Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware multiple hdd infection w/ google redirect


  • Please log in to reply

#1
dost

dost

    New Member

  • Member
  • Pip
  • 4 posts
I'll mention that before I knew I was infected, I was looking through my external harddrives (3 of them) for some files.. which I'm sure they too are now compromised as well which might complicate the solution as I misplaced some cables to attach them all at the same time for the OTL scan. Sorry :3

Anyways, I started to get jankey google search results despite popular search terms, very obscure sites would show in results and if clicking a link would redirect through an ad-site. The search results and redirect occurs specifically on google.com regardless of the browser used, Yahoo seemed to show normal search results and links. The malware blocked Malwarebytes from opening and Avira found no results. Not knowing yet it was a hdd type malware I reformatted and reinstalled windows. After installing videocard drivers and chrome, I experienced the same results in regards to google searches. Windows also would not update properly; many security updates and 'important' updates failed. This time I was able to dl' and run Malwarebytes but after a full scan it found nothing. Eset's online scanner has also found nothing.

tl;dr - up to 5 hdds infected. C drive, an internal storage drive, and 3 seperate external hdd (1 usb 3.0 & 2 usb 2.0s). I can only connect 2 of the external hdds at the same time, 1 3.0 and 1 of the 2.0s because of the different cables.

The following OTL SCAN IS WITH ONLY ONE EXTERNAL HDD CONNECTED. Might be simplier to do it one at a time but I'll wait for your instructions on how you'd want to go about this..



OTL logfile created on: 8/24/2012 3:55:31 PM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Kris\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.21 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 56.06% Memory free
6.42 Gb Paging File | 3.87 Gb Available in Paging File | 60.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 904.85 Gb Free Space | 97.15% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 645.20 Gb Free Space | 34.63% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 2.44 Gb Free Space | 1.05% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Guild Wars 2\Gw2.exe (ArenaNet)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
PRC - C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe (D-Link Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\calc.exe (Microsoft Corporation)
PRC - C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
MOD - C:\Program Files\D-Link\DWA-552 revA\WlanDll.dll ()
MOD - C:\Program Files\D-Link\DWA-552 revA\WLanWps.dll ()
MOD - C:\Program Files\Pidgin\plugins\spellchk.dll ()
MOD - C:\Program Files\Pidgin\plugins\winprefs.dll ()
MOD - C:\Program Files\Pidgin\plugins\ticker.dll ()
MOD - C:\Program Files\Pidgin\plugins\win2ktrans.dll ()
MOD - C:\Program Files\Pidgin\plugins\ssl-nss.dll ()
MOD - C:\Program Files\Pidgin\plugins\timestamp.dll ()
MOD - C:\Program Files\Pidgin\plugins\timestamp_format.dll ()
MOD - C:\Program Files\Pidgin\plugins\statenotify.dll ()
MOD - C:\Program Files\Pidgin\plugins\psychic.dll ()
MOD - C:\Program Files\Pidgin\plugins\relnot.dll ()
MOD - C:\Program Files\Pidgin\plugins\ssl.dll ()
MOD - C:\Program Files\Pidgin\plugins\libyahoo.dll ()
MOD - C:\Program Files\Pidgin\plugins\libqq.dll ()
MOD - C:\Program Files\Pidgin\plugins\libmsn.dll ()
MOD - C:\Program Files\Pidgin\plugins\libsilc.dll ()
MOD - C:\Program Files\Pidgin\plugins\libgg.dll ()
MOD - C:\Program Files\Pidgin\plugins\libsametime.dll ()
MOD - C:\Program Files\Pidgin\plugins\libnovell.dll ()
MOD - C:\Program Files\Pidgin\plugins\libmyspace.dll ()
MOD - C:\Program Files\Pidgin\plugins\libirc.dll ()
MOD - C:\Program Files\Pidgin\plugins\libbonjour.dll ()
MOD - C:\Program Files\Pidgin\plugins\libsimple.dll ()
MOD - C:\Program Files\Pidgin\plugins\log_reader.dll ()
MOD - C:\Program Files\Pidgin\plugins\notify.dll ()
MOD - C:\Program Files\Pidgin\plugins\pidginrc.dll ()
MOD - C:\Program Files\Pidgin\plugins\libxmpp.dll ()
MOD - C:\Program Files\Pidgin\plugins\markerline.dll ()
MOD - C:\Program Files\Pidgin\plugins\history.dll ()
MOD - C:\Program Files\Pidgin\plugins\idle.dll ()
MOD - C:\Program Files\Pidgin\plugins\offlinemsg.dll ()
MOD - C:\Program Files\Pidgin\plugins\joinpart.dll ()
MOD - C:\Program Files\Pidgin\plugins\libicq.dll ()
MOD - C:\Program Files\Pidgin\plugins\extplacement.dll ()
MOD - C:\Program Files\Pidgin\plugins\libaim.dll ()
MOD - C:\Program Files\Pidgin\plugins\newline.dll ()
MOD - C:\Program Files\Pidgin\plugins\gtkbuddynote.dll ()
MOD - C:\Program Files\Pidgin\plugins\iconaway.dll ()
MOD - C:\Program Files\Pidgin\liboscar.dll ()
MOD - C:\Program Files\Pidgin\libjabber.dll ()
MOD - C:\Program Files\Pidgin\plugins\convcolors.dll ()
MOD - C:\Program Files\Pidgin\plugins\autoaccept.dll ()
MOD - C:\Program Files\Pidgin\idletrack.dll ()
MOD - C:\Program Files\Pidgin\plugins\buddynote.dll ()
MOD - C:\Program Files\Pidgin\libxml2.dll ()
MOD - C:\Program Files\Pidgin\libsilc-1-1-2.dll ()
MOD - C:\Program Files\Pidgin\libsilcclient-1-1-2.dll ()
MOD - C:\Program Files\Pidgin\libmeanwhile-1.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\bin\libcairo-2.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\bin\libpangocairo-1.0-0.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\bin\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (jswpsapi) -- C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe (Atheros Communications, Inc.)


