32\nvvsvc.exe

23:02:35.0487 3360 nvsvc - ok

23:02:35.0520 3360 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:02:35.0537 3360 nv_agp - ok

23:02:35.0617 3360 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:02:35.0620 3360 ohci1394 - ok

23:02:35.0848 3360 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:02:35.0853 3360 ose - ok

23:02:36.0390 3360 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:02:36.0562 3360 osppsvc - ok

23:02:36.0774 3360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:02:36.0778 3360 p2pimsvc - ok

23:02:36.0820 3360 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:02:36.0826 3360 p2psvc - ok

23:02:36.0881 3360 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:02:36.0884 3360 Parport - ok

23:02:36.0932 3360 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:02:36.0935 3360 partmgr - ok

23:02:36.0969 3360 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:02:36.0972 3360 PcaSvc - ok

23:02:37.0018 3360 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

23:02:37.0022 3360 pci - ok

23:02:37.0041 3360 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

23:02:37.0054 3360 pciide - ok

23:02:37.0068 3360 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:02:37.0080 3360 pcmcia - ok

23:02:37.0223 3360 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys

23:02:37.0224 3360 pcouffin - ok

23:02:37.0261 3360 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:02:37.0282 3360 pcw - ok

23:02:37.0331 3360 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:02:37.0337 3360 PEAUTH - ok

23:02:37.0516 3360 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

23:02:37.0541 3360 PeerDistSvc - ok

23:02:37.0621 3360 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:02:37.0623 3360 PerfHost - ok

23:02:37.0733 3360 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

23:02:37.0779 3360 pla - ok

23:02:37.0911 3360 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:02:37.0917 3360 PlugPlay - ok

23:02:37.0954 3360 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:02:37.0956 3360 PNRPAutoReg - ok

23:02:38.0012 3360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:02:38.0017 3360 PNRPsvc - ok

23:02:38.0100 3360 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:02:38.0105 3360 PolicyAgent - ok

23:02:38.0179 3360 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

23:02:38.0183 3360 Power - ok

23:02:38.0215 3360 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:02:38.0216 3360 PptpMiniport - ok

23:02:38.0275 3360 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:02:38.0292 3360 Processor - ok

23:02:38.0365 3360 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

23:02:38.0368 3360 ProfSvc - ok

23:02:38.0394 3360 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:02:38.0396 3360 ProtectedStorage - ok

23:02:38.0473 3360 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:02:38.0475 3360 Psched - ok

23:02:38.0685 3360 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:02:38.0738 3360 ql2300 - ok

23:02:38.0777 3360 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:02:38.0780 3360 ql40xx - ok

23:02:38.0863 3360 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

23:02:38.0888 3360 QWAVE - ok

23:02:38.0901 3360 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:02:38.0903 3360 QWAVEdrv - ok

23:02:39.0064 3360 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:02:39.0081 3360 RasAcd - ok

23:02:39.0113 3360 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:02:39.0114 3360 RasAgileVpn - ok

23:02:39.0147 3360 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

23:02:39.0151 3360 RasAuto - ok

23:02:39.0206 3360 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:02:39.0208 3360 Rasl2tp - ok

23:02:39.0270 3360 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

23:02:39.0278 3360 RasMan - ok

23:02:39.0312 3360 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:02:39.0313 3360 RasPppoe - ok

23:02:39.0335 3360 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:02:39.0336 3360 RasSstp - ok

23:02:39.0413 3360 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:02:39.0416 3360 rdbss - ok

23:02:39.0441 3360 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:02:39.0442 3360 rdpbus - ok

23:02:39.0465 3360 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:02:39.0466 3360 RDPCDD - ok

23:02:39.0557 3360 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

23:02:39.0561 3360 RDPDR - ok

23:02:39.0586 3360 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:02:39.0587 3360 RDPENCDD - ok

23:02:39.0608 3360 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:02:39.0609 3360 RDPREFMP - ok

23:02:39.0791 3360 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

23:02:39.0812 3360 RdpVideoMiniport - ok

23:02:39.0864 3360 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:02:39.0870 3360 RDPWD - ok

