Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer stuck on FBI moneypak virus screen [Solved]

Started by Maya_k , Jul 30 2012 08:02 PM

This topic is locked

#121
Maya_k

Posted 06 September 2012 - 12:09 PM

Member

Topic Starter
Member
85 posts

I ran OTL but after about five mins I got an error saying it stopped working and to close the window.I clicked on close window. Should I restart the computer and try again?

#122
Essexboy

Posted 06 September 2012 - 12:31 PM

GeekU Moderator

Retired Staff
69,964 posts

At what stage did it stop ?

Yes stop it and go direct to RogueKiller

#123
Maya_k

Posted 06 September 2012 - 12:43 PM

Member

Topic Starter
Member
85 posts

At that time, the desktop and all the icons were gone and I believe it was getting manual file system...I really don't remember it correctly. it's just showing me a blank screen right now with my wallpaper. Should I restart the computer so I can download the rogue killer?

Edited by Maya_k, 06 September 2012 - 02:07 PM.

#124
Essexboy

Posted 06 September 2012 - 12:45 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets get the main ones removed with RogueKiller and revisit that later

#125
Maya_k

Posted 06 September 2012 - 12:49 PM

Member

Topic Starter
Member
85 posts

Oh Ijust edited my post asking about the rogue killer. I can only access windows task manager and restart and log off. I believe I haver that program downloaded but I am not sure how to access it. Also do I need to download a new version of it?

#126
Essexboy

Posted 06 September 2012 - 12:54 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes restart and I will reprise the destructions here

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

#127
Maya_k

Posted 06 September 2012 - 01:25 PM

Member

Topic Starter
Member
85 posts

After I hit delete, it wanted to restart the computer. I clicked yes. I am not sure how to perform the shortcuts Fix step now. Also while performing the scan and deleting, a message kept on blinking saying "Zero Access". I am not sure if that means anything. I have three reports saved on my desktop right now. Here they are:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: AFSHEEN KHAN [Admin rights]
Mode: Scan -- Date: 07/31/2012 17:51:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L --> FOUND
[ZeroAccess][FILE] n : c:\users\afsheen khan\appdata\local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\n --> FOUND
[ZeroAccess][FILE] @ : c:\users\afsheen khan\appdata\local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\afsheen khan\appdata\local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\afsheen khan\appdata\local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX
[ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([INLINE] Unknown @ 0x86AC4FA9)

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS723232L9SA60 ATA Device +++++
--- User ---
[MBR] 54d1c65ae2953fe4f167b5e22d556984
[BSP] 369910cafd80797495e57ccbb7aa69cb : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6540 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 13395968 | Size: 298703 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 3a82ffe872417ad1ee21cef72ac402b3
[BSP] 369910cafd80797495e57ccbb7aa69cb : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6540 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 13395968 | Size: 298703 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625139712 | Size: 1 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

Report 2:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: AFSHEEN KHAN [Admin rights]
Mode: Remove -- Date: 07/31/2012 17:56:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\n --> REMOVED
[ZeroAccess][FILE] @ : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000004.@ : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\80000032.@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L --> REMOVED
[ZeroAccess][FILE] n : c:\users\afsheen khan\appdata\local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\n --> REMOVED
[ZeroAccess][FILE] @ : c:\users\afsheen khan\appdata\local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\afsheen khan\appdata\local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\afsheen khan\appdata\local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX
[ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([INLINE] Unknown @ 0x86AC4FA9)

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS723232L9SA60 ATA Device +++++
--- User ---
[MBR] 54d1c65ae2953fe4f167b5e22d556984
[BSP] 369910cafd80797495e57ccbb7aa69cb : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6540 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 13395968 | Size: 298703 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 3a82ffe872417ad1ee21cef72ac402b3
[BSP] 369910cafd80797495e57ccbb7aa69cb : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6540 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 13395968 | Size: 298703 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625139712 | Size: 1 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Report 3:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: AFSHEEN KHAN [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/31/2012 18:05:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 6 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 9 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 408 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 16 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 366 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 503 / Fail 0
Backup: [FOUND] Success 3 / Fail 304

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[E:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ZeroAccess|Rogue.FakeHDD ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Also, after it restarted the computer, Spybot is asking to allow or deny this change.
"Category: Disable taskmanager
Change: Value deleted
Entry: Disable taskmgr
Old Data: 0"

Edited by Maya_k, 06 September 2012 - 01:26 PM.

#128
Essexboy

Posted 06 September 2012 - 01:34 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes allow that

OK lots of different infections here in addition to zero access you have an MBR one as well. I will use a different approach than the one Mike used. But the MBR must be fixed before we tackle the services.exe file

I need you to download:
gparted-live-0.10.0-3.iso (115.1 MB)

Create a bootable CD, for Gparted from the ISO image.

You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

You should be here... Press ENTER

Posted Image

By default, "do not touch keymap" is highlighted.

Posted Image

Leave this setting alone and just press ENTER.

Posted Image

Choose your language and press ENTER. English is default [33]

At the mode prompt enter 0, press ENTER

You will now be taken to the main GUI screen below

Posted Image

According to your logs, the partition that you want to delete is 1 MB

Right click this partition and select delete .

Posted Image

The Partition has gone

Now select Apply

Now you should be here:

Posted Image

Select Apply after double checking that the right partition was deleted

Is "boot" next to your OS drive?
If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags
Posted Image

In the menu that pops up, place a checkmark in boot like the picture below, then close :

Posted Image

Under File select Quit
Posted Image

You will see this small Popup
Posted Image

Choose reboot and then press OK.

#129
Maya_k

Posted 06 September 2012 - 02:06 PM

Member

Topic Starter
Member
85 posts

I put the cd in and it showed me the very first screen. I hit enter and instead of showing me the next screen, out went blank and now there is white text on a black screen. It is um flickering almost...I am not write sure how to explain this. At first there was just text scrolling up but now it seems like it's stuck and the screen is just well flickering and the cd sounds like it's stuck.... I am not sure if this was supposed to happen at all.... Please advise. it looks scary!

update:
It scrolled up a bit but now it's completely blank but I still hear the cd making the same exact sound.

Edited by Maya_k, 06 September 2012 - 02:10 PM.

#130
Essexboy

Posted 06 September 2012 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

OK remove the CD and reboot please.. I will have a rethunk

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

#131
Maya_k

Posted 06 September 2012 - 02:32 PM

Member

Topic Starter
Member
85 posts

Hi,
I got to step 5 and hit continue but after that it took me to the screen where it's asking me to reboot for cure completion. Should I get the report and then click reboot or just click on reboot?