========== Driver Services (SafeList) ==========

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 64 D5 01 37 82 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kris\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kris\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kris\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kris\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F77B1F9E-5B7A-4E18-AC28-B309DDC61C5D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cdf8c718-ee1e-11e1-9300-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cdf8c718-ee1e-11e1-9300-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 14:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/24 13:54:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kris\Desktop\OTL.exe
[2012/08/24 13:42:04 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Malwarebytes
[2012/08/24 13:41:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/24 13:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/24 13:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/24 13:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/24 12:53:39 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\.purple
[2012/08/24 12:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2012/08/24 12:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gtk+
[2012/08/24 12:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2012/08/24 12:48:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/08/24 12:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/08/24 12:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Guild Wars 2
[2012/08/24 12:38:05 | 000,000,000 | ---D | C] -- C:\Users\Kris\Documents\Guild Wars 2
[2012/08/24 12:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/08/24 12:28:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/08/24 12:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/08/24 12:27:56 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/08/24 12:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/08/24 12:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/08/24 12:27:01 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/08/24 12:23:29 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/24 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Google
[2012/08/24 12:22:51 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Deployment
[2012/08/24 12:22:51 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Apps
[2012/08/24 12:20:15 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Leadertech
[2012/08/24 12:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
[2012/08/24 12:17:52 | 001,268,736 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/08/24 12:17:52 | 000,020,384 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\jswpslwf.sys
[2012/08/24 12:17:52 | 000,000,000 | ---D | C] -- C:\Windows\pcidevice
[2012/08/24 12:17:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/08/24 12:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2012/08/24 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\InstallShield
[2012/08/24 12:14:31 | 000,000,000 | R--D | C] -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/24 12:14:31 | 000,000,000 | R--D | C] -- C:\Users\Kris\Searches
[2012/08/24 12:14:31 | 000,000,000 | R--D | C] -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/24 12:14:31 | 000,000,000 | -H-D | C] -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/24 12:14:23 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Identities
[2012/08/24 12:14:22 | 000,000,000 | R--D | C] -- C:\Users\Kris\Contacts
[2012/08/24 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\VirtualStore
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\AppData\Local\Temporary Internet Files
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\Templates
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\Start Menu
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\SendTo
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\Recent
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\PrintHood
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\NetHood
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\Documents\My Videos
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\Documents\My Pictures
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\Documents\My Music
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\My Documents
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\Local Settings
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\AppData\Local\History
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\Cookies
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\Application Data
[2012/08/24 12:14:07 | 000,000,000 | -HSD | C] -- C:\Users\Kris\AppData\Local\Application Data
[2012/08/24 12:14:06 | 000,000,000 | --SD | C] -- C:\Users\Kris\AppData\Roaming\Microsoft
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\Videos
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\Saved Games
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\Pictures
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\Music
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\Links
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\Favorites
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\Downloads
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\Documents
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\Desktop
[2012/08/24 12:14:06 | 000,000,000 | R--D | C] -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/24 12:14:06 | 000,000,000 | -H-D | C] -- C:\Users\Kris\AppData
[2012/08/24 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Temp
[2012/08/24 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Microsoft
[2012/08/24 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Media Center Programs
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2012/08/24 12:12:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2012/08/24 12:09:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/24 12:07:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/24 12:07:11 | 000,000,000 | ---D | C] -- C:\Windows\CSC

========== Files - Modified Within 30 Days ==========

[2012/08/24 15:36:07 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-477682539-3374099683-1709961703-1000UA.job
[2012/08/24 13:54:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kris\Desktop\OTL.exe
[2012/08/24 13:41:57 | 000,001,091 | ---- | M] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/24 13:41:57 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/24 13:27:12 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 13:27:12 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 13:25:29 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/24 13:25:29 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/24 13:19:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/24 13:19:34 | 2586,775,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/24 13:10:47 | 000,001,407 | ---- | M] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/24 12:50:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/08/24 12:38:34 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/24 12:36:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-477682539-3374099683-1709961703-1000Core.job
[2012/08/24 12:23:32 | 000,002,358 | ---- | M] () -- C:\Users\Kris\Desktop\Google Chrome.lnk
[2012/08/24 12:17:51 | 000,000,912 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/08/24 12:17:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2012/08/24 12:09:42 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/08/24 12:06:59 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/08/24 13:41:57 | 000,001,091 | ---- | C] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/24 13:41:57 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/24 12:53:08 | 000,000,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2012/08/24 12:50:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/08/24 12:38:34 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/24 12:28:09 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/08/24 12:27:40 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/08/24 12:23:32 | 000,002,358 | ---- | C] () -- C:\Users\Kris\Desktop\Google Chrome.lnk
[2012/08/24 12:22:57 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-477682539-3374099683-1709961703-1000UA.job
[2012/08/24 12:22:56 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-477682539-3374099683-1709961703-1000Core.job
[2012/08/24 12:21:26 | 000,001,407 | ---- | C] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/24 12:17:51 | 000,000,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/08/24 12:17:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2012/08/24 12:14:33 | 000,001,413 | ---- | C] () -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/24 12:14:06 | 000,000,290 | ---- | C] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/24 12:14:06 | 000,000,272 | ---- | C] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/24 12:06:39 | 2586,775,552 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

========== LOP Check ==========

[2012/08/24 15:43:35 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\.purple
[2012/08/24 12:20:15 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Leadertech
[2009/07/13 21:53:46 | 000,002,880 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Admin. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply



Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
  • 0

#3
dost

dost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks Kinner for your reply! :) Any idea if this rootkit phiar.c keylogs?


