Removal hangs

fordie66 · November 6, 2013

I have 9 PUP infections. When I try to remove these Maywarebytes hangs

I have tried Chameleon. It updates the database fine but then hangs when removing the malicious programs. I waited a full 10 minutes. Task manager indicated that the CPU was working at 3-50% but how long to wait?

I'm following the instructions on page: https://forums.malwarebytes.org/index.php?showtopic=9573

I have downloaded DDS and, with AVG off and internet cable unplugged, run it. The results are attached.

Thank you in advance,

Ian

attach.txt dds.txt

Psychotic · November 6, 2013

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

FreeSoundRecorder Toolbar
Search.us.com

Close the window.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe
Hit Scan and wait for the scan to finish.
Confirm the message but don´t uncheck anything.
Hit Clean
When the run is finished, it will open up a text file
Please post its contents within your next reply
You´ll find the log file at C:\AdwCleaner[s1].txt also

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

fordie66 · November 6, 2013

Hi Marius

Thanks for your help. I will work my way through the instructions and get back to you a bit later.

Kind regards

Ian

fordie66 · November 6, 2013

# AdwCleaner v3.011 - Report created 06/11/2013 at 18:22:41
# Updated 03/11/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\John\AppData\Local\Temp\CT2704262
Folder Deleted : C:\Users\John\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\John\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\John\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\John\AppData\LocalLow\FreeSoundRecorder
Folder Deleted : C:\Users\John\AppData\Roaming\Babylon
Folder Deleted : C:\Users\John\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\John\AppData\Roaming\Systweak
Folder Deleted : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\Smartbar
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\CT2704262
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\Extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\user.js
File Deleted : C:\Windows\System32\Tasks\RegClean Pro

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D448B287-0C7D-421E-975D-FDC7F0420C67}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D448B287-0C7D-421E-975D-FDC7F0420C67}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58256E86-E733-4B6B-A6B3-2129DB04EE34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73E77364-5EB6-48D4-A28A-D9A4BF0075CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A28B65C-4CE4-404E-B2E9-965A993DE637}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\FreeSoundRecorder
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\FreeSoundRecorder
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\FreeSoundRecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoundRecorder Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeSoundRecorder Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

-\\ Mozilla Firefox v25.0 (en-GB)

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\prefs.js ]

Line Deleted : user_pref("CT2704262.1000082.isDisplayHidden", "true");

Line Deleted : user_pref("CT2704262.2704262a129531303481232105000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU4MDk2NjkyOTQ1LCJ1cGRhdGVSZXNwVGltZSI6MTM1ODA5NjY5NjMyNSwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]
Line Deleted : user_pref("CT2704262.CT2704262ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyNzkyNDUlMjIlMkMlMjJ0aXRsZSUyMiUzQSUyMllvdSUyMGhhdmUlMjAlMjgyJTI5JTIwbG92ZSUyMG1lc3NhZ2VzJTIyJTJDJTIyYWR0ZXh0MS[...]
Line Deleted : user_pref("CT2704262.CT2704262current_term.enc", "AA==");
Line Deleted : user_pref("CT2704262.CT2704262sdate.enc", "MTM=");
Line Deleted : user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2704262.FirstTime", "true");
Line Deleted : user_pref("CT2704262.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2704262.InstallDate", "13/1/2013 9:04:42");
Line Deleted : user_pref("CT2704262.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT2704262.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vNjIvMjcwL0NUMjcwNDI2Mi9TaGFyaW5nL3RlbXAvNjM0NDQyNjQyNDYxMjMxMjUxXzI0UFgucG5nIiwiY29tcG9uZW50S[...]
Line Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion.enc", "Mi41LjA=");
Line Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime.enc", "MTM1ODA5NjY5NjMzMiA=");
Line Deleted : user_pref("CT2704262.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT2704262.UserID", "UN87133947685741820");
Line Deleted : user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2704262.autoDisableScopes", -1);
Line Deleted : user_pref("CT2704262.cbfirsttime.enc", "U3VuIEphbiAxMyAyMDEzIDA5OjA0OjU3IEdNVC0wODAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT2704262.countryCode", "CN");
Line Deleted : user_pref("CT2704262.defaultSearch", "false");
Line Deleted : user_pref("CT2704262.enableAlerts", "false");
Line Deleted : user_pref("CT2704262.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT2704262.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2704262.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2704262.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2704262.fixPageNotFoundErrorByUser", "false");
Line Deleted : user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2704262.fixUrls", true);
Line Deleted : user_pref("CT2704262.fullUserID", "UN87133947685741820.UP.20130627050540");
Line Deleted : user_pref("CT2704262.installId", "conduitnsisintegration");
Line Deleted : user_pref("CT2704262.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT2704262.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2704262.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2704262.isNewTabEnabled", false);
Line Deleted : user_pref("CT2704262.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT2704262.lastVersion", "10.21.1.507");
Line Deleted : user_pref("CT2704262.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fforums.malwarebytes.org%2Findex.php%3Fshowtopic%3D136101\",\"EB_MAIN_FRAME_TITLE\":\"Remova[...]
Line Deleted : user_pref("CT2704262.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2704262.openThankYouPage", "false");
Line Deleted : user_pref("CT2704262.openUninstallPage", "true");
Line Deleted : user_pref("CT2704262.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"01\\\\/13\\\\/2013 04\\\"}\"}");
Line Deleted : user_pref("CT2704262.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT2704262.search.searchAppId", "129234816889425546");
Line Deleted : user_pref("CT2704262.search.searchCount", "0");
Line Deleted : user_pref("CT2704262.searchInNewTabEnabled", "false");
Line Deleted : user_pref("CT2704262.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2704262.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}");

Line Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeSoundRecorder \"}");
Line Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2704262.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2704262.serviceLayer_services_Configuration_lastUpdate", "1383697657016");
Line Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1358096690447");
Line Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1358096690951");
Line Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1358096690939");
Line Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1358096693046");
Line Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1358096690434");
Line Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1358096690468");
Line Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1358096692202");
Line Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1358096693771");
Line Deleted : user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358096689501");
Line Deleted : user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1358096689453");
Line Deleted : user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358096691080");
Line Deleted : user_pref("CT2704262.serviceLayer_services_location_lastUpdate", "1368784105992");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358535073167");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359397717697");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360820187212");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.14.65.43_lastUpdate", "1372200044629");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366350921509");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368784132529");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374630406009");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377686534338");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378808612965");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380406556668");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382608833495");
Line Deleted : user_pref("CT2704262.serviceLayer_services_login_10.21.1.507_lastUpdate", "1383732332725");
Line Deleted : user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358096690719");
Line Deleted : user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1383697656736");
Line Deleted : user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1383697656205");
Line Deleted : user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358096690690");
Line Deleted : user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1383732596976");
Line Deleted : user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1383697654756");
Line Deleted : user_pref("CT2704262.serviceLayer_services_userApps_lastUpdate", "1358096692601");
Line Deleted : user_pref("CT2704262.settingsINI", true);
Line Deleted : user_pref("CT2704262.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2704262.showToolbarPermission", "false");
Line Deleted : user_pref("CT2704262.smartbar.CTID", "CT2704262");
Line Deleted : user_pref("CT2704262.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2704262.smartbar.isHidden", true);
Line Deleted : user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");
Line Deleted : user_pref("CT2704262.startPage", "false");
Line Deleted : user_pref("CT2704262.toolbarBornServerTime", "13-1-2013");
Line Deleted : user_pref("CT2704262.toolbarCurrentServerTime", "6-11-2013");
Line Deleted : user_pref("CT2704262.toolbarLoginClientTime", "Mon Mar 25 2013 05:43:37 GMT+0800 (China Standard Time)");
Line Deleted : user_pref("CT2704262_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383725107800,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.machineId", "JZ++I0ABSSSL3WBRVE6GPCYMTQ3NAWEZEM4C2TWJ2NP67J81ZCUGDEQTMNN9PULNEP2HQJ2CG13GGGKDD6YS8G");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [22070 octets] - [06/11/2013 18:18:50]
AdwCleaner[R1].txt - [21445 octets] - [06/11/2013 18:21:57]
AdwCleaner[s0].txt - [1145 octets] - [06/11/2013 18:19:48]
AdwCleaner[s1].txt - [21483 octets] - [06/11/2013 18:22:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [21544 octets] ##########