#132
Essexboy

Posted 06 September 2012 - 04:05 PM

GeekU Moderator

Retired Staff
69,964 posts

Reboot and the log will be located at C:\TDSSKiller date time pplease post that

EDIT: This may be the second MBR problem cured and not the main one, so once you have posted the log could you re-run RogueKiller

#133
Maya_k

Posted 06 September 2012 - 04:16 PM

Member

Topic Starter
Member
85 posts

Here is the report:

15:26:25.0443 5132 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:26:26.0051 5132 ============================================================
15:26:26.0051 5132 Current date / time: 2012/09/06 15:26:26.0051
15:26:26.0051 5132 SystemInfo:
15:26:26.0051 5132
15:26:26.0051 5132 OS Version: 6.0.6002 ServicePack: 2.0
15:26:26.0051 5132 Product type: Workstation
15:26:26.0051 5132 ComputerName: AFSHEENKHAN-PC
15:26:26.0051 5132 UserName: AFSHEEN KHAN
15:26:26.0051 5132 Windows directory: C:\Windows
15:26:26.0051 5132 System windows directory: C:\Windows
15:26:26.0051 5132 Processor architecture: Intel x86
15:26:26.0051 5132 Number of processors: 2
15:26:26.0051 5132 Page size: 0x1000
15:26:26.0051 5132 Boot type: Normal boot
15:26:26.0051 5132 ============================================================
15:26:28.0157 5132 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:26:28.0157 5132 Drive \Device\Harddisk2\DR2 - Size: 0xEF2E3800 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x3BCB, SectorsPerTrack: 0x20, TracksPerCylinder: 0x10, Type 'W'
15:26:28.0157 5132 ============================================================
15:26:28.0157 5132 \Device\Harddisk0\DR0:
15:26:28.0157 5132 MBR partitions:
15:26:28.0157 5132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCC6800, BlocksNum 0x24767800
15:26:28.0157 5132 \Device\Harddisk2\DR2:
15:26:28.0157 5132 MBR partitions:
15:26:28.0157 5132 ============================================================
15:26:28.0219 5132 C: <-> \Device\Harddisk0\DR0\Partition1
15:26:28.0219 5132 ============================================================
15:26:28.0219 5132 Initialize success
15:26:28.0219 5132 ============================================================
15:28:07.0904 4900 ============================================================
15:28:07.0904 4900 Scan started
15:28:07.0904 4900 Mode: Manual; SigCheck; TDLFS;
15:28:07.0904 4900 ============================================================
15:28:08.0326 4900 ================ Scan system memory ========================
15:28:08.0326 4900 System memory - ok
15:28:08.0326 4900 ================ Scan services =============================
15:28:08.0669 4900 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:28:08.0794 4900 ACPI - ok
15:28:08.0918 4900 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:28:08.0934 4900 AdobeARMservice - ok
15:28:09.0074 4900 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:28:09.0090 4900 AdobeFlashPlayerUpdateSvc - ok
15:28:09.0184 4900 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:28:09.0308 4900 adp94xx - ok
15:28:09.0355 4900 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:28:09.0386 4900 adpahci - ok
15:28:09.0402 4900 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:28:09.0418 4900 adpu160m - ok
15:28:09.0496 4900 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:28:09.0511 4900 adpu320 - ok
15:28:09.0574 4900 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:28:09.0698 4900 AeLookupSvc - ok
15:28:09.0761 4900 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:28:09.0808 4900 AFD - ok
15:28:09.0886 4900 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:28:09.0901 4900 agp440 - ok
15:28:09.0979 4900 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:28:10.0042 4900 aic78xx - ok
15:28:10.0073 4900 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:28:10.0198 4900 ALG - ok
15:28:10.0229 4900 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:28:10.0229 4900 aliide - ok
15:28:10.0260 4900 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:28:10.0276 4900 amdagp - ok
15:28:10.0291 4900 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:28:10.0307 4900 amdide - ok
15:28:10.0354 4900 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:28:10.0416 4900 AmdK7 - ok
15:28:10.0478 4900 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:28:10.0572 4900 AmdK8 - ok
15:28:10.0603 4900 anvsoftf2v - ok
15:28:10.0650 4900 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:28:10.0712 4900 Appinfo - ok
15:28:10.0900 4900 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:28:10.0915 4900 Apple Mobile Device - ok
15:28:11.0009 4900 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
15:28:11.0071 4900 AppMgmt - ok
15:28:11.0134 4900 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:28:11.0149 4900 arc - ok
15:28:11.0196 4900 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:28:11.0212 4900 arcsas - ok
15:28:11.0258 4900 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:11.0321 4900 AsyncMac - ok
15:28:11.0352 4900 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:28:11.0368 4900 atapi - ok
15:28:11.0477 4900 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:28:11.0508 4900 AudioEndpointBuilder - ok
15:28:11.0570 4900 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:28:11.0586 4900 Audiosrv - ok
15:28:11.0773 4900 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:28:11.0773 4900 BcmSqlStartupSvc - ok
15:28:11.0867 4900 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:28:11.0914 4900 Beep - ok
15:28:11.0929 4900 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:28:11.0992 4900 blbdrive - ok
15:28:12.0023 4900 [ 98F4630B5867D911AD6EAE79874BF5E6 ] BMLoad C:\Windows\system32\drivers\BMLoad.sys
15:28:12.0054 4900 BMLoad ( UnsignedFile.Multi.Generic ) - warning
15:28:12.0054 4900 BMLoad - detected UnsignedFile.Multi.Generic (1)
15:28:12.0132 4900 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:28:12.0194 4900 Bonjour Service - ok
15:28:12.0272 4900 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:28:12.0350 4900 bowser - ok
15:28:12.0413 4900 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:28:12.0444 4900 BrFiltLo - ok
15:28:12.0475 4900 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:28:12.0506 4900 BrFiltUp - ok
15:28:12.0553 4900 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:28:12.0616 4900 Browser - ok
15:28:12.0678 4900 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:28:12.0881 4900 Brserid - ok
15:28:12.0896 4900 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:28:12.0974 4900 BrSerWdm - ok
15:28:13.0021 4900 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:28:13.0099 4900 BrUsbMdm - ok
15:28:13.0146 4900 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:28:13.0240 4900 BrUsbSer - ok
15:28:13.0302 4900 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
15:28:13.0349 4900 BthEnum - ok
15:28:13.0396 4900 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:28:13.0427 4900 BTHMODEM - ok
15:28:13.0458 4900 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:28:13.0474 4900 BthPan - ok
15:28:13.0552 4900 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:28:13.0614 4900 BTHPORT - ok
15:28:13.0692 4900 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
15:28:13.0723 4900 BthServ - ok
15:28:13.0754 4900 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:28:13.0786 4900 BTHUSB - ok
15:28:13.0879 4900 [ 7F256D9FFF384FAA40DF5DB1CB8531D9 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:28:13.0910 4900 btwaudio - ok
15:28:13.0926 4900 [ D87D990131AAABB27D4046790292366D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:28:13.0926 4900 btwavdt - ok