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To be filled by O.E.M.
System Product Name: To be filled by O.E.M.
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 187):
0x82C38000 \SystemRoot\system32\ntkrnlpa.exe
0x82C01000 \SystemRoot\system32\halmacpi.dll
0x87181000 \SystemRoot\system32\kdcom.dll
0x83233000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8323E000 \SystemRoot\system32\PSHED.dll
0x8324F000 \SystemRoot\system32\BOOTVID.dll
0x83257000 \SystemRoot\system32\CLFS.SYS
0x83299000 \SystemRoot\system32\CI.dll
0x83344000 \SystemRoot\system32\drivers\Wdf01000.sys
0x833B5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83439000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83481000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8348A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83492000 \SystemRoot\system32\DRIVERS\pci.sys
0x834BC000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x834C7000 \SystemRoot\System32\drivers\partmgr.sys
0x834D8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x834E0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x834EB000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x834FB000 \SystemRoot\System32\drivers\volmgrx.sys
0x83546000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8354D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8355B000 \SystemRoot\System32\drivers\mountmgr.sys
0x83571000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8357A000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8359D000 \SystemRoot\system32\DRIVERS\msahci.sys
0x835A7000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x835B0000 \SystemRoot\system32\drivers\fltmgr.sys
0x835E4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8362E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8375D000 \SystemRoot\System32\Drivers\msrpc.sys
0x83788000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8379B000 \SystemRoot\System32\Drivers\cng.sys
0x83600000 \SystemRoot\System32\drivers\pcw.sys
0x8360E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BA29000 \SystemRoot\system32\drivers\ndis.sys
0x8BAE0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BB1E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC0A000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD54000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BD85000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BD8E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BDCD000 \SystemRoot\System32\Drivers\spldr.sys
0x8BB43000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BDD5000 \SystemRoot\System32\Drivers\mup.sys
0x8BDE5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BB70000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BDED000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BBA2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BA00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BA1F000 \SystemRoot\System32\Drivers\Null.SYS
0x8BBF0000 \SystemRoot\System32\Drivers\Beep.SYS
0x83617000 \SystemRoot\System32\drivers\vga.sys
0x83400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x83421000 \SystemRoot\System32\drivers\watchdog.sys
0x8BBF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x83623000 \SystemRoot\system32\drivers\rdpencdd.sys
0x837F8000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8342E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x833C3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x833D1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x835F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90034000 \SystemRoot\system32\drivers\afd.sys
0x9008E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x900C0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x900C7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x900E6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x900F7000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
0x900FC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9010A000 \SystemRoot\system32\DRIVERS\serial.sys
0x90124000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90137000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90147000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90188000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90192000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9019C000 \SystemRoot\System32\drivers\discache.sys
0x90425000 \SystemRoot\system32\drivers\csc.sys
0x90489000 \SystemRoot\System32\Drivers\dfsc.sys
0x904A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x904AF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92A15000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x93508000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x935BF000 \SystemRoot\System32\drivers\dxgmms1.sys
0x904D0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92A00000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x904EF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9053A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92A0A000 \SystemRoot\system32\DRIVERS\serenum.sys
0x81E1E000 \SystemRoot\system32\DRIVERS\athr.sys
0x81F56000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x81F60000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x81F8C000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x81F9D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x81FA6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x81FB3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x81FC5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x81FDD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90549000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x81FE8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x81E00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9056B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90582000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9058C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90599000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x81E17000 \SystemRoot\system32\DRIVERS\swenum.sys
0x905A6000 \SystemRoot\system32\DRIVERS\ks.sys
0x905DA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x901A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x905E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90000000 \SystemRoot\system32\drivers\nvhda32v.sys
0x83200000 \SystemRoot\system32\drivers\portcls.sys
0x90400000 \SystemRoot\system32\drivers\drmk.sys
0x82633000 \SystemRoot\system32\drivers\HdAudio.sys
0x910E0000 \SystemRoot\System32\win32k.sys
0x82683000 \SystemRoot\System32\drivers\Dxapi.sys
0x8268D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8269A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x826A5000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x826AF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x826C0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x91340000 \SystemRoot\System32\TSDDD.dll
0x826CB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x826E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x826E4000 \SystemRoot\system32\drivers\luafv.sys
0x826FF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8270A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8271D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x82724000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8273B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82746000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91370000 \SystemRoot\System32\cdd.dll
0x82752000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82762000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x827A8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x827B8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9902C000 \SystemRoot\system32\drivers\HTTP.sys
0x990B1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x990CA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x990DC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x990FF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9913A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99155000 \SystemRoot\system32\drivers\peauth.sys
0x991EC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99000000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x827CB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CE37000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CE86000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CFCB000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76F50000 \Windows\System32\ntdll.dll
0x47740000 \Windows\System32\smss.exe
0x77190000 \Windows\System32\apisetschema.dll
0x00830000 \Windows\System32\autochk.exe
0x770F0000 \Windows\System32\oleaut32.dll
0x76D90000 \Windows\System32\iertutil.dll
0x770B0000 \Windows\System32\ws2_32.dll
0x770A0000 \Windows\System32\nsi.dll
0x76CC0000 \Windows\System32\user32.dll
0x76CA0000 \Windows\System32\sechost.dll
0x76C00000 \Windows\System32\advapi32.dll
0x77090000 \Windows\System32\lpk.dll
0x76AE0000 \Windows\System32\wininet.dll
0x76A00000 \Windows\System32\kernel32.dll
0x769A0000 \Windows\System32\difxapi.dll
0x75D50000 \Windows\System32\shell32.dll
0x75D40000 \Windows\System32\normaliz.dll
0x75D20000 \Windows\System32\imm32.dll
0x75CA0000 \Windows\System32\comdlg32.dll
0x75C40000 \Windows\System32\shlwapi.dll
0x75AE0000 \Windows\System32\ole32.dll
0x75A30000 \Windows\System32\rpcrt4.dll
0x759E0000 \Windows\System32\Wldap32.dll
0x75910000 \Windows\System32\msctf.dll
0x75870000 \Windows\System32\usp10.dll
0x75820000 \Windows\System32\gdi32.dll
0x75790000 \Windows\System32\clbcatq.dll
0x756E0000 \Windows\System32\msvcrt.dll
0x756B0000 \Windows\System32\imagehlp.dll
0x756A0000 \Windows\System32\psapi.dll
0x75500000 \Windows\System32\setupapi.dll
0x753E0000 \Windows\System32\urlmon.dll
0x75390000 \Windows\System32\KernelBase.dll
0x75360000 \Windows\System32\wintrust.dll
0x75330000 \Windows\System32\cfgmgr32.dll
0x75210000 \Windows\System32\crypt32.dll
0x75180000 \Windows\System32\comctl32.dll
0x75160000 \Windows\System32\devobj.dll
0x75150000 \Windows\System32\msasn1.dll