23:02:39.0923 3360 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:02:39.0944 3360 rdyboost - ok

23:02:40.0007 3360 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:02:40.0028 3360 RemoteAccess - ok

23:02:40.0075 3360 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:02:40.0080 3360 RemoteRegistry - ok

23:02:40.0162 3360 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys

23:02:40.0163 3360 rismxdp - ok

23:02:40.0182 3360 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:02:40.0185 3360 RpcEptMapper - ok

23:02:40.0199 3360 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

23:02:40.0201 3360 RpcLocator - ok

23:02:40.0264 3360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

23:02:40.0271 3360 RpcSs - ok

23:02:40.0326 3360 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:02:40.0327 3360 rspndr - ok

23:02:40.0372 3360 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

23:02:40.0374 3360 s3cap - ok

23:02:40.0405 3360 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

23:02:40.0407 3360 SamSs - ok

23:02:40.0438 3360 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:02:40.0441 3360 sbp2port - ok

23:02:40.0500 3360 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:02:40.0516 3360 SCardSvr - ok

23:02:40.0563 3360 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:02:40.0565 3360 scfilter - ok

23:02:40.0655 3360 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

23:02:40.0666 3360 Schedule - ok

23:02:40.0781 3360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:02:40.0783 3360 SCPolicySvc - ok

23:02:40.0852 3360 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

23:02:40.0854 3360 sdbus - ok

23:02:40.0918 3360 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:02:40.0924 3360 SDRSVC - ok

23:02:40.0987 3360 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:02:40.0988 3360 secdrv - ok

23:02:41.0019 3360 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

23:02:41.0035 3360 seclogon - ok

23:02:41.0079 3360 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

23:02:41.0082 3360 SENS - ok

23:02:41.0103 3360 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:02:41.0106 3360 SensrSvc - ok

23:02:41.0133 3360 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:02:41.0135 3360 Serenum - ok

23:02:41.0147 3360 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:02:41.0164 3360 Serial - ok

23:02:41.0202 3360 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:02:41.0204 3360 sermouse - ok

23:02:41.0267 3360 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

23:02:41.0286 3360 SessionEnv - ok

23:02:41.0323 3360 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

23:02:41.0325 3360 sffdisk - ok

23:02:41.0348 3360 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:02:41.0360 3360 sffp_mmc - ok

23:02:41.0388 3360 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

23:02:41.0406 3360 sffp_sd - ok

23:02:41.0448 3360 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:02:41.0449 3360 sfloppy - ok

23:02:41.0607 3360 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:02:41.0618 3360 SharedAccess - ok

23:02:41.0711 3360 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:02:41.0716 3360 ShellHWDetection - ok

23:02:41.0758 3360 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:02:41.0760 3360 SiSRaid2 - ok

23:02:41.0777 3360 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:02:41.0780 3360 SiSRaid4 - ok

23:02:41.0801 3360 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:02:41.0809 3360 Smb - ok

23:02:41.0864 3360 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:02:41.0866 3360 SNMPTRAP - ok

23:02:41.0883 3360 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:02:41.0885 3360 spldr - ok

23:02:41.0940 3360 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

23:02:41.0946 3360 Spooler - ok

23:02:42.0198 3360 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

23:02:42.0226 3360 sppsvc - ok

23:02:42.0260 3360 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:02:42.0263 3360 sppuinotify - ok

23:02:42.0321 3360 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

23:02:42.0326 3360 srv - ok

23:02:42.0401 3360 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:02:42.0405 3360 srv2 - ok

23:02:42.0508 3360 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

23:02:42.0511 3360 SrvHsfHDA - ok

23:02:42.0610 3360 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

23:02:42.0622 3360 SrvHsfV92 - ok

23:02:42.0704 3360 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

23:02:42.0710 3360 SrvHsfWinac - ok

23:02:42.0754 3360 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:02:42.0756 3360 srvnet - ok

23:02:42.0823 3360 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:02:42.0827 3360 SSDPSRV - ok

23:02:42.0856 3360 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:02:42.0858 3360 SstpSvc - ok