fordie66 · November 6, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista Home Premium x86
Ran by John on 06/11/2013 at 19:04:26.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1002774398-929367116-400480874-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AE5D85CF-A60D-4601-B916-DC0938C38807}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\qualitink"
Successfully deleted: [Folder] "C:\Program Files\regzooka"

~~~ FireFox

Successfully deleted: [File] C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\i18phos6.default\extensions\trtv3@trtv.com.xpi
Successfully deleted the following from C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\i18phos6.default\prefs.js

user_pref("extensions.seoquake.params.370.icon", "AAABAAEAEBAAAAAAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD///8B////Af///wHp6en/ubm5/4ODg/+JiYn/YmJi/
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\i18phos6.default\minidumps [146 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/11/2013 at 19:11:29.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fordie66 · November 6, 2013

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-06 19:47:17
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4B 931.51GB
Running: dvllpswz.exe; Driver: C:\Users\John\AppData\Local\Temp\kwtdypog.sys

---- System - GMER 2.1 ----

SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwAssignProcessToJobObject [0x91D173F0]
SSDT            \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ZwClose [0x914F68A0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwCreateFile [0x91D156F0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwDeleteFile [0x91D16190]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwDeleteKey [0x91D18EC0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwDeleteValueKey [0x91D18F60]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwLoadKey [0x91D19330]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                         ZwNotifyChangeKey [0x914015D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                         ZwNotifyChangeMultipleKeys [0x91401700]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwOpenFile [0x91D15FA0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                         ZwOpenProcess [0x91401010]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwOpenThread [0x91D17A20]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwProtectVirtualMemory [0x91D17C50]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwQueryValueKey [0x91D191E0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwRenameKey [0x91D19020]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwReplaceKey [0x91D190C0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwRestoreKey [0x91D19150]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwSetContextThread [0x91D17300]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwSetInformationFile [0x91D16330]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                              ZwSetValueKey [0x91D18D80]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                         ZwSuspendProcess [0x91401300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                         ZwSuspendThread [0x914013E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                         ZwTerminateProcess [0x91401120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                         ZwTerminateThread [0x91401210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                         ZwWriteVirtualMemory [0x914014D0]
SSDT            \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ZwCreateThreadEx [0x914F71E0]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp                                                                              avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp                                                                              avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp                                                                            avgtdix.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName                            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy119.gthr
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber                          120

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                unknown MBR code

---- EOF - GMER 2.1 ----

Psychotic · November 6, 2013

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

fordie66 · November 6, 2013

20:40:40.0683 5788 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:40:41.0307 5788 ============================================================
20:40:41.0307 5788 Current date / time: 2013/11/06 20:40:41.0307
20:40:41.0307 5788 SystemInfo:
20:40:41.0307 5788
20:40:41.0307 5788 OS Version: 6.0.6002 ServicePack: 2.0
20:40:41.0307 5788 Product type: Workstation
20:40:41.0307 5788 ComputerName: JOHN-PC
20:40:41.0307 5788 UserName: John
20:40:41.0307 5788 Windows directory: C:\Windows
20:40:41.0307 5788 System windows directory: C:\Windows
20:40:41.0307 5788 Processor architecture: Intel x86
20:40:41.0307 5788 Number of processors: 2
20:40:41.0307 5788 Page size: 0x1000
20:40:41.0307 5788 Boot type: Normal boot
20:40:41.0307 5788 ============================================================
20:40:42.0212 5788 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:40:42.0227 5788 ============================================================
20:40:42.0227 5788 \Device\Harddisk0\DR0:
20:40:42.0227 5788 MBR partitions:
20:40:42.0227 5788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7801F1A
20:40:42.0243 5788 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7801F98, BlocksNum 0x9C41AD8
20:40:42.0259 5788 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11443AAF, BlocksNum 0x29810511
20:40:42.0259 5788 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3AC53FFF, BlocksNum 0x39AB19C2
20:40:42.0259 5788 ============================================================
20:40:42.0290 5788 C: <-> \Device\Harddisk0\DR0\Partition1
20:40:42.0352 5788 D: <-> \Device\Harddisk0\DR0\Partition2
20:40:42.0399 5788 E: <-> \Device\Harddisk0\DR0\Partition3
20:40:42.0461 5788 F: <-> \Device\Harddisk0\DR0\Partition4
20:40:42.0461 5788 ============================================================
20:40:42.0461 5788 Initialize success
20:40:42.0461 5788 ============================================================
20:40:45.0301 3348 ============================================================
20:40:45.0301 3348 Scan started
20:40:45.0301 3348 Mode: Manual;
20:40:45.0301 3348 ============================================================
20:40:45.0940 3348 ================ Scan system memory ========================
20:40:45.0940 3348 System memory - ok
20:40:45.0940 3348 ================ Scan services =============================
20:40:47.0828 3348 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:40:47.0875 3348 ACPI - ok
20:40:48.0015 3348 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:40:48.0015 3348 AdobeARMservice - ok
20:40:48.0046 3348 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:40:48.0062 3348 AdobeFlashPlayerUpdateSvc - ok
20:40:48.0077 3348 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:40:48.0077 3348 adp94xx - ok
20:40:48.0109 3348 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:40:48.0109 3348 adpahci - ok
20:40:48.0124 3348 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:40:48.0124 3348 adpu160m - ok
20:40:48.0140 3348 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:40:48.0140 3348 adpu320 - ok
20:40:48.0171 3348 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:40:48.0171 3348 AeLookupSvc - ok
20:40:48.0187 3348 [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
20:40:48.0187 3348 AFD - ok
20:40:48.0202 3348 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:40:48.0202 3348 agp440 - ok
20:40:48.0218 3348 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:40:48.0218 3348 aic78xx - ok
20:40:48.0249 3348 [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
20:40:48.0249 3348 ALG - ok
20:40:48.0280 3348 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:40:48.0280 3348 aliide - ok
20:40:48.0296 3348 [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:40:48.0296 3348 amdagp - ok
20:40:48.0311 3348 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:40:48.0311 3348 amdide - ok
20:40:48.0327 3348 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
20:40:48.0327 3348 AmdK7 - ok
20:40:48.0343 3348 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:40:48.0343 3348 AmdK8 - ok
20:40:48.0358 3348 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
20:40:48.0358 3348 Appinfo - ok
20:40:48.0374 3348 [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
20:40:48.0374 3348 arc - ok
20:40:48.0389 3348 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:40:48.0389 3348 arcsas - ok
20:40:48.0452 3348 [ 54AB80D7F53E0C228A3F0FDB167DC83E ] ASOVPNHelper    C:\Program Files\Astrill\ASOvpnSvc.exe
20:40:48.0452 3348 ASOVPNHelper - ok
20:40:48.0483 3348 [ 1B69B335F6BCD85C104F8C674660D6D6 ] ASProxy         C:\Program Files\Astrill\ASProxy.exe
20:40:48.0499 3348 ASProxy - ok
20:40:48.0530 3348 [ FA1F8B44242E0817F4B1BE2EE7979DF0 ] asvpndrv        C:\Windows\system32\DRIVERS\asvpndrv.sys
20:40:48.0545 3348 asvpndrv - ok
20:40:48.0561 3348 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:40:48.0577 3348 AsyncMac - ok
20:40:48.0577 3348 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:40:48.0577 3348 atapi - ok
20:40:48.0623 3348 [ FD59145571041180F54A620FB8159746 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:40:48.0639 3348 Ati External Event Utility - ok
20:40:48.0701 3348 [ 514771DF4C8E653126C6DD7EE3661766 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:40:48.0764 3348 atikmdag - ok
20:40:48.0795 3348 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:40:48.0795 3348 AudioEndpointBuilder - ok
20:40:48.0795 3348 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:40:48.0811 3348 Audiosrv - ok
20:40:48.0951 3348 [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
20:40:48.0982 3348 AVGIDSAgent - ok
20:40:49.0013 3348 [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
20:40:49.0045 3348 AVGIDSDriver - ok
20:40:49.0076 3348 [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
20:40:49.0091 3348 AVGIDSHX - ok
20:40:49.0107 3348 [ 2717EBC35166B8793DBFFB4390B8F2E7 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
20:40:49.0107 3348 AVGIDSShim - ok
20:40:49.0123 3348 [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
20:40:49.0123 3348 Avgldx86 - ok
20:40:49.0154 3348 [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
20:40:49.0154 3348 Avglogx - ok
20:40:49.0169 3348 [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
20:40:49.0185 3348 Avgmfx86 - ok
20:40:49.0201 3348 [ CBCE8ED318DB8EA431F9D25AC9B7FF41 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
20:40:49.0201 3348 Avgrkx86 - ok
20:40:49.0216 3348 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
20:40:49.0216 3348 Avgtdix - ok
20:40:49.0232 3348 [ 15ACA2AD17ACECA4814F249783E63AD3 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
20:40:49.0232 3348 avgtp - ok
20:40:49.0263 3348 [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
20:40:49.0263 3348 avgwd - ok
20:40:49.0263 3348 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:40:49.0263 3348 Beep - ok
20:40:49.0294 3348 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
20:40:49.0310 3348 BFE - ok
20:40:49.0388 3348 [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
20:40:49.0388 3348 BITS - ok
20:40:49.0403 3348 [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:40:49.0419 3348 blbdrive - ok
20:40:49.0435 3348 [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:40:49.0435 3348 bowser - ok
20:40:49.0450 3348 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:40:49.0450 3348 BrFiltLo - ok
20:40:49.0450 3348 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:40:49.0466 3348 BrFiltUp - ok
20:40:49.0481 3348 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
20:40:49.0481 3348 Browser - ok
20:40:49.0497 3348 [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:40:49.0497 3348 Brserid - ok
20:40:49.0513 3348 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:40:49.0513 3348 BrSerWdm - ok
20:40:49.0528 3348 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:40:49.0528 3348 BrUsbMdm - ok
20:40:49.0528 3348 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:40:49.0544 3348 BrUsbSer - ok
20:40:49.0559 3348 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:40:49.0559 3348 BTHMODEM - ok
20:40:49.0591 3348 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:40:49.0591 3348 cdfs - ok
20:40:49.0622 3348 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:40:49.0622 3348 cdrom - ok
20:40:49.0653 3348 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:40:49.0653 3348 CertPropSvc - ok
20:40:49.0684 3348 [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
20:40:49.0700 3348 circlass - ok
20:40:49.0731 3348 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
20:40:49.0747 3348 CLFS - ok
20:40:49.0809 3348 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:40:49.0809 3348 clr_optimization_v2.0.50727_32 - ok
20:40:49.0856 3348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:40:49.0856 3348 clr_optimization_v4.0.30319_32 - ok
20:40:49.0871 3348 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:40:49.0871 3348 cmdide - ok
20:40:49.0903 3348 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:40:49.0903 3348 Compbatt - ok
20:40:49.0903 3348 COMSysApp - ok
20:40:49.0934 3348 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:40:49.0934 3348 crcdisk - ok
20:40:49.0934 3348 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:40:49.0934 3348 Crusoe - ok
20:40:49.0981 3348 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:40:49.0981 3348 CryptSvc - ok
20:40:50.0027 3348 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:40:50.0027 3348 DcomLaunch - ok
20:40:50.0059 3348 [ 96C25C84D31F3569E579BAA434A85174 ] dfg             C:\Windows\system32\drivers\dfg.sys
20:40:50.0074 3348 dfg - ok
20:40:50.0121 3348 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:40:50.0121 3348 DfsC - ok
20:40:50.0168 3348 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
20:40:50.0215 3348 DFSR - ok
20:40:50.0246 3348 [ 54D0B8343CE8C22412A5F29D32EFD211 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:40:50.0246 3348 dg_ssudbus - ok
20:40:50.0277 3348 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:40:50.0277 3348 Dhcp - ok
20:40:50.0293 3348 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
20:40:50.0293 3348 disk - ok
20:40:50.0324 3348 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:40:50.0324 3348 Dnscache - ok
20:40:50.0355 3348 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:40:50.0355 3348 dot3svc - ok
20:40:50.0386 3348 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:40:50.0386 3348 Dot4 - ok
20:40:50.0417 3348 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:40:50.0417 3348 Dot4Print - ok
20:40:50.0433 3348 [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:40:50.0449 3348 dot4usb - ok
20:40:50.0464 3348 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
20:40:50.0464 3348 DPS - ok
20:40:50.0480 3348 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:40:50.0480 3348 drmkaud - ok
20:40:50.0511 3348 [ 988670D8343EF9835FB3659DB71B2EFA ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:40:50.0527 3348 DXGKrnl - ok
20:40:50.0542 3348 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
20:40:50.0542 3348 E1G60 - ok
20:40:50.0573 3348 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
20:40:50.0573 3348 EapHost - ok
20:40:50.0605 3348 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:40:50.0605 3348 Ecache - ok
20:40:50.0651 3348 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:40:50.0667 3348 ehRecvr - ok
20:40:50.0683 3348 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
20:40:50.0683 3348 ehSched - ok
20:40:50.0698 3348 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
20:40:50.0698 3348 ehstart - ok