Processes (total 46):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
376 csrss.exe
424 C:\Windows\System32\wininit.exe
432 csrss.exe
472 C:\Windows\System32\services.exe
488 C:\Windows\System32\lsass.exe
496 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\svchost.exe
668 C:\Windows\System32\nvvsvc.exe
692 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
724 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1276 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1288 C:\Windows\System32\nvvsvc.exe
1440 C:\Windows\explorer.exe
1564 C:\Windows\System32\dwm.exe
1640 C:\Windows\System32\spoolsv.exe
1720 C:\Windows\System32\svchost.exe
1756 C:\Windows\System32\taskhost.exe
1752 C:\Windows\System32\rundll32.exe
1320 C:\Windows\System32\svchost.exe
2052 C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe
2188 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2400 C:\Windows\System32\SearchIndexer.exe
2776 C:\Program Files\Windows Media Player\wmpnetwk.exe
2860 C:\Windows\System32\svchost.exe
4052 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1508 C:\Windows\System32\svchost.exe
2668 C:\Windows\System32\calc.exe
6496 C:\Windows\System32\taskhost.exe
7636 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
3188 C:\Windows\System32\audiodg.exe
8140 C:\Program Files\Internet Explorer\iexplore.exe
6088 C:\Program Files\Internet Explorer\iexplore.exe
7108 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\SearchFilterHost.exe
6988 C:\Windows\System32\SearchProtocolHost.exe
780 C:\Users\Kris\Desktop\MBRCheck.exe
7960 C:\Windows\System32\conhost.exe
2796 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC3E
PhysicalDrive1 Model Number: SAMSUNGHD204UI, Rev: 1AQ10001
PhysicalDrive2 Model Number: SeagateFreeAgentDesktop, Rev: 100D

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1863 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!





-------





Farbar Service Scanner Version: 06-08-2012
Ran by Kris (administrator) on 26-08-2012 at 14:34:30
Running from "C:\Users\Kris\Desktop"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-08-24 12:38] - [2012-03-30 03:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-13 16:53] - [2009-07-13 18:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 16:54] - [2009-07-13 18:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 16:23] - [2009-07-13 18:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 16:24] - [2009-07-13 18:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 16:30] - [2009-07-13 18:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****





------------





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 14:36:35
-----------------------------
14:36:35.518 OS Version: Windows 6.1.7600
14:36:35.518 Number of processors: 2 586 0x402
14:36:35.518 ComputerName: KRIS-PC UserName: Kris
14:36:40.318 Initialize success
14:37:55.541 AVAST engine defs: 12082601
14:38:33.842 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
14:38:33.858 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 11
14:38:33.858 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-7
14:38:33.874 Disk 1 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
14:38:33.874 Disk 0 MBR read successfully
14:38:33.889 Disk 0 MBR scan
14:38:33.920 Disk 0 Windows 7 default MBR code
14:38:33.920 Disk 0 MBR hidden
14:38:33.952 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 1907727 MB offset 2048
14:38:33.967 Disk 0 scanning sectors +1953521664
14:38:34.014 Disk 0 scanning C:\Windows\system32\drivers
14:38:34.030 Service scanning
14:38:46.322 Modules scanning
14:38:52.048 AVAST engine scan C:\Windows
14:38:52.094 AVAST engine scan C:\Windows\system32
14:38:52.110 AVAST engine scan C:\Windows\system32\drivers
14:38:52.110 AVAST engine scan C:\Users\Kris
14:38:52.110 AVAST engine scan C:\ProgramData
14:38:52.126 Scan finished successfully
14:39:13.001 Disk 0 MBR has been saved successfully to "C:\Users\Kris\Desktop\MBR.dat"
14:39:13.017 The log file has been saved successfully to "C:\Users\Kris\Desktop\aswMBR.txt"