15:28:13.0957 4900 [ D02F4D18AA4A38F781BEEFEB1892E144 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:28:13.0973 4900 btwl2cap - ok
15:28:13.0988 4900 [ E1771C0FB49E747AB2B2D29DA50510F9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:28:13.0988 4900 btwrchid - ok
15:28:14.0051 4900 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:28:14.0098 4900 cdfs - ok
15:28:14.0129 4900 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:28:14.0176 4900 cdrom - ok
15:28:14.0254 4900 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:28:14.0300 4900 CertPropSvc - ok
15:28:14.0332 4900 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:28:14.0363 4900 circlass - ok
15:28:14.0394 4900 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:28:14.0425 4900 CLFS - ok
15:28:14.0675 4900 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:14.0690 4900 clr_optimization_v2.0.50727_32 - ok
15:28:14.0815 4900 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:14.0831 4900 clr_optimization_v4.0.30319_32 - ok
15:28:14.0893 4900 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:28:14.0940 4900 CmBatt - ok
15:28:14.0956 4900 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:28:14.0971 4900 cmdide - ok
15:28:15.0002 4900 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:28:15.0018 4900 Compbatt - ok
15:28:15.0049 4900 COMSysApp - ok
15:28:15.0096 4900 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:28:15.0096 4900 cpudrv - ok
15:28:15.0127 4900 [ 097A0A4899B759A4F032BD464963B4BE ] cpuz132 C:\Windows\system32\drivers\cpuz132_x32.sys
15:28:15.0143 4900 cpuz132 ( UnsignedFile.Multi.Generic ) - warning
15:28:15.0143 4900 cpuz132 - detected UnsignedFile.Multi.Generic (1)
15:28:15.0158 4900 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:28:15.0174 4900 crcdisk - ok
15:28:15.0190 4900 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:28:15.0221 4900 Crusoe - ok
15:28:15.0283 4900 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:28:15.0346 4900 CryptSvc - ok
15:28:15.0377 4900 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
15:28:15.0486 4900 CSC - ok
15:28:15.0533 4900 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
15:28:15.0642 4900 CscService - ok
15:28:15.0673 4900 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:28:15.0736 4900 DcomLaunch - ok
15:28:15.0782 4900 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:28:15.0814 4900 DfsC - ok
15:28:16.0063 4900 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:28:16.0219 4900 DFSR - ok
15:28:16.0266 4900 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
15:28:16.0282 4900 dgderdrv - ok
15:28:16.0360 4900 [ D8522960163FA593694E441194A9A574 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
15:28:16.0375 4900 dg_ssudbus - ok
15:28:16.0438 4900 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:28:16.0484 4900 Dhcp - ok
15:28:16.0703 4900 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:28:16.0734 4900 disk - ok
15:28:16.0890 4900 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
15:28:16.0906 4900 DMICall - ok
15:28:16.0984 4900 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:28:17.0046 4900 Dnscache - ok
15:28:17.0093 4900 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:28:17.0140 4900 dot3svc - ok
15:28:17.0218 4900 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:28:17.0249 4900 DPS - ok
15:28:17.0296 4900 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:28:17.0327 4900 drmkaud - ok
15:28:17.0374 4900 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:28:17.0405 4900 DXGKrnl - ok
15:28:17.0483 4900 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:28:17.0561 4900 E1G60 - ok
15:28:17.0592 4900 [ 76A02BC4E8008A8CBAF5CC7EFB9DF839 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
15:28:17.0608 4900 e1yexpress - ok
15:28:17.0623 4900 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:28:17.0670 4900 EapHost - ok
15:28:17.0732 4900 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:28:17.0764 4900 Ecache - ok
15:28:17.0826 4900 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:28:17.0857 4900 elxstor - ok
15:28:17.0982 4900 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:28:18.0122 4900 EMDMgmt - ok
15:28:18.0185 4900 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:28:18.0216 4900 ErrDev - ok
15:28:18.0294 4900 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:28:18.0341 4900 EventSystem - ok
15:28:18.0559 4900 [ DDEBCC0AA7BD3EB02ABCE6B3D8536DEA ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:28:18.0590 4900 EvtEng - ok
15:28:18.0653 4900 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:28:18.0715 4900 exfat - ok
15:28:18.0778 4900 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:28:18.0824 4900 fastfat - ok
15:28:18.0887 4900 FastUserSwitchingCompatibility - ok
15:28:18.0934 4900 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
15:28:18.0980 4900 Fax - ok
15:28:19.0043 4900 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:28:19.0090 4900 fdc - ok
15:28:19.0105 4900 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:28:19.0121 4900 fdPHost - ok
15:28:19.0136 4900 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:28:19.0199 4900 FDResPub - ok
15:28:19.0214 4900 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:28:19.0230 4900 FileInfo - ok
15:28:19.0261 4900 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:28:19.0292 4900 Filetrace - ok
15:28:19.0324 4900 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:28:19.0386 4900 flpydisk - ok
15:28:19.0464 4900 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:28:19.0480 4900 FltMgr - ok
15:28:19.0558 4900 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:28:19.0620 4900 FontCache - ok
15:28:19.0667 4900 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:28:19.0682 4900 FontCache3.0.0.0 - ok
15:28:19.0760 4900 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:28:19.0776 4900 fssfltr - ok
15:28:20.0088 4900 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:28:20.0275 4900 fsssvc - ok
15:28:20.0338 4900 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:28:20.0400 4900 Fs_Rec - ok
15:28:20.0447 4900 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:28:20.0462 4900 gagp30kx - ok
15:28:20.0540 4900 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:28:20.0540 4900 GEARAspiWDM - ok
15:28:20.0618 4900 Giraffic - ok
15:28:20.0774 4900 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:28:20.0852 4900 gpsvc - ok
15:28:20.0946 4900 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:28:20.0977 4900 gupdate - ok
15:28:20.0977 4900 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:28:20.0993 4900 gupdatem - ok
15:28:21.0102 4900 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:28:21.0118 4900 gusvc - ok
15:28:21.0196 4900 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:28:21.0305 4900 HdAudAddService - ok
15:28:21.0336 4900 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:28:21.0461 4900 HDAudBus - ok
15:28:21.0508 4900 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:28:21.0586 4900 HidBth - ok
15:28:21.0617 4900 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:28:21.0679 4900 HidIr - ok
15:28:21.0742 4900 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:28:21.0804 4900 hidserv - ok
15:28:21.0882 4900 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:28:21.0913 4900 HidUsb - ok
15:28:22.0007 4900 [ 6022645993A89434332569E1DD9F009B ] hitmanpro35 C:\Windows\system32\drivers\hitmanpro35.sys
15:28:22.0007 4900 hitmanpro35 - ok
15:28:22.0132 4900 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:28:22.0194 4900 hkmsvc - ok