20:40:50.0714 3348 [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:40:50.0714 3348 elxstor - ok
20:40:50.0745 3348 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:40:50.0745 3348 EMDMgmt - ok
20:40:50.0761 3348 [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:40:50.0776 3348 ErrDev - ok
20:40:50.0807 3348 esgiguard - ok
20:40:50.0854 3348 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
20:40:50.0854 3348 EventSystem - ok
20:40:50.0885 3348 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
20:40:50.0885 3348 exfat - ok
20:40:50.0901 3348 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:40:50.0901 3348 fastfat - ok
20:40:50.0948 3348 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:40:50.0948 3348 fdc - ok
20:40:50.0948 3348 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:40:50.0948 3348 fdPHost - ok
20:40:50.0963 3348 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:40:50.0963 3348 FDResPub - ok
20:40:50.0979 3348 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:40:50.0979 3348 FileInfo - ok
20:40:50.0979 3348 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:40:50.0995 3348 Filetrace - ok
20:40:51.0010 3348 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:40:51.0010 3348 flpydisk - ok
20:40:51.0041 3348 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:40:51.0057 3348 FltMgr - ok
20:40:51.0104 3348 [ 2AFA3A46986AE935DAECEBC7E66314CF ] FontCache       C:\Windows\system32\FntCache.dll
20:40:51.0104 3348 FontCache - ok
20:40:51.0151 3348 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:40:51.0151 3348 FontCache3.0.0.0 - ok
20:40:51.0166 3348 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:40:51.0166 3348 Fs_Rec - ok
20:40:51.0197 3348 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:40:51.0197 3348 gagp30kx - ok
20:40:51.0229 3348 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:40:51.0229 3348 gpsvc - ok
20:40:51.0291 3348 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:40:51.0291 3348 gupdate - ok
20:40:51.0307 3348 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:40:51.0307 3348 gupdatem - ok
20:40:51.0322 3348 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:40:51.0338 3348 HdAudAddService - ok
20:40:51.0369 3348 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:40:51.0369 3348 HDAudBus - ok
20:40:51.0385 3348 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:40:51.0385 3348 HidBth - ok
20:40:51.0400 3348 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:40:51.0400 3348 HidIr - ok
20:40:51.0431 3348 [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
20:40:51.0431 3348 hidserv - ok
20:40:51.0447 3348 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:40:51.0447 3348 HidUsb - ok
20:40:51.0463 3348 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:40:51.0463 3348 hkmsvc - ok
20:40:51.0478 3348 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:40:51.0478 3348 HpCISSs - ok
20:40:51.0525 3348 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:40:51.0541 3348 hpqcxs08 - ok
20:40:51.0541 3348 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:40:51.0556 3348 hpqddsvc - ok
20:40:51.0603 3348 [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:40:51.0603 3348 HTTP - ok
20:40:51.0619 3348 [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:40:51.0619 3348 i2omp - ok
20:40:51.0634 3348 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:40:51.0634 3348 i8042prt - ok
20:40:51.0665 3348 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:40:51.0681 3348 iaStorV - ok
20:40:51.0712 3348 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:40:51.0728 3348 IDriverT - ok
20:40:51.0775 3348 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:40:51.0775 3348 idsvc - ok
20:40:51.0806 3348 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:40:51.0806 3348 iirsp - ok
20:40:51.0821 3348 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:40:51.0821 3348 IKEEXT - ok
20:40:51.0868 3348 [ EDC37B918E583A5A813C53D4F5588255 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:40:51.0899 3348 IntcAzAudAddService - ok
20:40:51.0915 3348 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:40:51.0915 3348 intelide - ok
20:40:51.0931 3348 [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:40:51.0931 3348 intelppm - ok
20:40:51.0946 3348 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:40:51.0962 3348 IPBusEnum - ok
20:40:51.0962 3348 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:40:51.0962 3348 IpFilterDriver - ok
20:40:51.0977 3348 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:40:51.0977 3348 iphlpsvc - ok
20:40:51.0977 3348 IpInIp - ok
20:40:51.0993 3348 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:40:52.0009 3348 IPMIDRV - ok
20:40:52.0024 3348 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:40:52.0024 3348 IPNAT - ok
20:40:52.0024 3348 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:40:52.0024 3348 IRENUM - ok
20:40:52.0040 3348 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:40:52.0040 3348 isapnp - ok
20:40:52.0055 3348 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:40:52.0055 3348 iScsiPrt - ok
20:40:52.0071 3348 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:40:52.0071 3348 iteatapi - ok
20:40:52.0087 3348 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:40:52.0087 3348 iteraid - ok
20:40:52.0102 3348 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:40:52.0102 3348 kbdclass - ok
20:40:52.0118 3348 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:40:52.0118 3348 kbdhid - ok
20:40:52.0133 3348 [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
20:40:52.0149 3348 KeyIso - ok
20:40:52.0196 3348 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:40:52.0196 3348 KSecDD - ok
20:40:52.0227 3348 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:40:52.0227 3348 KtmRm - ok
20:40:52.0258 3348 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:40:52.0258 3348 LanmanServer - ok
20:40:52.0289 3348 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:40:52.0289 3348 LanmanWorkstation - ok
20:40:52.0321 3348 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:40:52.0321 3348 lltdio - ok
20:40:52.0336 3348 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:40:52.0336 3348 lltdsvc - ok
20:40:52.0336 3348 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:40:52.0336 3348 lmhosts - ok
20:40:52.0352 3348 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:40:52.0367 3348 LSI_FC - ok
20:40:52.0383 3348 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:40:52.0383 3348 LSI_SAS - ok
20:40:52.0383 3348 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:40:52.0383 3348 LSI_SCSI - ok
20:40:52.0399 3348 [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
20:40:52.0399 3348 luafv - ok
20:40:52.0461 3348 [ D6767D36902E4B9F9EBB2DDD3BBF1A35 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
20:40:52.0461 3348 mbamchameleon - ok
20:40:52.0477 3348 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:40:52.0477 3348 MBAMProtector - ok
20:40:52.0492 3348 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:40:52.0508 3348 MBAMScheduler - ok
20:40:52.0523 3348 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:40:52.0539 3348 MBAMService - ok
20:40:52.0555 3348 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:40:52.0555 3348 Mcx2Svc - ok
20:40:52.0570 3348 [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:40:52.0570 3348 megasas - ok
20:40:52.0601 3348 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:40:52.0601 3348 MegaSR - ok
20:40:52.0757 3348 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:40:52.0757 3348 Microsoft Office Groove Audit Service - ok
20:40:52.0789 3348 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
20:40:52.0789 3348 MMCSS - ok
20:40:52.0820 3348 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
20:40:52.0835 3348 Modem - ok
20:40:52.0867 3348 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:40:52.0882 3348 monitor - ok
20:40:52.0945 3348 [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:40:52.0945 3348 mouclass - ok
20:40:52.0960 3348 [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:40:52.0960 3348 mouhid - ok
20:40:52.0960 3348 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:40:52.0960 3348 MountMgr - ok
20:40:53.0007 3348 [ 5D494509432897338AFC19DB78A76DCB ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:40:53.0007 3348 MozillaMaintenance - ok
20:40:53.0023 3348 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:40:53.0023 3348 mpio - ok
20:40:53.0038 3348 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:40:53.0038 3348 mpsdrv - ok
20:40:53.0054 3348 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:40:53.0069 3348 MpsSvc - ok
20:40:53.0085 3348 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:40:53.0085 3348 Mraid35x - ok
20:40:53.0101 3348 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:40:53.0101 3348 MRxDAV - ok
20:40:53.0116 3348 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:40:53.0116 3348 mrxsmb - ok
20:40:53.0132 3348 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:40:53.0132 3348 mrxsmb10 - ok
20:40:53.0147 3348 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:40:53.0147 3348 mrxsmb20 - ok
20:40:53.0179 3348 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
20:40:53.0179 3348 msahci - ok
20:40:53.0194 3348 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:40:53.0194 3348 msdsm - ok
20:40:53.0225 3348 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
20:40:53.0225 3348 MSDTC - ok
20:40:53.0241 3348 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:40:53.0241 3348 Msfs - ok
20:40:53.0257 3348 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:40:53.0257 3348 msisadrv - ok
20:40:53.0288 3348 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:40:53.0288 3348 MSiSCSI - ok
20:40:53.0288 3348 msiserver - ok
20:40:53.0303 3348 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:40:53.0303 3348 MSKSSRV - ok
20:40:53.0303 3348 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:40:53.0319 3348 MSPCLOCK - ok
20:40:53.0335 3348 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:40:53.0335 3348 MSPQM - ok
20:40:53.0366 3348 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:40:53.0366 3348 MsRPC - ok
20:40:53.0381 3348 [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:40:53.0381 3348 mssmbios - ok
20:40:53.0381 3348 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:40:53.0381 3348 MSTEE - ok
20:40:53.0428 3348 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
20:40:53.0428 3348 Mup - ok
20:40:53.0444 3348 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
20:40:53.0444 3348 napagent - ok
20:40:53.0459 3348 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:40:53.0475 3348 NativeWifiP - ok
20:40:53.0491 3348 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:40:53.0506 3348 NDIS - ok
20:40:53.0506 3348 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:40:53.0506 3348 NdisTapi - ok
20:40:53.0522 3348 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:40:53.0522 3348 Ndisuio - ok
20:40:53.0569 3348 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:40:53.0569 3348 NdisWan - ok
20:40:53.0584 3348 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:40:53.0600 3348 NDProxy - ok
20:40:53.0615 3348 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:40:53.0631 3348 Net Driver HPZ12 - ok
20:40:53.0647 3348 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:40:53.0647 3348 NetBIOS - ok
20:40:53.0662 3348 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:40:53.0662 3348 netbt - ok
20:40:53.0678 3348 [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
20:40:53.0678 3348 Netlogon - ok
20:40:53.0693 3348 [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
20:40:53.0693 3348 Netman - ok
20:40:53.0709 3348 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
20:40:53.0709 3348 netprofm - ok
20:40:53.0725 3348 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:40:53.0725 3348 NetTcpPortSharing - ok
20:40:53.0756 3348 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:40:53.0756 3348 nfrd960 - ok
20:40:53.0771 3348 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:40:53.0771 3348 NlaSvc - ok
20:40:53.0818 3348 [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\Windows\system32\drivers\npf.sys
20:40:53.0818 3348 NPF - ok
20:40:53.0834 3348 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:40:53.0834 3348 Npfs - ok
20:40:53.0849 3348 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
20:40:53.0849 3348 nsi - ok
20:40:53.0865 3348 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:40:53.0865 3348 nsiproxy - ok
20:40:53.0896 3348 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:40:53.0912 3348 Ntfs - ok
20:40:53.0927 3348 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
20:40:53.0927 3348 ntrigdigi - ok
20:40:53.0943 3348 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
20:40:53.0943 3348 Null - ok
20:40:53.0974 3348 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:40:53.0974 3348 nvraid - ok
20:40:53.0974 3348 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:40:53.0990 3348 nvstor - ok
20:40:54.0005 3348 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:40:54.0005 3348 nv_agp - ok
20:40:54.0021 3348 NwlnkFlt - ok
20:40:54.0021 3348 NwlnkFwd - ok
20:40:54.0099 3348 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:40:54.0115 3348 odserv - ok
20:40:54.0115 3348 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:40:54.0130 3348 ohci1394 - ok
20:40:54.0146 3348 [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:40:54.0146 3348 ose - ok
20:40:54.0177 3348 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:40:54.0177 3348 p2pimsvc - ok
20:40:54.0193 3348 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:40:54.0208 3348 p2psvc - ok
20:40:54.0224 3348 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
20:40:54.0224 3348 Parport - ok
20:40:54.0255 3348 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:40:54.0271 3348 partmgr - ok
20:40:54.0286 3348 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:40:54.0286 3348 Parvdm - ok
20:40:54.0286 3348 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:40:54.0302 3348 PcaSvc - ok
20:40:54.0333 3348 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
20:40:54.0333 3348 pci - ok
20:40:54.0349 3348 [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
20:40:54.0349 3348 pciide - ok
20:40:54.0364 3348 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:40:54.0364 3348 pcmcia - ok
20:40:54.0380 3348 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:40:54.0411 3348 PEAUTH - ok
20:40:54.0442 3348 [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
20:40:54.0473 3348 pla - ok
20:40:54.0489 3348 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:40:54.0505 3348 PlugPlay - ok
20:40:54.0520 3348 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:40:54.0520 3348 Pml Driver HPZ12 - ok
20:40:54.0536 3348 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:40:54.0536 3348 PNRPAutoReg - ok
20:40:54.0567 3348 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:40:54.0567 3348 PNRPsvc - ok
20:40:54.0614 3348 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:40:54.0614 3348 PolicyAgent - ok
20:40:54.0645 3348 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:40:54.0645 3348 PptpMiniport - ok
20:40:54.0661 3348 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
20:40:54.0676 3348 Processor - ok
20:40:54.0707 3348 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:40:54.0723 3348 ProfSvc - ok
20:40:54.0723 3348 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:40:54.0723 3348 ProtectedStorage - ok
20:40:54.0739 3348 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:40:54.0754 3348 PSched - ok
20:40:54.0863 3348 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:40:54.0863 3348 ql2300 - ok
20:40:54.0895 3348 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:40:54.0895 3348 ql40xx - ok
20:40:54.0910 3348 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
20:40:54.0910 3348 QWAVE - ok
20:40:54.0926 3348 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:40:54.0926 3348 QWAVEdrv - ok