---------





14:46:49.0049 2280 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:46:49.0502 2280 ============================================================
14:46:49.0502 2280 Current date / time: 2012/08/26 14:46:49.0502
14:46:49.0502 2280 SystemInfo:
14:46:49.0502 2280
14:46:49.0502 2280 OS Version: 6.1.7600 ServicePack: 0.0
14:46:49.0502 2280 Product type: Workstation
14:46:49.0502 2280 ComputerName: KRIS-PC
14:46:49.0502 2280 UserName: Kris
14:46:49.0502 2280 Windows directory: C:\Windows
14:46:49.0502 2280 System windows directory: C:\Windows
14:46:49.0502 2280 Processor architecture: Intel x86
14:46:49.0502 2280 Number of processors: 2
14:46:49.0502 2280 Page size: 0x1000
14:46:49.0502 2280 Boot type: Normal boot
14:46:49.0502 2280 ============================================================
14:46:52.0632 2280 BG loaded
14:46:52.0864 2280 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:46:52.0884 2280 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:46:52.0884 2280 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:46:52.0904 2280 ============================================================
14:46:52.0904 2280 \Device\Harddisk0\DR0:
14:46:52.0904 2280 MBR partitions:
14:46:52.0904 2280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:46:52.0904 2280 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
14:46:52.0904 2280 \Device\Harddisk1\DR1:
14:46:52.0904 2280 MBR partitions:
14:46:52.0904 2280 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
14:46:52.0904 2280 \Device\Harddisk2\DR2:
14:46:52.0904 2280 MBR partitions:
14:46:52.0904 2280 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
14:46:52.0904 2280 ============================================================
14:46:52.0934 2280 C: <-> \Device\Harddisk0\DR0\Partition2
14:46:52.0974 2280 D: <-> \Device\Harddisk1\DR1\Partition1
14:46:53.0074 2280 F: <-> \Device\Harddisk2\DR2\Partition1
14:46:53.0074 2280 ============================================================
14:46:53.0074 2280 Initialize success
14:46:53.0074 2280 ============================================================
14:47:20.0227 3504 ============================================================
14:47:20.0227 3504 Scan started
14:47:20.0227 3504 Mode: Manual; SigCheck; TDLFS;
14:47:20.0227 3504 ============================================================
14:47:21.0366 3504 ================ Scan system memory ========================
14:47:21.0366 3504 System memory - ok
14:47:21.0366 3504 ================ Scan services =============================
14:47:21.0646 3504 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:47:21.0693 3504 1394ohci - ok
14:47:21.0693 3504 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
14:47:21.0709 3504 ACPI - ok
14:47:21.0709 3504 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
14:47:21.0740 3504 AcpiPmi - ok
14:47:21.0771 3504 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:47:21.0787 3504 adp94xx - ok
14:47:21.0787 3504 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:47:21.0802 3504 adpahci - ok
14:47:21.0802 3504 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:47:21.0818 3504 adpu320 - ok
14:47:21.0834 3504 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:47:21.0880 3504 AeLookupSvc - ok
14:47:21.0912 3504 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
14:47:21.0974 3504 AFD - ok
14:47:21.0990 3504 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
14:47:21.0990 3504 agp440 - ok
14:47:22.0005 3504 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
14:47:22.0021 3504 aic78xx - ok
14:47:22.0021 3504 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:47:22.0036 3504 ALG - ok
14:47:22.0036 3504 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
14:47:22.0036 3504 aliide - ok
14:47:22.0052 3504 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
14:47:22.0052 3504 amdagp - ok
14:47:22.0052 3504 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
14:47:22.0068 3504 amdide - ok
14:47:22.0068 3504 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:47:22.0083 3504 AmdK8 - ok
14:47:22.0083 3504 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:47:22.0099 3504 AmdPPM - ok
14:47:22.0099 3504 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
14:47:22.0114 3504 amdsata - ok
14:47:22.0114 3504 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:47:22.0114 3504 amdsbs - ok
14:47:22.0130 3504 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
14:47:22.0130 3504 amdxata - ok
14:47:22.0130 3504 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
14:47:22.0146 3504 AppID - ok
14:47:22.0161 3504 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:47:22.0177 3504 AppIDSvc - ok
14:47:22.0192 3504 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
14:47:22.0208 3504 Appinfo - ok
14:47:22.0224 3504 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
14:47:22.0239 3504 AppMgmt - ok
14:47:22.0239 3504 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:47:22.0255 3504 arc - ok
14:47:22.0255 3504 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:47:22.0270 3504 arcsas - ok
14:47:22.0270 3504 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:47:22.0302 3504 AsyncMac - ok
14:47:22.0302 3504 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
14:47:22.0302 3504 atapi - ok
14:47:22.0364 3504 [ 5987AA8B5740A3CED3063C0B875D4A69 ] athr C:\Windows\system32\DRIVERS\athr.sys
14:47:22.0395 3504 athr - ok
14:47:22.0411 3504 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:47:22.0442 3504 AudioEndpointBuilder - ok
14:47:22.0442 3504 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:47:22.0458 3504 Audiosrv - ok
14:47:22.0473 3504 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:47:22.0504 3504 AxInstSV - ok
14:47:22.0520 3504 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
14:47:22.0536 3504 b06bdrv - ok
14:47:22.0551 3504 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:47:22.0551 3504 b57nd60x - ok
14:47:22.0567 3504 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:47:22.0598 3504 BDESVC - ok
14:47:22.0598 3504 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:47:22.0614 3504 Beep - ok
14:47:22.0645 3504 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
14:47:22.0660 3504 BFE - ok
14:47:22.0692 3504 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
14:47:22.0707 3504 BITS - ok
14:47:22.0723 3504 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:47:22.0738 3504 blbdrive - ok
14:47:22.0738 3504 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:47:22.0754 3504 bowser - ok
14:47:22.0754 3504 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:47:22.0770 3504 BrFiltLo - ok
14:47:22.0770 3504 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:47:22.0785 3504 BrFiltUp - ok
14:47:22.0785 3504 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
14:47:22.0816 3504 Browser - ok
14:47:22.0816 3504 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:47:22.0832 3504 Brserid - ok
14:47:22.0832 3504 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:47:22.0848 3504 BrSerWdm - ok
14:47:22.0848 3504 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:47:22.0848 3504 BrUsbMdm - ok
14:47:22.0863 3504 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:47:22.0863 3504 BrUsbSer - ok
14:47:22.0879 3504 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:47:22.0879 3504 BTHMODEM - ok
14:47:22.0894 3504 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:47:22.0910 3504 bthserv - ok
14:47:22.0910 3504 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:47:22.0926 3504 cdfs - ok
14:47:22.0926 3504 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:47:22.0941 3504 cdrom - ok
14:47:22.0957 3504 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
14:47:22.0972 3504 CertPropSvc - ok
14:47:22.0988 3504 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:47:22.0988 3504 circlass - ok
14:47:23.0004 3504 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:47:23.0019 3504 CLFS - ok
14:47:23.0097 3504 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:47:23.0113 3504 clr_optimization_v2.0.50727_32 - ok
14:47:23.0113 3504 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:47:23.0128 3504 CmBatt - ok
14:47:23.0128 3504 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
14:47:23.0128 3504 cmdide - ok
14:47:23.0144 3504 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
14:47:23.0160 3504 CNG - ok