23:02:43.0056 3360 Steam Client Service - ok

23:02:43.0117 3360 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:02:43.0131 3360 stexstor - ok

23:02:43.0204 3360 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

23:02:43.0211 3360 stisvc - ok

23:02:43.0241 3360 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

23:02:43.0243 3360 storflt - ok

23:02:43.0310 3360 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

23:02:43.0312 3360 storvsc - ok

23:02:43.0340 3360 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

23:02:43.0341 3360 swenum - ok

23:02:43.0422 3360 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

23:02:43.0468 3360 swprv - ok

23:02:43.0512 3360 Synth3dVsc - ok

23:02:43.0682 3360 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

23:02:43.0697 3360 SysMain - ok

23:02:43.0736 3360 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:02:43.0741 3360 TabletInputService - ok

23:02:43.0787 3360 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

23:02:43.0797 3360 TapiSrv - ok

23:02:43.0844 3360 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

23:02:43.0848 3360 TBS - ok

23:02:44.0030 3360 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:02:44.0104 3360 Tcpip - ok

23:02:44.0224 3360 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:02:44.0239 3360 TCPIP6 - ok

23:02:44.0309 3360 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:02:44.0310 3360 tcpipreg - ok

23:02:44.0359 3360 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:02:44.0371 3360 TDPIPE - ok

23:02:44.0407 3360 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:02:44.0423 3360 TDTCP - ok

23:02:44.0472 3360 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:02:44.0473 3360 tdx - ok

23:02:44.0497 3360 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

23:02:44.0498 3360 TermDD - ok

23:02:44.0586 3360 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

23:02:44.0599 3360 TermService - ok

23:02:44.0658 3360 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

23:02:44.0661 3360 Themes - ok

23:02:44.0708 3360 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

23:02:44.0710 3360 THREADORDER - ok

23:02:44.0752 3360 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

23:02:44.0756 3360 TrkWks - ok

23:02:44.0845 3360 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:02:44.0850 3360 TrustedInstaller - ok

23:02:44.0899 3360 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:02:44.0901 3360 tssecsrv - ok

23:02:44.0963 3360 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:02:44.0972 3360 TsUsbFlt - ok

23:02:44.0986 3360 tsusbhub - ok

23:02:45.0027 3360 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:02:45.0029 3360 tunnel - ok

23:02:45.0063 3360 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:02:45.0070 3360 uagp35 - ok

23:02:45.0126 3360 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:02:45.0133 3360 udfs - ok

23:02:45.0175 3360 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:02:45.0178 3360 UI0Detect - ok

23:02:45.0200 3360 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:02:45.0202 3360 uliagpkx - ok

23:02:45.0252 3360 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

23:02:45.0253 3360 umbus - ok

23:02:45.0280 3360 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:02:45.0453 3360 UmPass - ok

23:02:45.0503 3360 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

23:02:45.0509 3360 UmRdpService - ok

23:02:45.0546 3360 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

23:02:45.0551 3360 upnphost - ok

23:02:45.0586 3360 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:02:45.0588 3360 usbccgp - ok

23:02:45.0616 3360 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:02:45.0619 3360 usbcir - ok

23:02:45.0642 3360 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:02:45.0644 3360 usbehci - ok

23:02:45.0738 3360 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:02:45.0741 3360 usbhub - ok

23:02:45.0760 3360 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

23:02:45.0761 3360 usbohci - ok

23:02:45.0834 3360 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:02:45.0835 3360 usbprint - ok

23:02:45.0855 3360 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

23:02:45.0858 3360 USBSTOR - ok

23:02:45.0886 3360 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

23:02:45.0888 3360 usbuhci - ok

23:02:45.0969 3360 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

23:02:45.0971 3360 usbvideo - ok

23:02:46.0065 3360 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

23:02:46.0068 3360 UxSms - ok

23:02:46.0219 3360 [ 34812F7FAAFE329D15F55C4EB6DB44DA ] VASDeviceDrm C:\Windows\system32\drivers\vasdDev.sys