20:40:55.0082 3348 [ AB51E1F08C8E789D6C9E8B94D15BE9A9 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
20:40:55.0082 3348 RapportCerberus_59849 - ok
20:40:55.0160 3348 [ 9D52A4DEB9F28CC41EB61346E3808E4D ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:40:55.0160 3348 RapportEI - ok
20:40:55.0175 3348 [ 4136175FABB89CB493DF1D237DB50CF4 ] RapportKELL     C:\Windows\system32\Drivers\RapportKELL.sys
20:40:55.0175 3348 RapportKELL - ok
20:40:55.0222 3348 [ 02396BD77121751A738444325E1F14E8 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
20:40:55.0222 3348 RapportMgmtService - ok
20:40:55.0269 3348 [ A9B99416DE6CADEE2D3C369B634F20F1 ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:40:55.0285 3348 RapportPG - ok
20:40:55.0285 3348 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:40:55.0300 3348 RasAcd - ok
20:40:55.0300 3348 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
20:40:55.0300 3348 RasAuto - ok
20:40:55.0316 3348 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:40:55.0331 3348 Rasl2tp - ok
20:40:55.0363 3348 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
20:40:55.0378 3348 RasMan - ok
20:40:55.0394 3348 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:40:55.0394 3348 RasPppoe - ok
20:40:55.0425 3348 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:40:55.0425 3348 RasSstp - ok
20:40:55.0456 3348 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:40:55.0456 3348 rdbss - ok
20:40:55.0456 3348 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:40:55.0472 3348 RDPCDD - ok
20:40:55.0487 3348 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:40:55.0487 3348 rdpdr - ok
20:40:55.0503 3348 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:40:55.0503 3348 RDPENCDD - ok
20:40:55.0519 3348 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:40:55.0519 3348 RDPWD - ok
20:40:55.0550 3348 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:40:55.0550 3348 RemoteAccess - ok
20:40:55.0565 3348 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:40:55.0565 3348 RemoteRegistry - ok
20:40:55.0581 3348 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
20:40:55.0581 3348 RpcLocator - ok
20:40:55.0597 3348 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
20:40:55.0597 3348 RpcSs - ok
20:40:55.0612 3348 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:40:55.0612 3348 rspndr - ok
20:40:55.0643 3348 [ 1AA29238D4B14F4A20B2C4AAEA6E0F6E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
20:40:55.0643 3348 RTHDMIAzAudService - ok
20:40:55.0659 3348 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
20:40:55.0675 3348 RTL8169 - ok
20:40:55.0675 3348 [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
20:40:55.0675 3348 SamSs - ok
20:40:55.0690 3348 [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:40:55.0706 3348 sbp2port - ok
20:40:55.0721 3348 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:40:55.0737 3348 SCardSvr - ok
20:40:55.0753 3348 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
20:40:55.0768 3348 Schedule - ok
20:40:55.0768 3348 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:40:55.0768 3348 SCPolicySvc - ok
20:40:55.0784 3348 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:40:55.0799 3348 SDRSVC - ok
20:40:55.0799 3348 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:40:55.0799 3348 secdrv - ok
20:40:55.0815 3348 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
20:40:55.0831 3348 seclogon - ok
20:40:55.0846 3348 [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
20:40:55.0846 3348 SENS - ok
20:40:55.0862 3348 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:40:55.0862 3348 Serenum - ok
20:40:55.0893 3348 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
20:40:55.0893 3348 Serial - ok
20:40:55.0893 3348 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:40:55.0893 3348 sermouse - ok
20:40:55.0940 3348 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:40:55.0940 3348 SessionEnv - ok
20:40:55.0955 3348 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:40:55.0971 3348 sffdisk - ok
20:40:55.0987 3348 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:40:55.0987 3348 sffp_mmc - ok
20:40:56.0018 3348 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:40:56.0018 3348 sffp_sd - ok
20:40:56.0033 3348 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:40:56.0033 3348 sfloppy - ok
20:40:56.0065 3348 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:40:56.0065 3348 SharedAccess - ok
20:40:56.0111 3348 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:40:56.0111 3348 ShellHWDetection - ok
20:40:56.0127 3348 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:40:56.0143 3348 sisagp - ok
20:40:56.0158 3348 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:40:56.0158 3348 SiSRaid2 - ok
20:40:56.0174 3348 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:40:56.0174 3348 SiSRaid4 - ok
20:40:56.0267 3348 [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:40:56.0299 3348 Skype C2C Service - ok
20:40:56.0361 3348 [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
20:40:56.0377 3348 SkypeUpdate - ok
20:40:56.0439 3348 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
20:40:56.0455 3348 slsvc - ok
20:40:56.0486 3348 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:40:56.0486 3348 SLUINotify - ok
20:40:56.0517 3348 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:40:56.0517 3348 Smb - ok
20:40:56.0533 3348 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:40:56.0533 3348 SNMPTRAP - ok
20:40:56.0548 3348 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
20:40:56.0564 3348 spldr - ok
20:40:56.0564 3348 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
20:40:56.0579 3348 Spooler - ok
20:40:56.0595 3348 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:40:56.0595 3348 srv - ok
20:40:56.0611 3348 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:40:56.0611 3348 srv2 - ok
20:40:56.0626 3348 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:40:56.0626 3348 srvnet - ok
20:40:56.0673 3348 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:40:56.0673 3348 SSDPSRV - ok
20:40:56.0689 3348 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:40:56.0689 3348 SstpSvc - ok
20:40:56.0720 3348 [ D2C02234E3E87EA5FE420F045068099B ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:40:56.0720 3348 ssudmdm - ok
20:40:56.0751 3348 [ E97F09A7EC9C45B7060FE45BC620766C ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
20:40:56.0767 3348 ssudserd - ok
20:40:56.0782 3348 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
20:40:56.0798 3348 stisvc - ok
20:40:56.0813 3348 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:40:56.0813 3348 swenum - ok
20:40:56.0845 3348 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
20:40:56.0845 3348 swprv - ok
20:40:56.0860 3348 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:40:56.0876 3348 Symc8xx - ok
20:40:56.0876 3348 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:40:56.0876 3348 Sym_hi - ok
20:40:56.0907 3348 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:40:56.0907 3348 Sym_u3 - ok
20:40:56.0954 3348 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
20:40:56.0954 3348 SysMain - ok
20:40:56.0969 3348 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:40:56.0969 3348 TabletInputService - ok
20:40:57.0016 3348 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:40:57.0016 3348 TapiSrv - ok
20:40:57.0032 3348 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
20:40:57.0032 3348 TBS - ok
20:40:57.0110 3348 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:40:57.0110 3348 Tcpip - ok
20:40:57.0157 3348 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:40:57.0157 3348 Tcpip6 - ok
20:40:57.0172 3348 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:40:57.0188 3348 tcpipreg - ok
20:40:57.0188 3348 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:40:57.0203 3348 TDPIPE - ok
20:40:57.0203 3348 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:40:57.0203 3348 TDTCP - ok
20:40:57.0235 3348 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:40:57.0235 3348 tdx - ok
20:40:57.0235 3348 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:40:57.0235 3348 TermDD - ok
20:40:57.0266 3348 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
20:40:57.0266 3348 TermService - ok
20:40:57.0297 3348 [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
20:40:57.0313 3348 Themes - ok
20:40:57.0313 3348 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:40:57.0313 3348 THREADORDER - ok
20:40:57.0328 3348 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
20:40:57.0344 3348 TrkWks - ok
20:40:57.0375 3348 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:40:57.0375 3348 TrustedInstaller - ok
20:40:57.0375 3348 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:57.0391 3348 tssecsrv - ok
20:40:57.0391 3348 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:40:57.0391 3348 tunmp - ok
20:40:57.0406 3348 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:40:57.0406 3348 tunnel - ok
20:40:57.0422 3348 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:40:57.0422 3348 uagp35 - ok
20:40:57.0453 3348 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:40:57.0453 3348 udfs - ok
20:40:57.0469 3348 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:40:57.0484 3348 UI0Detect - ok
20:40:57.0484 3348 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:40:57.0500 3348 uliagpkx - ok
20:40:57.0515 3348 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:40:57.0515 3348 uliahci - ok
20:40:57.0531 3348 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:40:57.0531 3348 UlSata - ok
20:40:57.0547 3348 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:40:57.0547 3348 ulsata2 - ok
20:40:57.0547 3348 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:40:57.0547 3348 umbus - ok
20:40:57.0578 3348 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
20:40:57.0578 3348 upnphost - ok
20:40:57.0609 3348 [ 1114579556DB85E9FAF9590DBC64CD62 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:40:57.0609 3348 usbaudio - ok
20:40:57.0640 3348 [ AAB0B5F72D2D726FBFDC895A2902DE1D ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:57.0640 3348 usbccgp - ok
20:40:57.0656 3348 [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:40:57.0656 3348 usbcir - ok
20:40:57.0656 3348 [ 153E8515CB86F8BB5D1A8B478EBF4BB2 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:40:57.0656 3348 usbehci - ok
20:40:57.0671 3348 [ 2AE6BCEBD85D31317E433733DAF25888 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:40:57.0671 3348 usbhub - ok
20:40:57.0687 3348 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:40:57.0687 3348 usbohci - ok
20:40:57.0718 3348 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:40:57.0718 3348 usbprint - ok
20:40:57.0749 3348 [ 1D714B8497CD68307806D5D3F60A5169 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:40:57.0765 3348 usbscan - ok
20:40:57.0781 3348 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:57.0796 3348 USBSTOR - ok
20:40:57.0796 3348 [ 44056325428A8E4C755830426E29878F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:40:57.0796 3348 usbuhci - ok
20:40:57.0812 3348 [ 73FF24E21B690625A58109637DDA0DF7 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:40:57.0812 3348 usbvideo - ok
20:40:57.0874 3348 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
20:40:57.0874 3348 usb_rndisx - ok
20:40:57.0890 3348 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
20:40:57.0890 3348 UxSms - ok
20:40:57.0921 3348 [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
20:40:57.0921 3348 vds - ok
20:40:57.0937 3348 [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:58.0046 3348 vga - ok
20:40:58.0077 3348 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:40:58.0077 3348 VgaSave - ok
20:40:58.0108 3348 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:40:58.0124 3348 viaagp - ok
20:40:58.0155 3348 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:40:58.0155 3348 ViaC7 - ok
20:40:58.0171 3348 [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
20:40:58.0171 3348 viaide - ok
20:40:58.0171 3348 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:40:58.0186 3348 volmgr - ok
20:40:58.0202 3348 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:40:58.0202 3348 volmgrx - ok
20:40:58.0233 3348 [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:40:58.0249 3348 volsnap - ok
20:40:58.0264 3348 [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:40:58.0264 3348 vsmraid - ok
20:40:58.0295 3348 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
20:40:58.0311 3348 VSS - ok
20:40:58.0327 3348 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
20:40:58.0342 3348 W32Time - ok
20:40:58.0342 3348 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:40:58.0358 3348 WacomPen - ok
20:40:58.0358 3348 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:40:58.0358 3348 Wanarp - ok
20:40:58.0358 3348 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:40:58.0373 3348 Wanarpv6 - ok
20:40:58.0389 3348 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:40:58.0389 3348 wcncsvc - ok
20:40:58.0420 3348 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:40:58.0420 3348 WcsPlugInService - ok
20:40:58.0436 3348 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
20:40:58.0436 3348 Wd - ok
20:40:58.0467 3348 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:40:58.0483 3348 Wdf01000 - ok
20:40:58.0483 3348 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:40:58.0498 3348 WdiServiceHost - ok
20:40:58.0498 3348 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:40:58.0498 3348 WdiSystemHost - ok
20:40:58.0529 3348 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
20:40:58.0529 3348 WebClient - ok
20:40:58.0545 3348 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:40:58.0545 3348 Wecsvc - ok
20:40:58.0576 3348 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:40:58.0576 3348 wercplsupport - ok
20:40:58.0607 3348 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:40:58.0607 3348 WerSvc - ok
20:40:58.0639 3348 [ B9188CC0868C72F43261128E5BA7266D ] WinAgentsTftpService4 C:\Program Files\Common Files\WinAgents\TftpService.exe
20:40:58.0639 3348 WinAgentsTftpService4 - ok
20:40:58.0670 3348 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:40:58.0670 3348 WinDefend - ok
20:40:58.0685 3348 WinHttpAutoProxySvc - ok
20:40:58.0732 3348 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:40:58.0732 3348 Winmgmt - ok
20:40:58.0763 3348 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:40:58.0779 3348 WinRM - ok
20:40:58.0826 3348 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
20:40:58.0841 3348 WinUSB - ok
20:40:58.0857 3348 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:40:58.0857 3348 Wlansvc - ok
20:40:58.0873 3348 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:40:58.0873 3348 WmiAcpi - ok
20:40:58.0904 3348 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:40:58.0904 3348 wmiApSrv - ok
20:40:58.0951 3348 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:40:58.0951 3348 WMPNetworkSvc - ok
20:40:58.0982 3348 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:40:58.0982 3348 WPCSvc - ok
20:40:59.0013 3348 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:40:59.0013 3348 WPDBusEnum - ok
20:40:59.0044 3348 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:40:59.0044 3348 WpdUsb - ok
20:40:59.0122 3348 [ 7CAEC4665452072662496CFCCAB727E2 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:40:59.0122 3348 WPFFontCache_v0400 - ok
20:40:59.0138 3348 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:40:59.0153 3348 ws2ifsl - ok
20:40:59.0185 3348 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
20:40:59.0185 3348 wscsvc - ok
20:40:59.0185 3348 WSearch - ok
20:40:59.0231 3348 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:40:59.0247 3348 wuauserv - ok
20:40:59.0278 3348 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:40:59.0278 3348 WudfPf - ok
20:40:59.0294 3348 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:59.0294 3348 WUDFRd - ok
20:40:59.0325 3348 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:40:59.0325 3348 wudfsvc - ok