15:28:22.0225 4900 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:28:22.0241 4900 HpCISSs - ok
15:28:22.0334 4900 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:28:22.0397 4900 HSFHWAZL - ok
15:28:22.0459 4900 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:28:22.0568 4900 HSF_DPV - ok
15:28:22.0631 4900 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:28:22.0693 4900 HSXHWAZL - ok
15:28:22.0724 4900 [ 52395A94C127C0266D1C0F3CCE8A4345 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
15:28:22.0756 4900 htcnprot - ok
15:28:22.0818 4900 [ 86DBE249D4A1B3BAB6049C7CE6EF6272 ] HtcVCom32 C:\Windows\system32\DRIVERS\HtcVComV32.sys
15:28:22.0849 4900 HtcVCom32 - ok
15:28:22.0896 4900 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:28:22.0990 4900 HTTP - ok
15:28:23.0036 4900 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:28:23.0068 4900 i2omp - ok
15:28:23.0130 4900 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:28:23.0161 4900 i8042prt - ok
15:28:23.0255 4900 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:28:23.0302 4900 iaStorV - ok
15:28:23.0395 4900 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:28:23.0442 4900 idsvc - ok
15:28:23.0785 4900 [ F1F52F4B4DD7CB8B47570690363F1B28 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:28:23.0957 4900 igfx - ok
15:28:24.0004 4900 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:28:24.0004 4900 iirsp - ok
15:28:24.0066 4900 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:28:24.0128 4900 IKEEXT - ok
15:28:24.0238 4900 [ 2DEB2538C9372568BB67B5FDF2359790 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:28:24.0362 4900 IntcAzAudAddService - ok
15:28:24.0425 4900 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:28:24.0472 4900 intelide - ok
15:28:24.0503 4900 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:28:24.0550 4900 intelppm - ok
15:28:24.0628 4900 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:28:24.0784 4900 IPBusEnum - ok
15:28:24.0815 4900 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:28:24.0862 4900 IpFilterDriver - ok
15:28:24.0862 4900 IpInIp - ok
15:28:24.0893 4900 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:28:24.0940 4900 IPMIDRV - ok
15:28:24.0955 4900 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:28:24.0986 4900 IPNAT - ok
15:28:25.0423 4900 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:28:25.0517 4900 iPod Service - ok
15:28:25.0548 4900 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:28:25.0595 4900 IRENUM - ok
15:28:25.0610 4900 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:28:25.0642 4900 isapnp - ok
15:28:25.0704 4900 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:28:25.0735 4900 iScsiPrt - ok
15:28:25.0766 4900 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:28:25.0766 4900 iteatapi - ok
15:28:25.0798 4900 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:28:25.0813 4900 iteraid - ok
15:28:25.0938 4900 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:28:25.0954 4900 IviRegMgr - ok
15:28:25.0985 4900 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:28:26.0000 4900 kbdclass - ok
15:28:26.0016 4900 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:28:26.0078 4900 kbdhid - ok
15:28:26.0110 4900 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:28:26.0141 4900 KeyIso - ok
15:28:26.0188 4900 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:28:26.0219 4900 KSecDD - ok
15:28:26.0297 4900 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:28:26.0328 4900 KtmRm - ok
15:28:26.0359 4900 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:28:26.0406 4900 LanmanServer - ok
15:28:26.0484 4900 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:28:26.0515 4900 LanmanWorkstation - ok
15:28:26.0546 4900 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:28:26.0578 4900 lltdio - ok
15:28:26.0640 4900 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:28:26.0702 4900 lltdsvc - ok
15:28:26.0734 4900 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:28:26.0796 4900 lmhosts - ok
15:28:26.0905 4900 [ 4647CD914B94678804519F4A657EBDDC ] LMS C:\Program Files\Intel\AMT\LMS.exe
15:28:26.0921 4900 LMS - ok
15:28:26.0952 4900 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:28:26.0952 4900 LSI_FC - ok
15:28:26.0983 4900 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:28:26.0983 4900 LSI_SAS - ok
15:28:26.0999 4900 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:28:27.0014 4900 LSI_SCSI - ok
15:28:27.0046 4900 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:28:27.0061 4900 luafv - ok
15:28:27.0139 4900 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:28:27.0155 4900 MBAMProtector - ok
15:28:27.0295 4900 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:28:27.0342 4900 MBAMService - ok
15:28:27.0529 4900 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
15:28:27.0545 4900 McComponentHostService - ok
15:28:27.0592 4900 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:28:27.0623 4900 mdmxsdk - ok
15:28:27.0701 4900 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:28:27.0732 4900 megasas - ok
15:28:27.0794 4900 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:28:27.0841 4900 MegaSR - ok
15:28:27.0872 4900 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:28:27.0919 4900 MMCSS - ok
15:28:27.0935 4900 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:28:27.0997 4900 Modem - ok
15:28:28.0060 4900 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:28:28.0091 4900 monitor - ok
15:28:28.0122 4900 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:28:28.0138 4900 mouclass - ok
15:28:28.0153 4900 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:28:28.0200 4900 mouhid - ok
15:28:28.0216 4900 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:28:28.0231 4900 MountMgr - ok
15:28:28.0340 4900 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:28:28.0372 4900 MozillaMaintenance - ok
15:28:28.0403 4900 [ 8BF5B8C88B83AFA326EF090D8B5A77C6 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:28:28.0418 4900 MpFilter - ok
15:28:28.0528 4900 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:28:28.0559 4900 mpio - ok
15:28:28.0606 4900 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:28:28.0621 4900 mpsdrv - ok
15:28:28.0637 4900 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:28:28.0652 4900 Mraid35x - ok
15:28:28.0684 4900 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:28:28.0715 4900 MRxDAV - ok
15:28:28.0746 4900 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:28:28.0777 4900 mrxsmb - ok
15:28:28.0808 4900 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:28:28.0808 4900 mrxsmb10 - ok
15:28:28.0824 4900 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:28:28.0855 4900 mrxsmb20 - ok
15:28:28.0871 4900 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:28:28.0886 4900 msahci - ok
15:28:28.0902 4900 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:28:28.0918 4900 msdsm - ok
15:28:28.0933 4900 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:28:28.0980 4900 MSDTC - ok
15:28:29.0011 4900 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:28:29.0027 4900 Msfs - ok
15:28:29.0089 4900 [ 3A6B23341E250F9A9759E3E6B462A699 ] MSFWDrv C:\Windows\system32\DRIVERS\msfwdrv.sys
15:28:29.0105 4900 MSFWDrv - ok
15:28:29.0120 4900 [ 357EBA1D9693AC45887C534667A9FC58 ] MSFWHLPR C:\Windows\system32\DRIVERS\msfwhlpr.sys
15:28:29.0136 4900 MSFWHLPR - ok
15:28:29.0573 4900 [ DE4BFB491C0AD58CE1434BB8C31F0E3E ] msfwsvc C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
15:28:30.0088 4900 msfwsvc - ok
15:28:30.0134 4900 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:28:30.0150 4900 msisadrv - ok