14:47:23.0160 3504 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:47:23.0160 3504 Compbatt - ok
14:47:23.0175 3504 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:47:23.0175 3504 CompositeBus - ok
14:47:23.0175 3504 COMSysApp - ok
14:47:23.0191 3504 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:47:23.0191 3504 crcdisk - ok
14:47:23.0206 3504 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:47:23.0222 3504 CryptSvc - ok
14:47:23.0238 3504 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
14:47:23.0253 3504 CSC - ok
14:47:23.0269 3504 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
14:47:23.0284 3504 CscService - ok
14:47:23.0300 3504 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
14:47:23.0331 3504 DcomLaunch - ok
14:47:23.0347 3504 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:47:23.0378 3504 defragsvc - ok
14:47:23.0378 3504 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:47:23.0394 3504 DfsC - ok
14:47:23.0409 3504 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:47:23.0440 3504 Dhcp - ok
14:47:23.0440 3504 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:47:23.0456 3504 discache - ok
14:47:23.0472 3504 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:47:23.0487 3504 Disk - ok
14:47:23.0503 3504 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:47:23.0518 3504 Dnscache - ok
14:47:23.0534 3504 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
14:47:23.0550 3504 dot3svc - ok
14:47:23.0565 3504 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
14:47:23.0596 3504 DPS - ok
14:47:23.0612 3504 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:47:23.0628 3504 drmkaud - ok
14:47:23.0674 3504 [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:47:23.0690 3504 DXGKrnl - ok
14:47:23.0721 3504 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:47:23.0737 3504 E1G60 - ok
14:47:23.0737 3504 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:47:23.0768 3504 EapHost - ok
14:47:23.0830 3504 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
14:47:23.0908 3504 ebdrv - ok
14:47:23.0924 3504 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
14:47:23.0924 3504 EFS - ok
14:47:23.0986 3504 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:47:24.0018 3504 ehRecvr - ok
14:47:24.0033 3504 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:47:24.0049 3504 ehSched - ok
14:47:24.0064 3504 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:47:24.0064 3504 elxstor - ok
14:47:24.0080 3504 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
14:47:24.0080 3504 ErrDev - ok
14:47:24.0111 3504 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:47:24.0127 3504 EventSystem - ok
14:47:24.0127 3504 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:47:24.0142 3504 exfat - ok
14:47:24.0158 3504 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:47:24.0174 3504 fastfat - ok
14:47:24.0189 3504 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
14:47:24.0220 3504 Fax - ok
14:47:24.0220 3504 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:47:24.0220 3504 fdc - ok
14:47:24.0236 3504 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:47:24.0252 3504 fdPHost - ok
14:47:24.0252 3504 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:47:24.0267 3504 FDResPub - ok
14:47:24.0283 3504 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:47:24.0283 3504 FileInfo - ok
14:47:24.0283 3504 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:47:24.0298 3504 Filetrace - ok
14:47:24.0314 3504 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:47:24.0314 3504 flpydisk - ok
14:47:24.0314 3504 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:47:24.0330 3504 FltMgr - ok
14:47:24.0361 3504 [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache C:\Windows\system32\FntCache.dll
14:47:24.0392 3504 FontCache - ok
14:47:24.0454 3504 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:47:24.0470 3504 FontCache3.0.0.0 - ok
14:47:24.0470 3504 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:47:24.0486 3504 FsDepends - ok
14:47:24.0501 3504 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:47:24.0501 3504 Fs_Rec - ok
14:47:24.0517 3504 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:47:24.0517 3504 fvevol - ok
14:47:24.0532 3504 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:47:24.0532 3504 gagp30kx - ok
14:47:24.0548 3504 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
14:47:24.0579 3504 gpsvc - ok
14:47:24.0579 3504 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:47:24.0595 3504 hcw85cir - ok
14:47:24.0626 3504 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:47:24.0642 3504 HdAudAddService - ok
14:47:24.0657 3504 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:47:24.0673 3504 HDAudBus - ok
14:47:24.0673 3504 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:47:24.0688 3504 HidBatt - ok
14:47:24.0688 3504 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:47:24.0704 3504 HidBth - ok
14:47:24.0704 3504 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:47:24.0720 3504 HidIr - ok
14:47:24.0735 3504 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:47:24.0766 3504 hidserv - ok
14:47:24.0782 3504 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:47:24.0798 3504 HidUsb - ok
14:47:24.0798 3504 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:47:24.0829 3504 hkmsvc - ok
14:47:24.0844 3504 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:47:24.0860 3504 HomeGroupListener - ok
14:47:24.0860 3504 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:47:24.0876 3504 HomeGroupProvider - ok
14:47:24.0876 3504 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
14:47:24.0891 3504 HpSAMD - ok
14:47:24.0907 3504 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:47:24.0938 3504 HTTP - ok
14:47:24.0938 3504 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:47:24.0938 3504 hwpolicy - ok
14:47:24.0954 3504 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:47:24.0954 3504 i8042prt - ok
14:47:24.0954 3504 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
14:47:24.0969 3504 iaStorV - ok
14:47:25.0000 3504 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:47:25.0032 3504 idsvc - ok
14:47:25.0032 3504 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:47:25.0032 3504 iirsp - ok
14:47:25.0063 3504 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
14:47:25.0078 3504 IKEEXT - ok
14:47:25.0094 3504 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:47:25.0110 3504 intelide - ok
14:47:25.0110 3504 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:47:25.0125 3504 intelppm - ok
14:47:25.0141 3504 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:47:25.0156 3504 IPBusEnum - ok
14:47:25.0172 3504 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:47:25.0188 3504 IpFilterDriver - ok
14:47:25.0203 3504 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:47:25.0234 3504 iphlpsvc - ok
14:47:25.0234 3504 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:47:25.0250 3504 IPMIDRV - ok
14:47:25.0250 3504 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:47:25.0266 3504 IPNAT - ok
14:47:25.0281 3504 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:47:25.0281 3504 IRENUM - ok
14:47:25.0297 3504 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
14:47:25.0297 3504 isapnp - ok
14:47:25.0312 3504 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:47:25.0328 3504 iScsiPrt - ok
14:47:25.0406 3504 [ CD9F4E53DA79ED4CD7562604FE9523A6 ] jswpsapi C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe
14:47:25.0437 3504 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
14:47:25.0437 3504 jswpsapi - detected UnsignedFile.Multi.Generic (1)
14:47:25.0453 3504 [ 55C9B4252B751226B838EED2BC50BB64 ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
14:47:25.0453 3504 jswpslwf - ok
14:47:25.0468 3504 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:47:25.0468 3504 kbdclass - ok
14:47:25.0484 3504 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:47:25.0484 3504 kbdhid - ok
14:47:25.0484 3504 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
14:47:25.0500 3504 KeyIso - ok
14:47:25.0500 3504 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:47:25.0515 3504 KSecDD - ok
14:47:25.0515 3504 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:47:25.0531 3504 KSecPkg - ok
14:47:25.0609 3504 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:47:25.0640 3504 KtmRm - ok