20:40:59.0341 3348 ================ Scan global ===============================
20:40:59.0403 3348 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:40:59.0434 3348 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:40:59.0434 3348 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:40:59.0481 3348 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:40:59.0481 3348 [Global] - ok
20:40:59.0481 3348 ================ Scan MBR ==================================
20:40:59.0497 3348 [ A653B30D987352BB248DF094454B1CB6 ] \Device\Harddisk0\DR0
20:40:59.0840 3348 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
20:40:59.0840 3348 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
20:40:59.0840 3348 ================ Scan VBR ==================================
20:40:59.0840 3348 [ 3A1A54D051FC2F4F63AA24417D229D15 ] \Device\Harddisk0\DR0\Partition1
20:40:59.0840 3348 \Device\Harddisk0\DR0\Partition1 - ok
20:40:59.0855 3348 [ 1D202433F64532632F3219D268EF008F ] \Device\Harddisk0\DR0\Partition2
20:40:59.0855 3348 \Device\Harddisk0\DR0\Partition2 - ok
20:40:59.0855 3348 [ A848A3832AFEB869A6853E2CE5241062 ] \Device\Harddisk0\DR0\Partition3
20:40:59.0871 3348 \Device\Harddisk0\DR0\Partition3 - ok
20:40:59.0887 3348 [ B9438ABE204B56248B911B26B5BFEC36 ] \Device\Harddisk0\DR0\Partition4
20:40:59.0887 3348 \Device\Harddisk0\DR0\Partition4 - ok
20:40:59.0887 3348 ============================================================
20:40:59.0887 3348 Scan finished
20:40:59.0887 3348 ============================================================
20:40:59.0887 4800 Detected object count: 1
20:40:59.0887 4800 Actual detected object count: 1
20:41:47.0030 4800 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
20:41:47.0030 4800 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip

Psychotic · November 6, 2013

Fix with TDSS-Killer

Please read and follow these instructions carefully.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
When the scan is finished, select cure for the following entry.
```
Rootkit.Win32.BackBoot.gen
```
Hit continue.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

fordie66 · November 6, 2013

Hi Marius

TDSS-Killer offers:

Skip

Copy to quarantine

Restore

not Cure. Please confirm I should use Copy to quarantine

Thanks

Ian

Psychotic · November 6, 2013

I should change this set of instructions. Use "copy to quarantine", please.

fordie66 · November 6, 2013

Seems so close, I just wanted to check:

20:48:12.0188 2984 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:48:13.0580 2984 ============================================================
20:48:13.0580 2984 Current date / time: 2013/11/06 20:48:13.0580
20:48:13.0580 2984 SystemInfo:
20:48:13.0580 2984
20:48:13.0580 2984 OS Version: 6.0.6002 ServicePack: 2.0
20:48:13.0580 2984 Product type: Workstation
20:48:13.0580 2984 ComputerName: JOHN-PC
20:48:13.0581 2984 UserName: John
20:48:13.0581 2984 Windows directory: C:\Windows
20:48:13.0581 2984 System windows directory: C:\Windows
20:48:13.0581 2984 Processor architecture: Intel x86
20:48:13.0581 2984 Number of processors: 2
20:48:13.0581 2984 Page size: 0x1000
20:48:13.0581 2984 Boot type: Normal boot
20:48:13.0581 2984 ============================================================
20:48:14.0339 2984 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:48:14.0370 2984 ============================================================
20:48:14.0370 2984 \Device\Harddisk0\DR0:
20:48:14.0370 2984 MBR partitions:
20:48:14.0370 2984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7801F1A
20:48:14.0382 2984 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7801F98, BlocksNum 0x9C41AD8
20:48:14.0393 2984 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11443AAF, BlocksNum 0x29810511
20:48:14.0404 2984 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3AC53FFF, BlocksNum 0x39AB19C2
20:48:14.0404 2984 ============================================================
20:48:14.0439 2984 C: <-> \Device\Harddisk0\DR0\Partition1
20:48:14.0499 2984 D: <-> \Device\Harddisk0\DR0\Partition2
20:48:14.0523 2984 E: <-> \Device\Harddisk0\DR0\Partition3
20:48:14.0549 2984 F: <-> \Device\Harddisk0\DR0\Partition4
20:48:14.0549 2984 ============================================================
20:48:14.0550 2984 Initialize success
20:48:14.0550 2984 ============================================================
20:48:17.0214 2080 ============================================================
20:48:17.0214 2080 Scan started
20:48:17.0214 2080 Mode: Manual;
20:48:17.0214 2080 ============================================================
20:48:17.0624 2080 ================ Scan system memory ========================
20:48:17.0624 2080 System memory - ok
20:48:17.0624 2080 ================ Scan services =============================
20:48:19.0174 2080 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:48:19.0176 2080 ACPI - ok
20:48:19.0253 2080 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:48:19.0254 2080 AdobeARMservice - ok
20:48:19.0302 2080 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:48:19.0304 2080 AdobeFlashPlayerUpdateSvc - ok
20:48:19.0323 2080 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:48:19.0327 2080 adp94xx - ok
20:48:19.0343 2080 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:48:19.0345 2080 adpahci - ok
20:48:19.0359 2080 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:48:19.0360 2080 adpu160m - ok
20:48:19.0375 2080 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:48:19.0377 2080 adpu320 - ok
20:48:19.0407 2080 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:48:19.0408 2080 AeLookupSvc - ok
20:48:19.0431 2080 [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
20:48:19.0434 2080 AFD - ok
20:48:19.0447 2080 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:48:19.0448 2080 agp440 - ok
20:48:19.0461 2080 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:48:19.0462 2080 aic78xx - ok
20:48:19.0481 2080 [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
20:48:19.0482 2080 ALG - ok
20:48:19.0499 2080 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:48:19.0500 2080 aliide - ok
20:48:19.0513 2080 [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:48:19.0514 2080 amdagp - ok
20:48:19.0527 2080 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:48:19.0528 2080 amdide - ok
20:48:19.0538 2080 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
20:48:19.0539 2080 AmdK7 - ok
20:48:19.0551 2080 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:48:19.0553 2080 AmdK8 - ok
20:48:19.0569 2080 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
20:48:19.0570 2080 Appinfo - ok
20:48:19.0580 2080 [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
20:48:19.0581 2080 arc - ok
20:48:19.0589 2080 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:48:19.0590 2080 arcsas - ok
20:48:19.0655 2080 [ 54AB80D7F53E0C228A3F0FDB167DC83E ] ASOVPNHelper    C:\Program Files\Astrill\ASOvpnSvc.exe
20:48:19.0659 2080 ASOVPNHelper - ok
20:48:19.0698 2080 [ 1B69B335F6BCD85C104F8C674660D6D6 ] ASProxy         C:\Program Files\Astrill\ASProxy.exe
20:48:19.0711 2080 ASProxy - ok
20:48:19.0745 2080 [ FA1F8B44242E0817F4B1BE2EE7979DF0 ] asvpndrv        C:\Windows\system32\DRIVERS\asvpndrv.sys
20:48:19.0746 2080 asvpndrv - ok
20:48:19.0759 2080 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:19.0760 2080 AsyncMac - ok
20:48:19.0798 2080 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:48:19.0799 2080 atapi - ok
20:48:19.0853 2080 [ FD59145571041180F54A620FB8159746 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:48:19.0858 2080 Ati External Event Utility - ok
20:48:19.0927 2080 [ 514771DF4C8E653126C6DD7EE3661766 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:48:19.0950 2080 atikmdag - ok
20:48:19.0982 2080 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:48:19.0985 2080 AudioEndpointBuilder - ok
20:48:19.0990 2080 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:48:19.0993 2080 Audiosrv - ok
20:48:20.0141 2080 [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
20:48:20.0173 2080 AVGIDSAgent - ok
20:48:20.0197 2080 [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
20:48:20.0199 2080 AVGIDSDriver - ok
20:48:20.0209 2080 [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
20:48:20.0210 2080 AVGIDSHX - ok
20:48:20.0233 2080 [ 2717EBC35166B8793DBFFB4390B8F2E7 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
20:48:20.0234 2080 AVGIDSShim - ok
20:48:20.0256 2080 [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
20:48:20.0257 2080 Avgldx86 - ok
20:48:20.0298 2080 [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
20:48:20.0300 2080 Avglogx - ok
20:48:20.0326 2080 [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
20:48:20.0327 2080 Avgmfx86 - ok
20:48:20.0333 2080 [ CBCE8ED318DB8EA431F9D25AC9B7FF41 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
20:48:20.0334 2080 Avgrkx86 - ok
20:48:20.0351 2080 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
20:48:20.0354 2080 Avgtdix - ok
20:48:20.0373 2080 [ 15ACA2AD17ACECA4814F249783E63AD3 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
20:48:20.0374 2080 avgtp - ok
20:48:20.0396 2080 [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
20:48:20.0399 2080 avgwd - ok
20:48:20.0410 2080 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:48:20.0411 2080 Beep - ok
20:48:20.0441 2080 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
20:48:20.0444 2080 BFE - ok
20:48:20.0505 2080 [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
20:48:20.0512 2080 BITS - ok
20:48:20.0525 2080 [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:48:20.0526 2080 blbdrive - ok
20:48:20.0540 2080 [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:48:20.0541 2080 bowser - ok
20:48:20.0554 2080 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:48:20.0555 2080 BrFiltLo - ok
20:48:20.0559 2080 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:48:20.0560 2080 BrFiltUp - ok
20:48:20.0583 2080 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
20:48:20.0585 2080 Browser - ok
20:48:20.0592 2080 [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:48:20.0593 2080 Brserid - ok
20:48:20.0606 2080 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:48:20.0608 2080 BrSerWdm - ok
20:48:20.0618 2080 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:48:20.0619 2080 BrUsbMdm - ok
20:48:20.0625 2080 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:48:20.0626 2080 BrUsbSer - ok
20:48:20.0639 2080 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:48:20.0640 2080 BTHMODEM - ok
20:48:20.0663 2080 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:48:20.0664 2080 cdfs - ok
20:48:20.0687 2080 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:48:20.0688 2080 cdrom - ok
20:48:20.0713 2080 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:48:20.0714 2080 CertPropSvc - ok
20:48:20.0724 2080 [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
20:48:20.0725 2080 circlass - ok
20:48:20.0758 2080 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
20:48:20.0761 2080 CLFS - ok
20:48:20.0812 2080 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:20.0814 2080 clr_optimization_v2.0.50727_32 - ok
20:48:20.0853 2080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:48:20.0855 2080 clr_optimization_v4.0.30319_32 - ok
20:48:20.0876 2080 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:48:20.0877 2080 cmdide - ok
20:48:20.0896 2080 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:48:20.0897 2080 Compbatt - ok
20:48:20.0900 2080 COMSysApp - ok
20:48:20.0908 2080 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:48:20.0909 2080 crcdisk - ok
20:48:20.0931 2080 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:48:20.0932 2080 Crusoe - ok
20:48:20.0957 2080 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:48:20.0959 2080 CryptSvc - ok
20:48:20.0995 2080 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:48:21.0000 2080 DcomLaunch - ok
20:48:21.0033 2080 [ 96C25C84D31F3569E579BAA434A85174 ] dfg             C:\Windows\system32\drivers\dfg.sys
20:48:21.0034 2080 dfg - ok
20:48:21.0069 2080 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:48:21.0070 2080 DfsC - ok
20:48:21.0121 2080 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
20:48:21.0136 2080 DFSR - ok
20:48:21.0178 2080 [ 54D0B8343CE8C22412A5F29D32EFD211 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:48:21.0179 2080 dg_ssudbus - ok
20:48:21.0202 2080 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:48:21.0204 2080 Dhcp - ok
20:48:21.0222 2080 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
20:48:21.0224 2080 disk - ok
20:48:21.0254 2080 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:48:21.0255 2080 Dnscache - ok
20:48:21.0289 2080 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:48:21.0291 2080 dot3svc - ok
20:48:21.0336 2080 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:48:21.0338 2080 Dot4 - ok
20:48:21.0363 2080 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:48:21.0364 2080 Dot4Print - ok
20:48:21.0376 2080 [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:48:21.0377 2080 dot4usb - ok
20:48:21.0398 2080 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
20:48:21.0400 2080 DPS - ok
20:48:21.0419 2080 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:48:21.0420 2080 drmkaud - ok
20:48:21.0447 2080 [ 988670D8343EF9835FB3659DB71B2EFA ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:48:21.0452 2080 DXGKrnl - ok
20:48:21.0465 2080 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
20:48:21.0466 2080 E1G60 - ok
20:48:21.0500 2080 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
20:48:21.0501 2080 EapHost - ok
20:48:21.0542 2080 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:48:21.0543 2080 Ecache - ok
20:48:21.0600 2080 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:48:21.0602 2080 ehRecvr - ok
20:48:21.0627 2080 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
20:48:21.0629 2080 ehSched - ok
20:48:21.0641 2080 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
20:48:21.0642 2080 ehstart - ok
20:48:21.0652 2080 [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:48:21.0655 2080 elxstor - ok
20:48:21.0680 2080 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:48:21.0685 2080 EMDMgmt - ok
20:48:21.0694 2080 [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:48:21.0695 2080 ErrDev - ok
20:48:21.0742 2080 esgiguard - ok
20:48:21.0787 2080 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
20:48:21.0789 2080 EventSystem - ok
20:48:21.0812 2080 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
20:48:21.0814 2080 exfat - ok
20:48:21.0837 2080 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:48:21.0839 2080 fastfat - ok
20:48:21.0892 2080 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:48:21.0893 2080 fdc - ok
20:48:21.0918 2080 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:48:21.0920 2080 fdPHost - ok
20:48:21.0950 2080 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:48:21.0951 2080 FDResPub - ok
20:48:21.0960 2080 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:48:21.0962 2080 FileInfo - ok
20:48:21.0985 2080 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:48:21.0986 2080 Filetrace - ok
20:48:22.0003 2080 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:48:22.0004 2080 flpydisk - ok
20:48:22.0037 2080 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:48:22.0039 2080 FltMgr - ok
20:48:22.0070 2080 [ 2AFA3A46986AE935DAECEBC7E66314CF ] FontCache       C:\Windows\system32\FntCache.dll
20:48:22.0076 2080 FontCache - ok
20:48:22.0114 2080 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:48:22.0116 2080 FontCache3.0.0.0 - ok
20:48:22.0131 2080 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:48:22.0132 2080 Fs_Rec - ok
20:48:22.0142 2080 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:48:22.0144 2080 gagp30kx - ok
20:48:22.0193 2080 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:48:22.0198 2080 gpsvc - ok
20:48:22.0256 2080 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:48:22.0258 2080 gupdate - ok
20:48:22.0262 2080 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:48:22.0264 2080 gupdatem - ok