15:28:30.0212 4900 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:28:30.0322 4900 MSiSCSI - ok
15:28:30.0322 4900 msiserver - ok
15:28:30.0337 4900 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:28:30.0368 4900 MSKSSRV - ok
15:28:30.0431 4900 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:28:30.0462 4900 MSPCLOCK - ok
15:28:30.0493 4900 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:28:30.0524 4900 MSPQM - ok
15:28:30.0571 4900 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:28:30.0587 4900 MsRPC - ok
15:28:30.0602 4900 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:28:30.0618 4900 mssmbios - ok
15:28:30.0696 4900 MSSQL$MSSMLBIZ - ok
15:28:30.0790 4900 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:28:30.0805 4900 MSSQLServerADHelper - ok
15:28:30.0836 4900 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:28:30.0883 4900 MSTEE - ok
15:28:30.0930 4900 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:28:30.0930 4900 Mup - ok
15:28:30.0977 4900 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:28:31.0039 4900 napagent - ok
15:28:31.0102 4900 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:28:31.0148 4900 NativeWifiP - ok
15:28:31.0195 4900 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:28:31.0273 4900 NDIS - ok
15:28:31.0304 4900 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:28:31.0351 4900 NdisTapi - ok
15:28:31.0382 4900 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:28:31.0429 4900 Ndisuio - ok
15:28:31.0460 4900 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:28:31.0476 4900 NdisWan - ok
15:28:31.0538 4900 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:28:31.0585 4900 NDProxy - ok
15:28:31.0616 4900 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:28:31.0632 4900 NetBIOS - ok
15:28:31.0663 4900 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:28:31.0679 4900 netbt - ok
15:28:31.0694 4900 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:28:31.0694 4900 Netlogon - ok
15:28:31.0741 4900 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:28:31.0788 4900 Netman - ok
15:28:31.0819 4900 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:28:31.0835 4900 netprofm - ok
15:28:31.0866 4900 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:28:31.0882 4900 NetTcpPortSharing - ok
15:28:31.0913 4900 NETw5v32 - ok
15:28:32.0084 4900 [ 698662A6AE73E2F63FC6F70293B02A4F ] NETwNv32 C:\Windows\system32\DRIVERS\NETwNv32.sys
15:28:32.0521 4900 NETwNv32 - ok
15:28:32.0552 4900 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:28:32.0599 4900 nfrd960 - ok
15:28:32.0615 4900 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:28:32.0677 4900 NlaSvc - ok
15:28:32.0724 4900 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:28:32.0740 4900 Npfs - ok
15:28:32.0771 4900 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:28:32.0849 4900 nsi - ok
15:28:32.0849 4900 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:28:32.0911 4900 nsiproxy - ok
15:28:32.0974 4900 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:28:33.0020 4900 Ntfs - ok
15:28:33.0052 4900 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:28:33.0130 4900 ntrigdigi - ok
15:28:33.0130 4900 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:28:33.0192 4900 Null - ok
15:28:33.0223 4900 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:28:33.0223 4900 nvraid - ok
15:28:33.0254 4900 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:28:33.0270 4900 nvstor - ok
15:28:33.0301 4900 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:28:33.0317 4900 nv_agp - ok
15:28:33.0317 4900 NwlnkFlt - ok
15:28:33.0317 4900 NwlnkFwd - ok
15:28:33.0395 4900 [ 982FE7E9E7DC9CA6E34F22BD8FF530D4 ] OcHealthMon C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
15:28:33.0410 4900 OcHealthMon - ok
15:28:33.0566 4900 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:28:33.0582 4900 odserv - ok
15:28:33.0613 4900 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:28:33.0660 4900 ohci1394 - ok
15:28:33.0722 4900 [ 7FFAA1D7FD1C3DBFA6F9FAAD986D5907 ] OneCareMP C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
15:28:33.0738 4900 OneCareMP - ok
15:28:33.0816 4900 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:28:33.0832 4900 ose - ok
15:28:33.0878 4900 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:28:33.0956 4900 p2pimsvc - ok
15:28:33.0972 4900 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:28:34.0034 4900 p2psvc - ok
15:28:34.0081 4900 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:28:34.0144 4900 Parport - ok
15:28:34.0190 4900 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:28:34.0206 4900 partmgr - ok
15:28:34.0222 4900 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:28:34.0284 4900 Parvdm - ok
15:28:34.0409 4900 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
15:28:34.0440 4900 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
15:28:34.0440 4900 PassThru Service - detected UnsignedFile.Multi.Generic (1)
15:28:34.0471 4900 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:28:34.0502 4900 PcaSvc - ok
15:28:34.0549 4900 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:28:34.0549 4900 pci - ok
15:28:34.0596 4900 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
15:28:34.0596 4900 pciide - ok
15:28:34.0612 4900 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:28:34.0627 4900 pcmcia - ok
15:28:34.0690 4900 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:28:34.0783 4900 PEAUTH - ok
15:28:34.0955 4900 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:28:35.0282 4900 pla - ok
15:28:35.0329 4900 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:28:35.0360 4900 PlugPlay - ok
15:28:35.0407 4900 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:28:35.0470 4900 PNRPAutoReg - ok
15:28:35.0485 4900 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:28:35.0548 4900 PNRPsvc - ok
15:28:35.0594 4900 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:28:35.0719 4900 PolicyAgent - ok
15:28:35.0782 4900 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:28:35.0813 4900 PptpMiniport - ok
15:28:35.0844 4900 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:28:35.0875 4900 Processor - ok
15:28:35.0891 4900 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:28:35.0922 4900 ProfSvc - ok
15:28:35.0938 4900 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:28:35.0953 4900 ProtectedStorage - ok
15:28:35.0984 4900 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:28:36.0016 4900 PSched - ok
15:28:36.0078 4900 [ 9866479C5C894C3A064EEB6F68618822 ] PTUMWBus C:\Windows\system32\DRIVERS\PTUMWBus.sys
15:28:36.0094 4900 PTUMWBus - ok
15:28:36.0125 4900 [ C51EAC8FB88163304329279E82F1D89F ] PTUMWCDF C:\Windows\system32\DRIVERS\PTUMWCDF.sys
15:28:36.0125 4900 PTUMWCDF - ok
15:28:36.0203 4900 [ 4F840761BB4D674856F6C36F9B66624C ] PTUMWFLT C:\Windows\system32\DRIVERS\PTUMWFLT.sys
15:28:36.0218 4900 PTUMWFLT - ok
15:28:36.0265 4900 [ 411E332A6426C9B87F5F9B02BCDD15BF ] PTUMWMdm C:\Windows\system32\DRIVERS\PTUMWMdm.sys
15:28:36.0281 4900 PTUMWMdm - ok
15:28:36.0312 4900 [ BDC1F41F77415A432CA030F30F2AB898 ] PTUMWNET C:\Windows\system32\DRIVERS\PTUMWNET.sys
15:28:36.0328 4900 PTUMWNET - ok
15:28:36.0343 4900 [ E4812824CDC46A90DDE225C0FD284098 ] PTUMWVsp C:\Windows\system32\DRIVERS\PTUMWVsp.sys
15:28:36.0359 4900 PTUMWVsp - ok
15:28:36.0406 4900 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:28:36.0421 4900 PxHelp20 - ok
15:28:36.0515 4900 [ 0A2C21B3168F2EFC3468B35FF5508CEA ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:28:36.0546 4900 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