14:47:25.0656 3504 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:47:25.0687 3504 LanmanServer - ok
14:47:25.0734 3504 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:47:25.0749 3504 LanmanWorkstation - ok
14:47:25.0796 3504 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:47:25.0812 3504 lltdio - ok
14:47:25.0827 3504 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:47:25.0858 3504 lltdsvc - ok
14:47:25.0858 3504 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:47:25.0874 3504 lmhosts - ok
14:47:25.0890 3504 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:47:25.0905 3504 LSI_FC - ok
14:47:25.0905 3504 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:47:25.0905 3504 LSI_SAS - ok
14:47:25.0905 3504 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:47:25.0921 3504 LSI_SAS2 - ok
14:47:25.0921 3504 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:47:25.0936 3504 LSI_SCSI - ok
14:47:25.0936 3504 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:47:25.0983 3504 luafv - ok
14:47:25.0999 3504 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:47:26.0014 3504 Mcx2Svc - ok
14:47:26.0014 3504 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:47:26.0030 3504 megasas - ok
14:47:26.0030 3504 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:47:26.0046 3504 MegaSR - ok
14:47:26.0061 3504 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:47:26.0077 3504 MMCSS - ok
14:47:26.0077 3504 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:47:26.0108 3504 Modem - ok
14:47:26.0108 3504 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:47:26.0108 3504 monitor - ok
14:47:26.0124 3504 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:47:26.0124 3504 mouclass - ok
14:47:26.0124 3504 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:47:26.0139 3504 mouhid - ok
14:47:26.0139 3504 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:47:26.0139 3504 mountmgr - ok
14:47:26.0155 3504 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
14:47:26.0155 3504 mpio - ok
14:47:26.0186 3504 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:47:26.0202 3504 mpsdrv - ok
14:47:26.0217 3504 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
14:47:26.0248 3504 MpsSvc - ok
14:47:26.0248 3504 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:47:26.0264 3504 MRxDAV - ok
14:47:26.0264 3504 [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:47:26.0280 3504 mrxsmb - ok
14:47:26.0295 3504 [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:47:26.0311 3504 mrxsmb10 - ok
14:47:26.0311 3504 [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:47:26.0326 3504 mrxsmb20 - ok
14:47:26.0326 3504 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:47:26.0342 3504 msahci - ok
14:47:26.0342 3504 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
14:47:26.0358 3504 msdsm - ok
14:47:26.0358 3504 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:47:26.0373 3504 MSDTC - ok
14:47:26.0373 3504 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:47:26.0389 3504 Msfs - ok
14:47:26.0389 3504 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:47:26.0404 3504 mshidkmdf - ok
14:47:26.0420 3504 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
14:47:26.0420 3504 msisadrv - ok
14:47:26.0451 3504 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:47:26.0467 3504 MSiSCSI - ok
14:47:26.0467 3504 msiserver - ok
14:47:26.0482 3504 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:47:26.0498 3504 MSKSSRV - ok
14:47:26.0498 3504 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:47:26.0514 3504 MSPCLOCK - ok
14:47:26.0529 3504 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:47:26.0545 3504 MSPQM - ok
14:47:26.0545 3504 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:47:26.0560 3504 MsRPC - ok
14:47:26.0560 3504 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:47:26.0560 3504 mssmbios - ok
14:47:26.0560 3504 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:47:26.0576 3504 MSTEE - ok
14:47:26.0592 3504 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:47:26.0592 3504 MTConfig - ok
14:47:26.0607 3504 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:47:26.0607 3504 Mup - ok
14:47:26.0623 3504 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
14:47:26.0638 3504 napagent - ok
14:47:26.0685 3504 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:47:26.0701 3504 NativeWifiP - ok
14:47:26.0716 3504 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:47:26.0763 3504 NDIS - ok
14:47:26.0779 3504 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:47:26.0794 3504 NdisCap - ok
14:47:26.0794 3504 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:47:26.0810 3504 NdisTapi - ok
14:47:26.0826 3504 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:47:26.0841 3504 Ndisuio - ok
14:47:26.0857 3504 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:47:26.0872 3504 NdisWan - ok
14:47:26.0872 3504 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:47:26.0888 3504 NDProxy - ok
14:47:26.0888 3504 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:47:26.0904 3504 NetBIOS - ok
14:47:26.0919 3504 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:47:26.0950 3504 NetBT - ok
14:47:26.0966 3504 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
14:47:26.0966 3504 Netlogon - ok
14:47:26.0982 3504 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:47:27.0013 3504 Netman - ok
14:47:27.0013 3504 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:47:27.0028 3504 netprofm - ok
14:47:27.0060 3504 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:47:27.0075 3504 NetTcpPortSharing - ok
14:47:27.0075 3504 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:47:27.0091 3504 nfrd960 - ok
14:47:27.0106 3504 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
14:47:27.0122 3504 NlaSvc - ok
14:47:27.0122 3504 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:47:27.0138 3504 Npfs - ok
14:47:27.0153 3504 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:47:27.0169 3504 nsi - ok
14:47:27.0169 3504 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:47:27.0184 3504 nsiproxy - ok
14:47:27.0216 3504 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:47:27.0247 3504 Ntfs - ok
14:47:27.0247 3504 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:47:27.0262 3504 Null - ok
14:47:27.0309 3504 [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
14:47:27.0325 3504 NVHDA - ok
14:47:27.0528 3504 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:47:27.0637 3504 nvlddmkm - ok
14:47:27.0652 3504 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
14:47:27.0668 3504 nvraid - ok
14:47:27.0668 3504 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
14:47:27.0668 3504 nvstor - ok
14:47:27.0715 3504 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:47:27.0746 3504 nvsvc - ok
14:47:27.0793 3504 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:47:27.0840 3504 nvUpdatusService - ok
14:47:27.0840 3504 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:47:27.0855 3504 nv_agp - ok
14:47:27.0855 3504 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:47:27.0871 3504 ohci1394 - ok
14:47:27.0886 3504 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:47:27.0902 3504 p2pimsvc - ok
14:47:27.0918 3504 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:47:27.0918 3504 p2psvc - ok
14:47:27.0933 3504 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:47:27.0933 3504 Parport - ok
14:47:27.0964 3504 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:47:27.0996 3504 partmgr - ok
14:47:28.0011 3504 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:47:28.0027 3504 Parvdm - ok
14:47:28.0042 3504 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:47:28.0058 3504 PcaSvc - ok
14:47:28.0058 3504 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
14:47:28.0074 3504 pci - ok
14:47:28.0074 3504 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:47:28.0074 3504 pciide - ok
14:47:28.0089 3504 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:47:28.0105 3504 pcmcia - ok
14:47:28.0105 3504 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:47:28.0120 3504 pcw - ok
14:47:28.0120 3504 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:47:28.0152 3504 PEAUTH - ok
14:47:28.0167 3504 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:47:28.0183 3504 PeerDistSvc - ok