20:48:22.0287 2080 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:48:22.0289 2080 HdAudAddService - ok
20:48:22.0321 2080 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:48:22.0325 2080 HDAudBus - ok
20:48:22.0337 2080 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:48:22.0338 2080 HidBth - ok
20:48:22.0349 2080 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:48:22.0350 2080 HidIr - ok
20:48:22.0375 2080 [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
20:48:22.0377 2080 hidserv - ok
20:48:22.0388 2080 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:48:22.0389 2080 HidUsb - ok
20:48:22.0411 2080 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:48:22.0413 2080 hkmsvc - ok
20:48:22.0422 2080 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:48:22.0424 2080 HpCISSs - ok
20:48:22.0487 2080 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:48:22.0490 2080 hpqcxs08 - ok
20:48:22.0496 2080 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:48:22.0498 2080 hpqddsvc - ok
20:48:22.0522 2080 [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:48:22.0526 2080 HTTP - ok
20:48:22.0530 2080 [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:48:22.0531 2080 i2omp - ok
20:48:22.0537 2080 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:48:22.0538 2080 i8042prt - ok
20:48:22.0561 2080 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:48:22.0563 2080 iaStorV - ok
20:48:22.0624 2080 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:48:22.0625 2080 IDriverT - ok
20:48:22.0673 2080 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:48:22.0679 2080 idsvc - ok
20:48:22.0688 2080 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:48:22.0690 2080 iirsp - ok
20:48:22.0737 2080 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:48:22.0741 2080 IKEEXT - ok
20:48:22.0781 2080 [ EDC37B918E583A5A813C53D4F5588255 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:48:22.0794 2080 IntcAzAudAddService - ok
20:48:22.0807 2080 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:48:22.0808 2080 intelide - ok
20:48:22.0815 2080 [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:48:22.0816 2080 intelppm - ok
20:48:22.0835 2080 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:48:22.0837 2080 IPBusEnum - ok
20:48:22.0841 2080 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:48:22.0842 2080 IpFilterDriver - ok
20:48:22.0859 2080 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:48:22.0862 2080 iphlpsvc - ok
20:48:22.0867 2080 IpInIp - ok
20:48:22.0879 2080 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:48:22.0881 2080 IPMIDRV - ok
20:48:22.0891 2080 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:48:22.0893 2080 IPNAT - ok
20:48:22.0898 2080 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:48:22.0899 2080 IRENUM - ok
20:48:22.0910 2080 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:48:22.0912 2080 isapnp - ok
20:48:22.0948 2080 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:48:22.0950 2080 iScsiPrt - ok
20:48:22.0958 2080 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:48:22.0959 2080 iteatapi - ok
20:48:22.0972 2080 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:48:22.0973 2080 iteraid - ok
20:48:22.0977 2080 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:48:22.0978 2080 kbdclass - ok
20:48:23.0007 2080 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:48:23.0008 2080 kbdhid - ok
20:48:23.0043 2080 [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
20:48:23.0045 2080 KeyIso - ok
20:48:23.0096 2080 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:48:23.0099 2080 KSecDD - ok
20:48:23.0120 2080 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:48:23.0123 2080 KtmRm - ok
20:48:23.0160 2080 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:48:23.0164 2080 LanmanServer - ok
20:48:23.0202 2080 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:48:23.0208 2080 LanmanWorkstation - ok
20:48:23.0213 2080 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:48:23.0214 2080 lltdio - ok
20:48:23.0228 2080 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:48:23.0230 2080 lltdsvc - ok
20:48:23.0249 2080 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:48:23.0251 2080 lmhosts - ok
20:48:23.0264 2080 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:48:23.0265 2080 LSI_FC - ok
20:48:23.0274 2080 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:48:23.0275 2080 LSI_SAS - ok
20:48:23.0285 2080 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:48:23.0287 2080 LSI_SCSI - ok
20:48:23.0291 2080 [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
20:48:23.0293 2080 luafv - ok
20:48:23.0352 2080 [ D6767D36902E4B9F9EBB2DDD3BBF1A35 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
20:48:23.0353 2080 mbamchameleon - ok
20:48:23.0368 2080 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:48:23.0369 2080 MBAMProtector - ok
20:48:23.0397 2080 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:48:23.0400 2080 MBAMScheduler - ok
20:48:23.0427 2080 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:48:23.0432 2080 MBAMService - ok
20:48:23.0465 2080 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:48:23.0468 2080 Mcx2Svc - ok
20:48:23.0475 2080 [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:48:23.0476 2080 megasas - ok
20:48:23.0495 2080 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:48:23.0498 2080 MegaSR - ok
20:48:23.0555 2080 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:48:23.0556 2080 Microsoft Office Groove Audit Service - ok
20:48:23.0565 2080 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
20:48:23.0568 2080 MMCSS - ok
20:48:23.0579 2080 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
20:48:23.0581 2080 Modem - ok
20:48:23.0595 2080 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:48:23.0597 2080 monitor - ok
20:48:23.0617 2080 [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:48:23.0618 2080 mouclass - ok
20:48:23.0625 2080 [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:48:23.0626 2080 mouhid - ok
20:48:23.0630 2080 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:48:23.0631 2080 MountMgr - ok
20:48:23.0688 2080 [ 5D494509432897338AFC19DB78A76DCB ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:48:23.0689 2080 MozillaMaintenance - ok
20:48:23.0706 2080 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:48:23.0707 2080 mpio - ok
20:48:23.0711 2080 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:48:23.0713 2080 mpsdrv - ok
20:48:23.0743 2080 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:48:23.0747 2080 MpsSvc - ok
20:48:23.0756 2080 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:48:23.0757 2080 Mraid35x - ok
20:48:23.0769 2080 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:48:23.0771 2080 MRxDAV - ok
20:48:23.0783 2080 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:48:23.0785 2080 mrxsmb - ok
20:48:23.0801 2080 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:48:23.0804 2080 mrxsmb10 - ok
20:48:23.0816 2080 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:48:23.0818 2080 mrxsmb20 - ok
20:48:23.0848 2080 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
20:48:23.0850 2080 msahci - ok
20:48:23.0858 2080 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:48:23.0860 2080 msdsm - ok
20:48:23.0875 2080 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
20:48:23.0877 2080 MSDTC - ok
20:48:23.0893 2080 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:48:23.0894 2080 Msfs - ok
20:48:23.0901 2080 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:48:23.0902 2080 msisadrv - ok
20:48:23.0922 2080 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:48:23.0924 2080 MSiSCSI - ok
20:48:23.0928 2080 msiserver - ok
20:48:23.0938 2080 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:48:23.0940 2080 MSKSSRV - ok
20:48:23.0951 2080 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:48:23.0952 2080 MSPCLOCK - ok
20:48:23.0962 2080 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:48:23.0963 2080 MSPQM - ok
20:48:23.0974 2080 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:48:23.0976 2080 MsRPC - ok
20:48:23.0982 2080 [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:48:23.0983 2080 mssmbios - ok
20:48:23.0992 2080 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:48:23.0993 2080 MSTEE - ok
20:48:24.0007 2080 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
20:48:24.0009 2080 Mup - ok
20:48:24.0028 2080 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
20:48:24.0032 2080 napagent - ok
20:48:24.0057 2080 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:48:24.0059 2080 NativeWifiP - ok
20:48:24.0110 2080 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:48:24.0114 2080 NDIS - ok
20:48:24.0127 2080 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:48:24.0129 2080 NdisTapi - ok
20:48:24.0137 2080 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:48:24.0138 2080 Ndisuio - ok
20:48:24.0160 2080 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:48:24.0161 2080 NdisWan - ok
20:48:24.0173 2080 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:48:24.0174 2080 NDProxy - ok
20:48:24.0185 2080 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:48:24.0187 2080 Net Driver HPZ12 - ok
20:48:24.0191 2080 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:48:24.0192 2080 NetBIOS - ok
20:48:24.0222 2080 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:48:24.0224 2080 netbt - ok
20:48:24.0228 2080 [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
20:48:24.0230 2080 Netlogon - ok
20:48:24.0262 2080 [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
20:48:24.0266 2080 Netman - ok
20:48:24.0279 2080 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
20:48:24.0282 2080 netprofm - ok
20:48:24.0301 2080 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:48:24.0302 2080 NetTcpPortSharing - ok
20:48:24.0314 2080 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:48:24.0316 2080 nfrd960 - ok
20:48:24.0332 2080 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:48:24.0335 2080 NlaSvc - ok
20:48:24.0375 2080 [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\Windows\system32\drivers\npf.sys
20:48:24.0376 2080 NPF - ok
20:48:24.0387 2080 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:48:24.0389 2080 Npfs - ok
20:48:24.0401 2080 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
20:48:24.0403 2080 nsi - ok
20:48:24.0408 2080 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:48:24.0409 2080 nsiproxy - ok
20:48:24.0446 2080 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:48:24.0453 2080 Ntfs - ok
20:48:24.0458 2080 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
20:48:24.0459 2080 ntrigdigi - ok
20:48:24.0468 2080 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
20:48:24.0469 2080 Null - ok
20:48:24.0476 2080 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:48:24.0478 2080 nvraid - ok
20:48:24.0488 2080 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:48:24.0489 2080 nvstor - ok
20:48:24.0499 2080 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:48:24.0501 2080 nv_agp - ok
20:48:24.0504 2080 NwlnkFlt - ok
20:48:24.0508 2080 NwlnkFwd - ok
20:48:24.0585 2080 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:48:24.0589 2080 odserv - ok
20:48:24.0599 2080 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:48:24.0600 2080 ohci1394 - ok
20:48:24.0613 2080 [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:48:24.0615 2080 ose - ok
20:48:24.0643 2080 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:48:24.0649 2080 p2pimsvc - ok
20:48:24.0659 2080 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:48:24.0665 2080 p2psvc - ok
20:48:24.0675 2080 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
20:48:24.0676 2080 Parport - ok
20:48:24.0714 2080 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:48:24.0716 2080 partmgr - ok
20:48:24.0732 2080 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:48:24.0733 2080 Parvdm - ok
20:48:24.0747 2080 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:48:24.0750 2080 PcaSvc - ok
20:48:24.0783 2080 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
20:48:24.0784 2080 pci - ok
20:48:24.0814 2080 [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
20:48:24.0815 2080 pciide - ok
20:48:24.0823 2080 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:48:24.0825 2080 pcmcia - ok
20:48:24.0843 2080 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:48:24.0849 2080 PEAUTH - ok
20:48:24.0888 2080 [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
20:48:24.0900 2080 pla - ok
20:48:24.0941 2080 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:48:24.0946 2080 PlugPlay - ok
20:48:24.0969 2080 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:48:24.0971 2080 Pml Driver HPZ12 - ok
20:48:24.0982 2080 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:48:24.0988 2080 PNRPAutoReg - ok
20:48:25.0018 2080 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:48:25.0024 2080 PNRPsvc - ok
20:48:25.0057 2080 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:48:25.0061 2080 PolicyAgent - ok
20:48:25.0077 2080 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:48:25.0079 2080 PptpMiniport - ok
20:48:25.0091 2080 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
20:48:25.0092 2080 Processor - ok
20:48:25.0129 2080 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:48:25.0132 2080 ProfSvc - ok
20:48:25.0152 2080 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:48:25.0153 2080 ProtectedStorage - ok
20:48:25.0177 2080 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:48:25.0179 2080 PSched - ok
20:48:25.0293 2080 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:48:25.0300 2080 ql2300 - ok
20:48:25.0309 2080 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:48:25.0310 2080 ql40xx - ok
20:48:25.0333 2080 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
20:48:25.0337 2080 QWAVE - ok
20:48:25.0342 2080 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:48:25.0343 2080 QWAVEdrv - ok
20:48:25.0515 2080 [ AB51E1F08C8E789D6C9E8B94D15BE9A9 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
20:48:25.0518 2080 RapportCerberus_59849 - ok
20:48:25.0620 2080 [ 9D52A4DEB9F28CC41EB61346E3808E4D ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:48:25.0622 2080 RapportEI - ok
20:48:25.0652 2080 [ 4136175FABB89CB493DF1D237DB50CF4 ] RapportKELL     C:\Windows\system32\Drivers\RapportKELL.sys
20:48:25.0653 2080 RapportKELL - ok
20:48:25.0701 2080 [ 02396BD77121751A738444325E1F14E8 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
20:48:25.0711 2080 RapportMgmtService - ok
20:48:25.0739 2080 [ A9B99416DE6CADEE2D3C369B634F20F1 ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:48:25.0741 2080 RapportPG - ok
20:48:25.0748 2080 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:48:25.0749 2080 RasAcd - ok
20:48:25.0768 2080 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
20:48:25.0771 2080 RasAuto - ok
20:48:25.0788 2080 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:48:25.0789 2080 Rasl2tp - ok
20:48:25.0815 2080 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
20:48:25.0819 2080 RasMan - ok
20:48:25.0850 2080 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:48:25.0851 2080 RasPppoe - ok
20:48:25.0879 2080 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:48:25.0880 2080 RasSstp - ok
20:48:25.0906 2080 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:48:25.0909 2080 rdbss - ok
20:48:25.0920 2080 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:48:25.0921 2080 RDPCDD - ok
20:48:25.0938 2080 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:48:25.0941 2080 rdpdr - ok
20:48:25.0945 2080 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:48:25.0946 2080 RDPENCDD - ok
20:48:25.0969 2080 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:48:25.0971 2080 RDPWD - ok
20:48:26.0001 2080 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:48:26.0004 2080 RemoteAccess - ok
20:48:26.0022 2080 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:48:26.0025 2080 RemoteRegistry - ok