15:28:36.0546 4900 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
15:28:36.0624 4900 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:28:36.0624 4900 QBFCService ( UnsignedFile.Multi.Generic ) - warning
15:28:36.0624 4900 QBFCService - detected UnsignedFile.Multi.Generic (1)
15:28:36.0702 4900 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:28:36.0764 4900 ql2300 - ok
15:28:36.0796 4900 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:28:36.0811 4900 ql40xx - ok
15:28:36.0842 4900 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:28:36.0889 4900 QWAVE - ok
15:28:36.0905 4900 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:28:36.0967 4900 QWAVEdrv - ok
15:28:37.0108 4900 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
15:28:37.0123 4900 RapiMgr - ok
15:28:37.0154 4900 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:28:37.0201 4900 RasAcd - ok
15:28:37.0232 4900 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:28:37.0295 4900 RasAuto - ok
15:28:37.0310 4900 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:28:37.0342 4900 Rasl2tp - ok
15:28:37.0373 4900 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:28:37.0435 4900 RasMan - ok
15:28:37.0466 4900 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:28:37.0513 4900 RasPppoe - ok
15:28:37.0544 4900 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:28:37.0560 4900 RasSstp - ok
15:28:37.0591 4900 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:28:37.0654 4900 rdbss - ok
15:28:37.0685 4900 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:28:37.0700 4900 RDPCDD - ok
15:28:37.0732 4900 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
15:28:37.0763 4900 rdpdr - ok
15:28:37.0763 4900 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:28:37.0778 4900 RDPENCDD - ok
15:28:37.0841 4900 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:28:37.0888 4900 RDPWD - ok
15:28:37.0966 4900 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
15:28:37.0966 4900 regi - ok
15:28:38.0059 4900 [ 5608ED3957105BC14E3C426BB27AC5A1 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:28:38.0075 4900 RegSrvc - ok
15:28:38.0122 4900 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:28:38.0184 4900 RemoteAccess - ok
15:28:38.0215 4900 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:28:38.0278 4900 RemoteRegistry - ok
15:28:38.0309 4900 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:28:38.0356 4900 RFCOMM - ok
15:28:38.0387 4900 [ F2993908BE03181C781228DAADC55230 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:28:38.0434 4900 rimsptsk - ok
15:28:38.0480 4900 [ 5AC9F12ECD96FF7EA52881FCED254191 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
15:28:38.0512 4900 risdptsk - ok
15:28:38.0558 4900 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:28:38.0574 4900 RpcLocator - ok
15:28:38.0605 4900 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:28:38.0636 4900 RpcSs - ok
15:28:38.0668 4900 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:28:38.0714 4900 rspndr - ok
15:28:38.0714 4900 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:28:38.0730 4900 SamSs - ok
15:28:38.0761 4900 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:28:38.0777 4900 sbp2port - ok
15:28:38.0948 4900 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
15:28:39.0136 4900 SBSDWSCService - ok
15:28:39.0151 4900 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:28:39.0229 4900 SCardSvr - ok
15:28:39.0292 4900 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:28:39.0338 4900 Schedule - ok
15:28:39.0370 4900 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:28:39.0385 4900 SCPolicySvc - ok
15:28:39.0463 4900 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:28:39.0541 4900 sdbus - ok
15:28:39.0588 4900 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:28:39.0619 4900 SDRSVC - ok
15:28:39.0666 4900 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:28:39.0697 4900 secdrv - ok
15:28:39.0728 4900 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:28:39.0744 4900 seclogon - ok
15:28:39.0775 4900 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:28:39.0791 4900 SENS - ok
15:28:39.0822 4900 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:28:39.0884 4900 Serenum - ok
15:28:39.0916 4900 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:28:40.0009 4900 Serial - ok
15:28:40.0040 4900 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:28:40.0072 4900 sermouse - ok
15:28:40.0103 4900 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:28:40.0150 4900 SessionEnv - ok
15:28:40.0181 4900 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
15:28:40.0212 4900 SFEP - ok
15:28:40.0259 4900 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:28:40.0274 4900 sffdisk - ok
15:28:40.0306 4900 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:28:40.0352 4900 sffp_mmc - ok
15:28:40.0384 4900 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:28:40.0415 4900 sffp_sd - ok
15:28:40.0446 4900 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:28:40.0508 4900 sfloppy - ok
15:28:40.0555 4900 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:28:40.0571 4900 ShellHWDetection - ok
15:28:40.0696 4900 [ 5B36E43A535345599515D20FA77C8026 ] shpf C:\Windows\system32\DRIVERS\shpf.sys
15:28:40.0696 4900 shpf - ok
15:28:40.0727 4900 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:28:40.0742 4900 sisagp - ok
15:28:40.0758 4900 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:28:40.0774 4900 SiSRaid2 - ok
15:28:40.0789 4900 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:28:40.0805 4900 SiSRaid4 - ok
15:28:40.0898 4900 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:28:41.0242 4900 slsvc - ok
15:28:41.0273 4900 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:28:41.0335 4900 SLUINotify - ok
15:28:41.0366 4900 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:28:41.0398 4900 Smb - ok
15:28:41.0413 4900 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:28:41.0429 4900 SNMPTRAP - ok
15:28:41.0460 4900 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:28:41.0476 4900 spldr - ok
15:28:41.0491 4900 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:28:41.0538 4900 Spooler - ok
15:28:41.0585 4900 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:28:41.0600 4900 SQLBrowser - ok
15:28:41.0632 4900 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:28:41.0647 4900 SQLWriter - ok
15:28:41.0694 4900 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:28:41.0725 4900 srv - ok
15:28:41.0772 4900 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:28:41.0819 4900 srv2 - ok
15:28:41.0850 4900 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:28:41.0881 4900 srvnet - ok
15:28:41.0928 4900 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
15:28:41.0944 4900 sscdbus - ok
15:28:42.0053 4900 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:28:42.0053 4900 sscdmdfl - ok
15:28:42.0115 4900 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
15:28:42.0131 4900 sscdmdm - ok
15:28:42.0178 4900 [ 6C239402A3303C66016F5F915E0E8698 ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
15:28:42.0193 4900 sscdserd - ok
15:28:42.0224 4900 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:28:42.0271 4900 SSDPSRV - ok
15:28:42.0380 4900 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:28:42.0458 4900 SstpSvc - ok
15:28:42.0599 4900 [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
15:28:42.0614 4900 ssudmdm - ok
15:28:42.0708 4900 [ A20A049142D5964701ED449A4A10A338 ] ssudserd C:\Windows\system32\DRIVERS\ssudserd.sys
15:28:42.0958 4900 ssudserd - ok