23:02:46.0276 3360 VASDeviceDrm - ok

23:02:46.0295 3360 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

23:02:46.0297 3360 VaultSvc - ok

23:02:46.0344 3360 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:02:46.0345 3360 vdrvroot - ok

23:02:46.0410 3360 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

23:02:46.0421 3360 vds - ok

23:02:46.0453 3360 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:02:46.0455 3360 vga - ok

23:02:46.0479 3360 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

23:02:46.0480 3360 VgaSave - ok

23:02:46.0520 3360 VGPU - ok

23:02:46.0581 3360 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:02:46.0586 3360 vhdmp - ok

23:02:46.0611 3360 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

23:02:46.0612 3360 viaide - ok

23:02:46.0638 3360 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

23:02:46.0643 3360 vmbus - ok

23:02:46.0709 3360 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

23:02:46.0710 3360 VMBusHID - ok

23:02:46.0738 3360 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:02:46.0740 3360 volmgr - ok

23:02:46.0818 3360 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:02:46.0826 3360 volmgrx - ok

23:02:46.0883 3360 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:02:46.0910 3360 volsnap - ok

23:02:47.0063 3360 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys

23:02:47.0065 3360 vpcbus - ok

23:02:47.0125 3360 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys

23:02:47.0126 3360 vpcnfltr - ok

23:02:47.0192 3360 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys

23:02:47.0194 3360 vpcusb - ok

23:02:47.0243 3360 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys

23:02:47.0247 3360 vpcvmm - ok

23:02:47.0293 3360 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:02:47.0314 3360 vsmraid - ok

23:02:47.0426 3360 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

23:02:47.0493 3360 VSS - ok

23:02:47.0827 3360 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

23:02:47.0833 3360 vToolbarUpdater12.2.6 - ok

23:02:47.0862 3360 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

23:02:47.0863 3360 vwifibus - ok

23:02:47.0952 3360 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

23:02:47.0953 3360 vwififlt - ok

23:02:48.0002 3360 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

23:02:48.0003 3360 vwifimp - ok

23:02:48.0069 3360 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

23:02:48.0092 3360 W32Time - ok

23:02:48.0125 3360 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:02:48.0127 3360 WacomPen - ok

23:02:48.0178 3360 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:02:48.0180 3360 WANARP - ok

23:02:48.0193 3360 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:02:48.0194 3360 Wanarpv6 - ok

23:02:48.0328 3360 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:02:48.0374 3360 WatAdminSvc - ok

23:02:48.0529 3360 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

23:02:48.0575 3360 wbengine - ok

23:02:48.0641 3360 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:02:48.0647 3360 WbioSrvc - ok

23:02:48.0776 3360 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:02:48.0786 3360 wcncsvc - ok

23:02:48.0813 3360 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:02:48.0817 3360 WcsPlugInService - ok

23:02:48.0862 3360 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:02:48.0863 3360 Wd - ok

23:02:48.0908 3360 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:02:48.0931 3360 Wdf01000 - ok

23:02:48.0962 3360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:02:48.0965 3360 WdiServiceHost - ok

23:02:48.0977 3360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:02:48.0980 3360 WdiSystemHost - ok

23:02:49.0022 3360 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

23:02:49.0042 3360 WebClient - ok

23:02:49.0088 3360 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:02:49.0094 3360 Wecsvc - ok

23:02:49.0127 3360 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:02:49.0130 3360 wercplsupport - ok

23:02:49.0156 3360 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:02:49.0160 3360 WerSvc - ok

23:02:49.0194 3360 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:02:49.0195 3360 WfpLwf - ok

23:02:49.0215 3360 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:02:49.0217 3360 WIMMount - ok

23:02:49.0233 3360 WinDefend - ok

23:02:49.0251 3360 WinHttpAutoProxySvc - ok

23:02:49.0331 3360 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:02:49.0334 3360 Winmgmt - ok

23:02:49.0474 3360 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

23:02:49.0532 3360 WinRM - ok

23:02:49.0627 3360 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

23:02:49.0636 3360 Wlansvc - ok

23:02:49.0757 3360 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:02:49.0758 3360 WmiAcpi - ok