20:48:26.0038 2080 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
20:48:26.0040 2080 RpcLocator - ok
20:48:26.0053 2080 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
20:48:26.0059 2080 RpcSs - ok
20:48:26.0066 2080 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:48:26.0068 2080 rspndr - ok
20:48:26.0092 2080 [ 1AA29238D4B14F4A20B2C4AAEA6E0F6E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
20:48:26.0094 2080 RTHDMIAzAudService - ok
20:48:26.0113 2080 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
20:48:26.0115 2080 RTL8169 - ok
20:48:26.0120 2080 [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
20:48:26.0122 2080 SamSs - ok
20:48:26.0129 2080 [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:48:26.0131 2080 sbp2port - ok
20:48:26.0159 2080 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:48:26.0162 2080 SCardSvr - ok
20:48:26.0188 2080 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
20:48:26.0194 2080 Schedule - ok
20:48:26.0205 2080 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:48:26.0207 2080 SCPolicySvc - ok
20:48:26.0223 2080 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:48:26.0226 2080 SDRSVC - ok
20:48:26.0233 2080 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:48:26.0234 2080 secdrv - ok
20:48:26.0251 2080 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
20:48:26.0254 2080 seclogon - ok
20:48:26.0265 2080 [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
20:48:26.0268 2080 SENS - ok
20:48:26.0280 2080 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:48:26.0281 2080 Serenum - ok
20:48:26.0293 2080 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
20:48:26.0295 2080 Serial - ok
20:48:26.0302 2080 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:48:26.0304 2080 sermouse - ok
20:48:26.0344 2080 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:48:26.0347 2080 SessionEnv - ok
20:48:26.0354 2080 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:48:26.0355 2080 sffdisk - ok
20:48:26.0361 2080 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:48:26.0362 2080 sffp_mmc - ok
20:48:26.0373 2080 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:48:26.0375 2080 sffp_sd - ok
20:48:26.0379 2080 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:48:26.0380 2080 sfloppy - ok
20:48:26.0424 2080 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:48:26.0427 2080 SharedAccess - ok
20:48:26.0469 2080 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:48:26.0473 2080 ShellHWDetection - ok
20:48:26.0480 2080 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:48:26.0482 2080 sisagp - ok
20:48:26.0495 2080 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:48:26.0497 2080 SiSRaid2 - ok
20:48:26.0510 2080 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:48:26.0511 2080 SiSRaid4 - ok
20:48:26.0621 2080 [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:48:26.0641 2080 Skype C2C Service - ok
20:48:26.0708 2080 [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
20:48:26.0710 2080 SkypeUpdate - ok
20:48:26.0777 2080 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
20:48:26.0800 2080 slsvc - ok
20:48:26.0837 2080 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:48:26.0840 2080 SLUINotify - ok
20:48:26.0854 2080 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:48:26.0855 2080 Smb - ok
20:48:26.0880 2080 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:48:26.0883 2080 SNMPTRAP - ok
20:48:26.0896 2080 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
20:48:26.0897 2080 spldr - ok
20:48:26.0909 2080 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
20:48:26.0913 2080 Spooler - ok
20:48:26.0940 2080 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:48:26.0942 2080 srv - ok
20:48:26.0953 2080 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:48:26.0955 2080 srv2 - ok
20:48:26.0970 2080 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:48:26.0971 2080 srvnet - ok
20:48:27.0013 2080 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:48:27.0016 2080 SSDPSRV - ok
20:48:27.0026 2080 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:48:27.0029 2080 SstpSvc - ok
20:48:27.0082 2080 [ D2C02234E3E87EA5FE420F045068099B ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:48:27.0084 2080 ssudmdm - ok
20:48:27.0124 2080 [ E97F09A7EC9C45B7060FE45BC620766C ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
20:48:27.0126 2080 ssudserd - ok
20:48:27.0146 2080 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
20:48:27.0152 2080 stisvc - ok
20:48:27.0157 2080 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:48:27.0158 2080 swenum - ok
20:48:27.0197 2080 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
20:48:27.0202 2080 swprv - ok
20:48:27.0215 2080 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:48:27.0216 2080 Symc8xx - ok
20:48:27.0227 2080 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:48:27.0228 2080 Sym_hi - ok
20:48:27.0233 2080 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:48:27.0234 2080 Sym_u3 - ok
20:48:27.0262 2080 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
20:48:27.0267 2080 SysMain - ok
20:48:27.0282 2080 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:48:27.0285 2080 TabletInputService - ok
20:48:27.0326 2080 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:48:27.0330 2080 TapiSrv - ok
20:48:27.0343 2080 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
20:48:27.0346 2080 TBS - ok
20:48:27.0429 2080 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:48:27.0436 2080 Tcpip - ok
20:48:27.0450 2080 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:48:27.0456 2080 Tcpip6 - ok
20:48:27.0481 2080 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:48:27.0482 2080 tcpipreg - ok
20:48:27.0487 2080 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:48:27.0488 2080 TDPIPE - ok
20:48:27.0506 2080 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:48:27.0507 2080 TDTCP - ok
20:48:27.0529 2080 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:48:27.0531 2080 tdx - ok
20:48:27.0538 2080 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:48:27.0540 2080 TermDD - ok
20:48:27.0588 2080 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
20:48:27.0594 2080 TermService - ok
20:48:27.0619 2080 [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
20:48:27.0623 2080 Themes - ok
20:48:27.0633 2080 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:48:27.0635 2080 THREADORDER - ok
20:48:27.0648 2080 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
20:48:27.0651 2080 TrkWks - ok
20:48:27.0685 2080 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:48:27.0686 2080 TrustedInstaller - ok
20:48:27.0721 2080 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:27.0722 2080 tssecsrv - ok
20:48:27.0726 2080 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:48:27.0728 2080 tunmp - ok
20:48:27.0743 2080 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:48:27.0744 2080 tunnel - ok
20:48:27.0758 2080 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:48:27.0759 2080 uagp35 - ok
20:48:27.0785 2080 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:48:27.0787 2080 udfs - ok
20:48:27.0806 2080 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:48:27.0809 2080 UI0Detect - ok
20:48:27.0823 2080 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:48:27.0824 2080 uliagpkx - ok
20:48:27.0836 2080 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:48:27.0839 2080 uliahci - ok
20:48:27.0848 2080 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:48:27.0849 2080 UlSata - ok
20:48:27.0862 2080 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:48:27.0863 2080 ulsata2 - ok
20:48:27.0867 2080 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:48:27.0868 2080 umbus - ok
20:48:27.0888 2080 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
20:48:27.0891 2080 upnphost - ok
20:48:27.0944 2080 [ 1114579556DB85E9FAF9590DBC64CD62 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:48:27.0945 2080 usbaudio - ok
20:48:27.0958 2080 [ AAB0B5F72D2D726FBFDC895A2902DE1D ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:27.0959 2080 usbccgp - ok
20:48:27.0974 2080 [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:48:27.0975 2080 usbcir - ok
20:48:27.0992 2080 [ 153E8515CB86F8BB5D1A8B478EBF4BB2 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:48:27.0993 2080 usbehci - ok
20:48:28.0002 2080 [ 2AE6BCEBD85D31317E433733DAF25888 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:48:28.0003 2080 usbhub - ok
20:48:28.0018 2080 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:48:28.0019 2080 usbohci - ok
20:48:28.0037 2080 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:48:28.0038 2080 usbprint - ok
20:48:28.0050 2080 [ 1D714B8497CD68307806D5D3F60A5169 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:48:28.0051 2080 usbscan - ok
20:48:28.0077 2080 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:28.0078 2080 USBSTOR - ok
20:48:28.0099 2080 [ 44056325428A8E4C755830426E29878F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:48:28.0100 2080 usbuhci - ok
20:48:28.0114 2080 [ 73FF24E21B690625A58109637DDA0DF7 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:48:28.0115 2080 usbvideo - ok
20:48:28.0168 2080 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
20:48:28.0169 2080 usb_rndisx - ok
20:48:28.0181 2080 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
20:48:28.0184 2080 UxSms - ok
20:48:28.0207 2080 [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
20:48:28.0212 2080 vds - ok
20:48:28.0228 2080 [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:28.0229 2080 vga - ok
20:48:28.0234 2080 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:48:28.0235 2080 VgaSave - ok
20:48:28.0248 2080 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:48:28.0250 2080 viaagp - ok
20:48:28.0257 2080 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:48:28.0258 2080 ViaC7 - ok
20:48:28.0274 2080 [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
20:48:28.0276 2080 viaide - ok
20:48:28.0284 2080 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:48:28.0286 2080 volmgr - ok
20:48:28.0311 2080 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:48:28.0314 2080 volmgrx - ok
20:48:28.0362 2080 [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:48:28.0365 2080 volsnap - ok
20:48:28.0379 2080 [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:48:28.0381 2080 vsmraid - ok
20:48:28.0415 2080 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
20:48:28.0425 2080 VSS - ok
20:48:28.0441 2080 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
20:48:28.0446 2080 W32Time - ok
20:48:28.0456 2080 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:48:28.0457 2080 WacomPen - ok
20:48:28.0462 2080 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:48:28.0463 2080 Wanarp - ok
20:48:28.0467 2080 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:48:28.0468 2080 Wanarpv6 - ok
20:48:28.0496 2080 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:48:28.0501 2080 wcncsvc - ok
20:48:28.0527 2080 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:28.0530 2080 WcsPlugInService - ok
20:48:28.0537 2080 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
20:48:28.0538 2080 Wd - ok
20:48:28.0577 2080 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:48:28.0581 2080 Wdf01000 - ok
20:48:28.0594 2080 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:48:28.0598 2080 WdiServiceHost - ok
20:48:28.0602 2080 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:48:28.0605 2080 WdiSystemHost - ok
20:48:28.0635 2080 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
20:48:28.0639 2080 WebClient - ok
20:48:28.0652 2080 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:48:28.0656 2080 Wecsvc - ok
20:48:28.0672 2080 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:48:28.0676 2080 wercplsupport - ok
20:48:28.0701 2080 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:48:28.0705 2080 WerSvc - ok
20:48:28.0734 2080 [ B9188CC0868C72F43261128E5BA7266D ] WinAgentsTftpService4 C:\Program Files\Common Files\WinAgents\TftpService.exe
20:48:28.0736 2080 WinAgentsTftpService4 - ok
20:48:28.0762 2080 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:48:28.0765 2080 WinDefend - ok
20:48:28.0771 2080 WinHttpAutoProxySvc - ok
20:48:28.0823 2080 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:48:28.0824 2080 Winmgmt - ok
20:48:28.0857 2080 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:48:28.0867 2080 WinRM - ok
20:48:28.0915 2080 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
20:48:28.0916 2080 WinUSB - ok
20:48:28.0943 2080 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:48:28.0949 2080 Wlansvc - ok
20:48:28.0963 2080 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:48:28.0964 2080 WmiAcpi - ok
20:48:28.0994 2080 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:48:28.0996 2080 wmiApSrv - ok
20:48:29.0042 2080 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:48:29.0048 2080 WMPNetworkSvc - ok
20:48:29.0074 2080 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:48:29.0078 2080 WPCSvc - ok
20:48:29.0110 2080 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:48:29.0114 2080 WPDBusEnum - ok
20:48:29.0139 2080 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:48:29.0140 2080 WpdUsb - ok
20:48:29.0222 2080 [ 7CAEC4665452072662496CFCCAB727E2 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:48:29.0228 2080 WPFFontCache_v0400 - ok
20:48:29.0243 2080 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:48:29.0244 2080 ws2ifsl - ok
20:48:29.0276 2080 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
20:48:29.0280 2080 wscsvc - ok
20:48:29.0284 2080 WSearch - ok
20:48:29.0329 2080 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:48:29.0344 2080 wuauserv - ok
20:48:29.0374 2080 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:48:29.0376 2080 WudfPf - ok
20:48:29.0396 2080 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:29.0398 2080 WUDFRd - ok
20:48:29.0431 2080 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:48:29.0435 2080 wudfsvc - ok
20:48:29.0450 2080 ================ Scan global ===============================
20:48:29.0507 2080 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:48:29.0536 2080 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:48:29.0546 2080 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:48:29.0576 2080 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:48:29.0580 2080 [Global] - ok
20:48:29.0580 2080 ================ Scan MBR ==================================
20:48:29.0591 2080 [ A653B30D987352BB248DF094454B1CB6 ] \Device\Harddisk0\DR0
20:48:29.0957 2080 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
20:48:29.0957 2080 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
20:48:29.0958 2080 ================ Scan VBR ==================================
20:48:29.0970 2080 [ 3A1A54D051FC2F4F63AA24417D229D15 ] \Device\Harddisk0\DR0\Partition1
20:48:29.0971 2080 \Device\Harddisk0\DR0\Partition1 - ok
20:48:29.0980 2080 [ 1D202433F64532632F3219D268EF008F ] \Device\Harddisk0\DR0\Partition2
20:48:29.0982 2080 \Device\Harddisk0\DR0\Partition2 - ok
20:48:29.0995 2080 [ A848A3832AFEB869A6853E2CE5241062 ] \Device\Harddisk0\DR0\Partition3
20:48:29.0997 2080 \Device\Harddisk0\DR0\Partition3 - ok
20:48:30.0014 2080 [ B9438ABE204B56248B911B26B5BFEC36 ] \Device\Harddisk0\DR0\Partition4
20:48:30.0016 2080 \Device\Harddisk0\DR0\Partition4 - ok
20:48:30.0017 2080 ============================================================
20:48:30.0017 2080 Scan finished
20:48:30.0017 2080 ============================================================
20:48:30.0024 6048 Detected object count: 1
20:48:30.0024 6048 Actual detected object count: 1
20:58:39.0674 6048 \Device\Harddisk0\DR0\# - copied to quarantine
20:58:39.0674 6048 \Device\Harddisk0\DR0 - copied to quarantine
20:58:39.0674 6048 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine

Psychotic · November 6, 2013

OK, then proceed with combofix

fordie66 · November 6, 2013

ComboFix 13-11-04.01 - John 06/11/2013 21:04:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3325.1615 [GMT 8:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