15:28:43.0067 4900 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:28:43.0114 4900 stisvc - ok
15:28:43.0192 4900 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:28:43.0223 4900 swenum - ok
15:28:43.0379 4900 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:28:43.0441 4900 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:28:43.0441 4900 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:28:43.0519 4900 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:28:43.0535 4900 swprv - ok
15:28:43.0582 4900 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:28:43.0582 4900 Symc8xx - ok
15:28:43.0628 4900 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:28:43.0644 4900 Sym_hi - ok
15:28:43.0691 4900 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:28:43.0706 4900 Sym_u3 - ok
15:28:43.0722 4900 [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:28:43.0738 4900 SynTP - ok
15:28:43.0784 4900 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:28:43.0862 4900 SysMain - ok
15:28:43.0878 4900 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:28:43.0940 4900 TabletInputService - ok
15:28:43.0972 4900 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:28:44.0018 4900 TapiSrv - ok
15:28:44.0050 4900 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:28:44.0096 4900 TBS - ok
15:28:44.0143 4900 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:28:44.0190 4900 Tcpip - ok
15:28:44.0206 4900 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:28:44.0362 4900 Tcpip6 - ok
15:28:44.0408 4900 [ 4BED0C7FDF414D1BD26BF33EA673CA49 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
15:28:44.0440 4900 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
15:28:44.0440 4900 tcpipBM - detected UnsignedFile.Multi.Generic (1)
15:28:44.0471 4900 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:28:44.0502 4900 tcpipreg - ok
15:28:44.0596 4900 [ 72B9E77565DA5FA564581976E000D29B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
15:28:44.0611 4900 TcUsb - ok
15:28:44.0627 4900 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:28:44.0674 4900 TDPIPE - ok
15:28:44.0705 4900 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:28:44.0767 4900 TDTCP - ok
15:28:44.0798 4900 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:28:44.0830 4900 tdx - ok
15:28:44.0845 4900 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:28:44.0861 4900 TermDD - ok
15:28:44.0892 4900 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:28:44.0986 4900 TermService - ok
15:28:45.0017 4900 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:28:45.0064 4900 Themes - ok
15:28:45.0095 4900 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:28:45.0126 4900 THREADORDER - ok
15:28:45.0188 4900 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
15:28:45.0188 4900 TPM - ok
15:28:45.0220 4900 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:28:45.0251 4900 TrkWks - ok
15:28:45.0344 4900 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
15:28:45.0360 4900 TrueSight ( UnsignedFile.Multi.Generic ) - warning
15:28:45.0360 4900 TrueSight - detected UnsignedFile.Multi.Generic (1)
15:28:45.0422 4900 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:28:45.0469 4900 TrustedInstaller - ok
15:28:45.0500 4900 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:28:45.0532 4900 tssecsrv - ok
15:28:45.0547 4900 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:28:45.0594 4900 tunmp - ok
15:28:45.0625 4900 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:28:45.0656 4900 tunnel - ok
15:28:45.0703 4900 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:28:45.0703 4900 uagp35 - ok
15:28:45.0766 4900 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:28:45.0828 4900 udfs - ok
15:28:45.0875 4900 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:28:45.0984 4900 UI0Detect - ok
15:28:46.0000 4900 UIUSys - ok
15:28:46.0078 4900 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:28:46.0093 4900 uliagpkx - ok
15:28:46.0140 4900 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:28:46.0156 4900 uliahci - ok
15:28:46.0187 4900 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:28:46.0202 4900 UlSata - ok
15:28:46.0218 4900 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:28:46.0234 4900 ulsata2 - ok
15:28:46.0249 4900 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:28:46.0296 4900 umbus - ok
15:28:46.0343 4900 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
15:28:46.0390 4900 UmRdpService - ok
15:28:46.0608 4900 [ EFD150CDD5AA3269118EF500222B88E0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
15:28:46.0842 4900 UNS - ok
15:28:46.0889 4900 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:28:46.0920 4900 upnphost - ok
15:28:46.0998 4900 [ C2B5399957BAE9F4DD9B279546F08829 ] USB Access Restriction C:\Program Files\Sony\USB Access Restriction Setting\USB Access Restriction.exe
15:28:46.0998 4900 USB Access Restriction - ok
15:28:47.0092 4900 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:28:47.0092 4900 USBAAPL - ok
15:28:47.0138 4900 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:28:47.0154 4900 usbccgp - ok
15:28:47.0201 4900 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:28:47.0279 4900 usbcir - ok
15:28:47.0357 4900 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:28:47.0372 4900 usbehci - ok
15:28:47.0388 4900 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:28:47.0435 4900 usbhub - ok
15:28:47.0450 4900 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:28:47.0513 4900 usbohci - ok
15:28:47.0544 4900 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:28:47.0591 4900 usbprint - ok
15:28:47.0653 4900 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:28:47.0669 4900 usbscan - ok
15:28:47.0700 4900 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:28:47.0716 4900 USBSTOR - ok
15:28:47.0731 4900 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:28:47.0747 4900 usbuhci - ok
15:28:47.0762 4900 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:28:47.0809 4900 usbvideo - ok
15:28:47.0872 4900 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
15:28:47.0887 4900 usb_rndisx - ok
15:28:47.0934 4900 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:28:47.0950 4900 UxSms - ok
15:28:48.0074 4900 [ 693A3FDD279C345105FFF9DDE277849B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
15:28:48.0074 4900 VAIO Event Service - ok
15:28:48.0106 4900 [ 2A6565981B46BBDBEDD7AE99C106DE87 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:28:48.0121 4900 VAIO Power Management - ok
15:28:48.0152 4900 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:28:48.0184 4900 vds - ok
15:28:48.0215 4900 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:28:48.0262 4900 vga - ok
15:28:48.0277 4900 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:28:48.0324 4900 VgaSave - ok
15:28:48.0340 4900 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:28:48.0355 4900 viaagp - ok
15:28:48.0371 4900 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:28:48.0418 4900 ViaC7 - ok
15:28:48.0433 4900 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:28:48.0449 4900 viaide - ok
15:28:48.0480 4900 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:28:48.0480 4900 volmgr - ok
15:28:48.0527 4900 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:28:48.0542 4900 volmgrx - ok
15:28:48.0574 4900 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:28:48.0589 4900 volsnap - ok
15:28:48.0620 4900 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:28:48.0636 4900 vsmraid - ok
15:28:48.0698 4900 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:28:48.0745 4900 VSS - ok