23:02:49.0800 3360 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:02:49.0805 3360 wmiApSrv - ok

23:02:49.0892 3360 WMPNetworkSvc - ok

23:02:49.0940 3360 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:02:49.0964 3360 WPCSvc - ok

23:02:50.0051 3360 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:02:50.0054 3360 WPDBusEnum - ok

23:02:50.0094 3360 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:02:50.0114 3360 ws2ifsl - ok

23:02:50.0148 3360 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

23:02:50.0151 3360 wscsvc - ok

23:02:50.0164 3360 WSearch - ok

23:02:50.0479 3360 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

23:02:50.0500 3360 wuauserv - ok

23:02:50.0531 3360 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:02:50.0532 3360 WudfPf - ok

23:02:50.0664 3360 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:02:50.0694 3360 WUDFRd - ok

23:02:50.0734 3360 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:02:50.0737 3360 wudfsvc - ok

23:02:50.0789 3360 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

23:02:50.0796 3360 WwanSvc - ok

23:02:50.0883 3360 ================ Scan global ===============================

23:02:51.0106 3360 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:02:51.0158 3360 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

23:02:51.0174 3360 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

23:02:51.0220 3360 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:02:51.0247 3360 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

23:02:51.0251 3360 [Global] - ok

23:02:51.0256 3360 ================ Scan MBR ==================================

23:02:51.0279 3360 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:02:52.0178 3360 \Device\Harddisk0\DR0 - ok

23:02:52.0183 3360 ================ Scan VBR ==================================

23:02:52.0202 3360 [ 76965CAF4992CD12CC24D16FD676FD8D ] \Device\Harddisk0\DR0\Partition1

23:02:52.0204 3360 \Device\Harddisk0\DR0\Partition1 - ok

23:02:52.0242 3360 [ 40B9D2CF8F6A6FFD4C3117B398D26BAA ] \Device\Harddisk0\DR0\Partition2

23:02:52.0244 3360 \Device\Harddisk0\DR0\Partition2 - ok

23:02:52.0249 3360 ============================================================

23:02:52.0249 3360 Scan finished

23:02:52.0249 3360 ============================================================

23:02:52.0269 3352 Detected object count: 0

23:02:52.0269 3352 Actual detected object count: 0

Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

22:50:35.0028 2788 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

22:50:35.0029 2788 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~

Then.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

~~~~~~~~~~~~~~

Then....

Rescan the system with RogueKiller and post the new log, MrC

Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 09/06/2012 17:54:26

¤¤¤ Bad processes : 4 ¤¤¤

[sUSP PATH] mirc.exe -- C:\Users\Administrator\Desktop\mIRC\mirc.exe -> KILLED [TermProc]

[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤

[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND

[TASK][ROGUE ST] 4790 : wscript.exe -> FOUND

[TASK][sUSP PATH] {0D4477AE-5D36-4CEB-9C93-0E8BEADD9C94} : C:\Users\Administrator\Desktop\Etc\mbam-setup.exe -> FOUND

[TASK][sUSP PATH] {46669B29-3FC1-4435-85F2-4F1F3C2B431A} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND

[TASK][sUSP PATH] {837337D6-CC6C-48F7-ADD3-4CBD5C832BE1} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND

[TASK][sUSP PATH] {96D7FF85-05E8-428F-96F2-7D503F210BFD} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND

[TASK][sUSP PATH] {AA96AD37-D42E-412D-99FD-8B10305B2114} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND

[TASK][sUSP PATH] {D468B566-B10B-47EA-AAC6-C306F821DC2D} : C:\Users\Administrator\Desktop\Etc\mbam-setup.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHY2160BH ATA Device +++++

--- User ---

[MBR] e3d79d75ad63981da9872586b6a60f9b

[bSP] 8da9bf924a0dd795bb1ca07506e422fe : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140435 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 287611695 | Size: 12189 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Malware didn't find anything. Are the trojans gone?

Link to post
Share on other sites

Please create a new system restore point before you run ComboFix!!

If after running ComboFix you have trouble with the network on getting connected, please use system restore to correct the problem.

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.