   /wow section - STAGE 7
R6025
- pure virtual function call
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\dfg.sys
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI1557.txt
c:\windows\tmp\dd_vcredistUI1557.txt
c:\windows\tmp\qtsingleapp-koboex-f4a6-1-lockfile
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
-------\Service_dfg
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06 )))))))))))))))))))))))))))))))
.
.
2013-11-06 13:21 . 2013-11-06 13:34   --------   d-----w-   c:\users\John\AppData\Local\temp
2013-11-06 13:21 . 2013-11-06 13:21   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-11-06 12:58 . 2013-11-06 12:58   --------   d-----w-   C:\TDSSKiller_Quarantine
2013-11-06 11:04 . 2013-11-06 11:04   --------   d-----w-   c:\windows\ERUNT
2013-11-06 10:18 . 2013-11-06 10:38   --------   d-----w-   C:\AdwCleaner
2013-11-05 22:33 . 2013-11-05 22:33   --------   d-----w-   c:\program files\ATI
2013-11-03 22:19 . 2013-11-03 22:19   --------   d-----w-   c:\program files\XATI - Copy
2013-10-29 22:14 . 2013-10-29 22:38   --------   d-----w-   c:\program files\RegistryNuke 2013
2013-10-28 13:03 . 2013-10-28 21:38   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-28 12:58 . 2013-11-05 23:55   31560   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2013-10-28 10:49 . 2013-10-28 10:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-10-28 10:49 . 2013-04-04 06:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-10-27 22:36 . 2013-10-27 22:36   --------   d-----w-   c:\users\John\AppData\Roaming\Malwarebytes
2013-10-27 22:36 . 2013-10-27 22:36   --------   d-----w-   c:\programdata\Malwarebytes
2013-10-27 22:03 . 2013-10-28 02:06   --------   d-----w-   c:\program files\GridinSoft Trojan Killer
2013-10-27 13:06 . 2013-10-27 21:22   --------   d-----w-   c:\program files\Cryptic Trojan Removal Tool
2013-10-27 13:06 . 2012-12-10 03:04   81920   ----a-w-   c:\windows\eSellerateControl350.dll
2013-10-27 13:06 . 2012-12-10 03:04   356352   ----a-w-   c:\windows\eSellerateEngine.dll
2013-10-27 13:06 . 2009-07-23 10:32   274432   ----a-w-   c:\windows\system32\ssleay32.dll
2013-10-27 13:06 . 2009-07-23 10:32   1122304   ----a-w-   c:\windows\system32\libeay32.dll
2013-10-27 11:24 . 2013-10-27 22:43   --------   d-----w-   C:\sh4ldr
2013-10-27 11:24 . 2013-10-27 11:24   --------   d-----w-   c:\program files\Enigma Software Group
2013-10-27 11:22 . 2013-10-27 22:43   --------   d-----w-   c:\windows\865537E164904193A4B6669C62711852.TMP
2013-10-22 03:10 . 2013-10-22 03:10   --------   d-----w-   c:\users\John\AppData\Roaming\Free Sound Recorder
2013-10-20 02:24 . 2013-10-20 02:24   --------   d-----w-   c:\programdata\Oracle
2013-10-20 02:24 . 2013-10-20 02:24   --------   d-----w-   c:\program files\Common Files\Java
2013-10-20 02:24 . 2013-10-20 02:23   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 07:04 . 2013-10-17 07:04   108816   ----a-w-   c:\windows\system32\drivers\RapportKELL.sys
2013-10-13 11:42 . 2013-10-30 21:09   --------   d-----w-   c:\program files\Mozilla Thunderbird
2013-10-09 21:58 . 2013-08-01 03:16   638400   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-10-08 23:26 . 2013-10-08 23:26   17813896   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 23:26 . 2013-01-13 00:03   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 23:26 . 2013-01-13 00:03   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-10-01 23:02 . 2013-01-13 01:21   37664   ----a-w-   c:\windows\system32\drivers\avgtpx86.sys
2013-09-09 17:34 . 2013-09-09 17:34   22328   ----a-w-   c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 17:43 . 2013-09-04 17:43   39224   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2013-01-10 4706304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-27 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06   958576   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 05:56   59280   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 05:52   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-09-04 10:16   1564528   ----a-w-   c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-09-04 10:16   311152   ----a-w-   c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2011-10-30 07:44   571392   ----a-w-   c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-02 03:08   20472992   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 22:18   1185744   ----a-w-   c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 23:26]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 03:23]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 03:23]
.
.
------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\ASProxy.dll
Trusted Zone: china-journeys.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-27 06:14; {75CEEE46-9B64-46f8-94BF-54012DE155F0}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
FF - ExtSQL: 2013-09-27 06:14; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-RegZooka - c:\program files\RegZooka\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-06 21:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files\Common Files\WinAgents\TftpService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2013-11-06 21:43:19 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-06 13:43
.
Pre-Run: 7,490,097,152 bytes free
Post-Run: 10,051,293,184 bytes free
.
- - End Of File - - 56D9E02F37853C4843793975B7CC887E
A653B30D987352BB248DF094454B1CB6

Psychotic · November 6, 2013

There is somethin within your log that needs further information of my colleagues. Please be patient while I clarify how to go on.

fordie66 · November 6, 2013

Hi Marius

Thanks. There is a remaining issue. On startup I get told that Catalyst Control Center isn't working. I have searched and there is different advice as to removal of a possible virus. I will wait for yours.

Ian

fordie66 · November 7, 2013

Hi Marius

Have you been able to get any further information? I will not make any system changes until I hear back.

Ian

Psychotic · November 8, 2013

Hi there,

it doesn´t mean that I have to search but to await the answer of one tool´s author.

The tool this time produced some log entries that I´ve never seen before and I want to clarify the enext steps to prevent damage from your system and personal data.

I´m after it and will reply as soon as possible.

fordie66 · November 8, 2013

Hi Marius

Very much appreciated, thank you. I get instant notifications when you post anything so will be patient.

Cheers

Ian

Psychotic · November 11, 2013

Please delete your existing copy of combofix and download a new one. run it as before and post the log, please.

fordie66 · November 11, 2013

version 13.11.10.2 gives:

ComboFix 13-11-10.02 - John 11/11/2013 16:29:21.2.2 - x86
Running from: c:\users\John\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
   /wow section - STAGE 7
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-11 to 2013-11-11 )))))))))))))))))))))))))))))))
.
.
2013-11-11 08:47 . 2013-11-11 08:47   --------   d-----w-   c:\users\John\AppData\Local\temp
2013-11-11 08:47 . 2013-11-11 08:47   --------   d-----w-   c:\users\TEMP\AppData\Local\temp
2013-11-11 08:47 . 2013-11-11 08:47   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-11-06 12:58 . 2013-11-06 12:58   --------   d-----w-   C:\TDSSKiller_Quarantine
2013-11-06 11:04 . 2013-11-06 11:04   --------   d-----w-   c:\windows\ERUNT
2013-11-06 10:18 . 2013-11-06 10:38   --------   d-----w-   C:\AdwCleaner
2013-11-05 22:33 . 2013-11-05 22:33   --------   d-----w-   c:\program files\ATI
2013-11-03 22:19 . 2013-11-03 22:19   --------   d-----w-   c:\program files\XATI - Copy
2013-10-29 22:14 . 2013-10-29 22:38   --------   d-----w-   c:\program files\RegistryNuke 2013
2013-10-28 13:03 . 2013-10-28 21:38   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-28 12:58 . 2013-11-05 23:55   31560   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2013-10-28 10:49 . 2013-10-28 10:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-10-28 10:49 . 2013-04-04 06:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-10-27 22:36 . 2013-10-27 22:36   --------   d-----w-   c:\users\John\AppData\Roaming\Malwarebytes
2013-10-27 22:36 . 2013-10-27 22:36   --------   d-----w-   c:\programdata\Malwarebytes
2013-10-27 22:03 . 2013-10-28 02:06   --------   d-----w-   c:\program files\GridinSoft Trojan Killer
2013-10-27 13:06 . 2013-10-27 21:22   --------   d-----w-   c:\program files\Cryptic Trojan Removal Tool
2013-10-27 13:06 . 2012-12-10 03:04   81920   ----a-w-   c:\windows\eSellerateControl350.dll
2013-10-27 13:06 . 2012-12-10 03:04   356352   ----a-w-   c:\windows\eSellerateEngine.dll
2013-10-27 13:06 . 2009-07-23 10:32   274432   ----a-w-   c:\windows\system32\ssleay32.dll
2013-10-27 13:06 . 2009-07-23 10:32   1122304   ----a-w-   c:\windows\system32\libeay32.dll
2013-10-27 11:24 . 2013-10-27 22:43   --------   d-----w-   C:\sh4ldr
2013-10-27 11:24 . 2013-10-27 11:24   --------   d-----w-   c:\program files\Enigma Software Group
2013-10-27 11:22 . 2013-10-27 22:43   --------   d-----w-   c:\windows\865537E164904193A4B6669C62711852.TMP
2013-10-22 03:10 . 2013-10-22 03:10   --------   d-----w-   c:\users\John\AppData\Roaming\Free Sound Recorder
2013-10-20 02:24 . 2013-10-20 02:24   --------   d-----w-   c:\programdata\Oracle
2013-10-20 02:24 . 2013-10-20 02:24   --------   d-----w-   c:\program files\Common Files\Java
2013-10-20 02:24 . 2013-10-20 02:23   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 07:04 . 2013-10-17 07:04   108816   ----a-w-   c:\windows\system32\drivers\RapportKELL.sys
2013-10-13 11:42 . 2013-10-30 21:09   --------   d-----w-   c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 23:26 . 2013-01-13 00:03   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 23:26 . 2013-01-13 00:03   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-10-08 23:26 . 2013-10-08 23:26   17813896   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
2013-10-01 23:02 . 2013-01-13 01:21   37664   ----a-w-   c:\windows\system32\drivers\avgtpx86.sys
2013-09-22 10:22 . 2013-10-10 13:14   1800704   ----a-w-   c:\windows\system32\jscript9.dll
2013-09-22 10:14 . 2013-10-10 13:14   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-09-22 10:13 . 2013-10-10 13:14   1129472   ----a-w-   c:\windows\system32\wininet.dll
2013-09-22 10:08 . 2013-10-10 13:14   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-09-22 10:06 . 2013-10-10 13:14   420864   ----a-w-   c:\windows\system32\vbscript.dll
2013-09-22 10:03 . 2013-10-10 13:14   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2013-09-09 17:34 . 2013-09-09 17:34   22328   ----a-w-   c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 17:43 . 2013-09-04 17:43   39224   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2013-08-29 07:36 . 2013-10-09 21:58   2050048   ----a-w-   c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-09 21:58   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-09 21:58   189952   ----a-w-   c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-09 21:58   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2013-08-27 02:47 . 2013-10-09 21:58   1029120   ----a-w-   c:\windows\system32\d3d10.dll
2013-08-27 01:52 . 2013-10-09 21:58   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-09 21:58   486400   ----a-w-   c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-09 21:58   683008   ----a-w-   c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-09 21:58   1069056   ----a-w-   c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-09 21:58   798208   ----a-w-   c:\windows\system32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2013-01-10 4706304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-27 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06   958576   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 05:56   59280   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 05:52   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-09-04 10:16   1564528   ----a-w-   c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-09-04 10:16   311152   ----a-w-   c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2011-10-30 07:44   571392   ----a-w-   c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-21 07:27   20549280   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 22:18   1185744   ----a-w-   c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 23:26]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 03:23]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 03:23]
.
.
------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\ASProxy.dll
Trusted Zone: china-journeys.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\

FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-27 06:14; {75CEEE46-9B64-46f8-94BF-54012DE155F0}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
FF - ExtSQL: 2013-09-27 06:14; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-11 16:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-11-11 16:50:36
ComboFix-quarantined-files.txt 2013-11-11 08:50
ComboFix2.txt 2013-11-06 13:43
.
Pre-Run: 9,017,147,392 bytes free
Post-Run: 8,872,955,904 bytes free
.
- - End Of File - - 2B418C714E0E2FEF786085CA57AD4497
A653B30D987352BB248DF094454B1CB6

Psychotic · November 11, 2013

Full System Scan with Malwarebytes Antimalware

If not existing, please download

Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

Run Malwarebytes Antimalware
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Post that log back here.

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

fordie66 · November 12, 2013

Full scan - no malicious items detected

Just about to follow the next step (ESET)

The report:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.11.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHN-PC [administrator]

Protection: Enabled

12/11/2013 06:48:28
mbam-log-2013-11-12 (06-48-28).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 717050
Time elapsed: 5 hour(s), 10 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

fordie66 · November 12, 2013

ESET finished. 13 threats

C:\AdwCleaner\Quarantine\C\Program Files\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir   Win32/Toolbar.Conduit.Q application
C:\AdwCleaner\Quarantine\C\Program Files\FreeSoundRecorder\ldrtbFree.dll.vir   a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Program Files\FreeSoundRecorder\prxtbFree.dll.vir   Win32/Toolbar.Conduit.O application
C:\AdwCleaner\Quarantine\C\Program Files\FreeSoundRecorder\tbFree.dll.vir   a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\John\AppData\LocalLow\FreeSoundRecorder\ldrtbFre0.dll.vir   a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Users\John\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir   a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Users\John\AppData\LocalLow\FreeSoundRecorder\tbFre0.dll.vir   a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\John\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir   a variant of Win32/Toolbar.Conduit.B application
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr   Ripper virus
C:\Users\John\Downloads\CrypticTrojanRemovalTool.exe   a variant of Win32/SecurityStronghold.A application
C:\Users\John\Downloads\RN_ErrorsFix_Setup.exe   a variant of Win32/RegistryNuke application
D:\tftpd32.400\tftpd32.exe   a variant of Win32/TFTPD32.A application
F:\recover\g\Tent Review\CloakedLinks\index.php   PHP/Obfuscated.F application

Psychotic · November 12, 2013

C:\Users\John\Downloads\CrypticTrojanRemovalTool.exe
C:\Users\John\Downloads\RN_ErrorsFix_Setup.exe

Delete these files!

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe
Hit Scan and wait for the scan to finish.
Confirm the message but don´t uncheck anything.
Hit Clean
When the run is finished, it will open up a text file
Please post its contents within your next reply
You´ll find the log file at C:\AdwCleaner[s1].txt also

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

Save it to your desktop, start it and follow the instructions in the window.
After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Removal hangs

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information