15:28:48.0808 4900 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:28:48.0854 4900 W32Time - ok
15:28:48.0886 4900 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:28:48.0932 4900 WacomPen - ok
15:28:48.0964 4900 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:28:48.0995 4900 Wanarp - ok
15:28:48.0995 4900 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:28:49.0010 4900 Wanarpv6 - ok
15:28:49.0042 4900 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
15:28:49.0135 4900 wbengine - ok
15:28:49.0182 4900 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
15:28:49.0213 4900 WcesComm - ok
15:28:49.0260 4900 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:28:49.0322 4900 wcncsvc - ok
15:28:49.0369 4900 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:28:49.0385 4900 WcsPlugInService - ok
15:28:49.0432 4900 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:28:49.0432 4900 Wd - ok
15:28:49.0478 4900 [ 6ED4FAA0734A392D0FA7D78502A68DB8 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:28:49.0478 4900 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 6ED4FAA0734A392D0FA7D78502A68DB8, Fake md5: B6F0A7AD6D4BD325FBCD8BAC96CD8D96
15:28:49.0478 4900 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
15:28:49.0478 4900 Wdf01000 - detected Virus.Win32.Rloader.a (0)
15:28:49.0494 4900 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:28:49.0525 4900 WdiServiceHost - ok
15:28:49.0541 4900 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:28:49.0556 4900 WdiSystemHost - ok
15:28:49.0619 4900 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:28:49.0634 4900 WebClient - ok
15:28:49.0666 4900 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:28:49.0681 4900 Wecsvc - ok
15:28:49.0697 4900 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:28:49.0712 4900 wercplsupport - ok
15:28:49.0744 4900 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:28:49.0759 4900 WerSvc - ok
15:28:49.0790 4900 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:28:49.0806 4900 WimFltr - ok
15:28:49.0837 4900 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:28:49.0884 4900 winachsf - ok
15:28:49.0884 4900 WinHttpAutoProxySvc - ok
15:28:50.0024 4900 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:28:50.0040 4900 Winmgmt - ok
15:28:50.0087 4900 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:28:50.0196 4900 WinRM - ok
15:28:50.0290 4900 [ 028747E4DBFC1FA3C6E1C43733FD8FBB ] winss C:\Program Files\Microsoft Windows OneCare Live\winss.exe
15:28:50.0352 4900 winss - ok
15:28:50.0430 4900 [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
15:28:50.0477 4900 WinUSB - ok
15:28:50.0524 4900 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:28:50.0586 4900 Wlansvc - ok
15:28:50.0695 4900 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:28:50.0711 4900 wlcrasvc - ok
15:28:50.0836 4900 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:28:51.0007 4900 wlidsvc - ok
15:28:51.0054 4900 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:28:51.0101 4900 WmiAcpi - ok
15:28:51.0241 4900 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:28:51.0272 4900 wmiApSrv - ok
15:28:51.0335 4900 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:28:51.0522 4900 WMPNetworkSvc - ok
15:28:51.0600 4900 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:28:51.0662 4900 WPDBusEnum - ok
15:28:51.0756 4900 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:28:51.0803 4900 WpdUsb - ok
15:28:51.0959 4900 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:28:51.0990 4900 WPFFontCache_v0400 - ok
15:28:52.0037 4900 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:28:52.0084 4900 ws2ifsl - ok
15:28:52.0084 4900 WSearch - ok
15:28:52.0115 4900 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:28:52.0130 4900 WUDFRd - ok
15:28:52.0162 4900 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:28:52.0177 4900 wudfsvc - ok
15:28:52.0208 4900 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
15:28:52.0271 4900 XAudio - ok
15:28:52.0302 4900 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
15:28:52.0380 4900 XAudioService - ok
15:28:52.0427 4900 [ 82546AB4A44BB956B76AADEF8BAAD742 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
15:28:52.0458 4900 yukonwlh - ok
15:28:52.0489 4900 ================ Scan global ===============================
15:28:52.0536 4900 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:28:52.0567 4900 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:28:52.0583 4900 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:28:52.0630 4900 [ 8737764F4FD36D6808EE80578409C843 ] C:\Windows\system32\services.exe
15:28:52.0645 4900 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
15:28:52.0645 4900 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
15:28:52.0645 4900 ================ Scan MBR ==================================
15:28:52.0661 4900 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:28:53.0238 4900 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:28:53.0238 4900 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:28:53.0254 4900 [ 5D0DB44DE3DB053E359B3424534F3FAC ] \Device\Harddisk2\DR2
15:28:53.0363 4900 \Device\Harddisk2\DR2 - ok
15:28:53.0363 4900 ================ Scan VBR ==================================
15:28:53.0363 4900 [ DD35893CB0A4CEDB568E4C8A27CFA79F ] \Device\Harddisk0\DR0\Partition1
15:28:53.0378 4900 \Device\Harddisk0\DR0\Partition1 - ok
15:28:53.0378 4900 ============================================================
15:28:53.0378 4900 Scan finished
15:28:53.0378 4900 ============================================================
15:28:53.0378 5444 Detected object count: 11
15:28:53.0378 5444 Actual detected object count: 11
15:29:09.0368 5444 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:09.0368 5444 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:09.0368 5444 cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:09.0368 5444 cpuz132 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:09.0368 5444 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:09.0368 5444 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:09.0368 5444 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:09.0368 5444 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:09.0368 5444 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:09.0368 5444 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:09.0368 5444 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:09.0368 5444 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:09.0368 5444 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:09.0368 5444 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:09.0384 5444 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:09.0384 5444 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:09.0774 5444 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
15:29:09.0914 5444 Backup copy found, using it..
15:29:09.0930 5444 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
15:29:09.0930 5444 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
15:29:09.0961 5444 C:\Windows\system32\services.exe - copied to quarantine
15:29:12.0208 5444 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
15:29:19.0649 5444 Backup copy found, using it..
15:29:19.0711 5444 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
15:29:19.0836 5444 C:\Windows\system32\services.exe - will be cured on reboot
15:29:19.0836 5444 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure
15:29:19.0836 5444 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:29:19.0836 5444 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:05:59.0205 5208 Deinitialize success

OK I am going to run it after posting this.