14:47:28.0245 3504 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
14:47:28.0308 3504 pla - ok
14:47:28.0339 3504 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:47:28.0354 3504 PlugPlay - ok
14:47:28.0354 3504 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:47:28.0370 3504 PNRPAutoReg - ok
14:47:28.0370 3504 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:47:28.0386 3504 PNRPsvc - ok
14:47:28.0417 3504 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:47:28.0479 3504 PolicyAgent - ok
14:47:28.0510 3504 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
14:47:28.0542 3504 Power - ok
14:47:28.0557 3504 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:47:28.0588 3504 PptpMiniport - ok
14:47:28.0588 3504 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:47:28.0604 3504 Processor - ok
14:47:28.0620 3504 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
14:47:28.0635 3504 ProfSvc - ok
14:47:28.0651 3504 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:47:28.0651 3504 ProtectedStorage - ok
14:47:28.0682 3504 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:47:28.0698 3504 Psched - ok
14:47:28.0713 3504 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:47:28.0760 3504 ql2300 - ok
14:47:28.0760 3504 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:47:28.0776 3504 ql40xx - ok
14:47:28.0791 3504 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:47:28.0807 3504 QWAVE - ok
14:47:28.0807 3504 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:47:28.0822 3504 QWAVEdrv - ok
14:47:28.0822 3504 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:47:28.0838 3504 RasAcd - ok
14:47:28.0854 3504 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:47:28.0869 3504 RasAgileVpn - ok
14:47:28.0869 3504 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:47:28.0885 3504 RasAuto - ok
14:47:28.0900 3504 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:47:28.0916 3504 Rasl2tp - ok
14:47:28.0932 3504 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
14:47:28.0963 3504 RasMan - ok
14:47:28.0963 3504 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:47:28.0978 3504 RasPppoe - ok
14:47:28.0994 3504 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:47:29.0010 3504 RasSstp - ok
14:47:29.0010 3504 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:47:29.0025 3504 rdbss - ok
14:47:29.0025 3504 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:47:29.0041 3504 rdpbus - ok
14:47:29.0041 3504 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:47:29.0056 3504 RDPCDD - ok
14:47:29.0056 3504 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:47:29.0088 3504 RDPDR - ok
14:47:29.0088 3504 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:47:29.0103 3504 RDPENCDD - ok
14:47:29.0103 3504 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:47:29.0134 3504 RDPREFMP - ok
14:47:29.0150 3504 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:47:29.0166 3504 RDPWD - ok
14:47:29.0166 3504 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:47:29.0181 3504 rdyboost - ok
14:47:29.0197 3504 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:47:29.0212 3504 RemoteAccess - ok
14:47:29.0228 3504 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:47:29.0259 3504 RemoteRegistry - ok
14:47:29.0259 3504 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:47:29.0275 3504 RpcEptMapper - ok
14:47:29.0290 3504 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:47:29.0306 3504 RpcLocator - ok
14:47:29.0322 3504 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
14:47:29.0337 3504 RpcSs - ok
14:47:29.0337 3504 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:47:29.0368 3504 rspndr - ok
14:47:29.0368 3504 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
14:47:29.0384 3504 s3cap - ok
14:47:29.0400 3504 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
14:47:29.0400 3504 SamSs - ok
14:47:29.0415 3504 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:47:29.0415 3504 sbp2port - ok
14:47:29.0431 3504 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:47:29.0462 3504 SCardSvr - ok
14:47:29.0462 3504 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:47:29.0478 3504 scfilter - ok
14:47:29.0493 3504 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll
14:47:29.0524 3504 Schedule - ok
14:47:29.0524 3504 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:47:29.0540 3504 SCPolicySvc - ok
14:47:29.0556 3504 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:47:29.0571 3504 SDRSVC - ok
14:47:29.0571 3504 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:47:29.0587 3504 secdrv - ok
14:47:29.0587 3504 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:47:29.0618 3504 seclogon - ok
14:47:29.0634 3504 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:47:29.0665 3504 SENS - ok
14:47:29.0680 3504 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:47:29.0696 3504 SensrSvc - ok
14:47:29.0696 3504 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:47:29.0696 3504 Serenum - ok
14:47:29.0712 3504 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:47:29.0712 3504 Serial - ok
14:47:29.0712 3504 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:47:29.0727 3504 sermouse - ok
14:47:29.0743 3504 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
14:47:29.0758 3504 SessionEnv - ok
14:47:29.0774 3504 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:47:29.0774 3504 sffdisk - ok
14:47:29.0790 3504 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:47:29.0790 3504 sffp_mmc - ok
14:47:29.0790 3504 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:47:29.0805 3504 sffp_sd - ok
14:47:29.0805 3504 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:47:29.0821 3504 sfloppy - ok
14:47:29.0836 3504 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:47:29.0852 3504 SharedAccess - ok
14:47:29.0883 3504 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:47:29.0914 3504 ShellHWDetection - ok
14:47:29.0930 3504 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
14:47:29.0930 3504 sisagp - ok
14:47:29.0961 3504 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:47:29.0961 3504 SiSRaid2 - ok
14:47:29.0977 3504 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:47:29.0977 3504 SiSRaid4 - ok
14:47:30.0008 3504 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:47:30.0024 3504 Smb - ok
14:47:30.0039 3504 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:47:30.0039 3504 SNMPTRAP - ok
14:47:30.0039 3504 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:47:30.0055 3504 spldr - ok
14:47:30.0070 3504 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe
14:47:30.0070 3504 Spooler - ok
14:47:30.0148 3504 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
14:47:30.0226 3504 sppsvc - ok
14:47:30.0226 3504 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:47:30.0258 3504 sppuinotify - ok
14:47:30.0258 3504 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:47:30.0273 3504 srv - ok
14:47:30.0289 3504 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:47:30.0304 3504 srv2 - ok
14:47:30.0320 3504 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:47:30.0336 3504 srvnet - ok
14:47:30.0336 3504 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:47:30.0367 3504 SSDPSRV - ok
14:47:30.0367 3504 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:47:30.0382 3504 SstpSvc - ok
14:47:30.0445 3504 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:47:30.0476 3504 Stereo Service - ok
14:47:30.0476 3504 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:47:30.0492 3504 stexstor - ok
14:47:30.0507 3504 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
14:47:30.0523 3504 StiSvc - ok
14:47:30.0538 3504 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
14:47:30.0538 3504 storflt - ok
14:47:30.0554 3504 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
14:47:30.0554 3504 storvsc - ok
14:47:30.0554 3504 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:47:30.0570 3504 swenum - ok
14:47:30.0585 3504 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:47:30.0601 3504 swprv - ok
14:47:30.0632 3504 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
14:47:30.0648 3504 SysMain - ok
14:47:30.0663 3504 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:47:30.0663 3504 TabletInputService - ok
14:47:30.0679 3504 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
14:47:30.0694 3504 TapiSrv - ok
14:47:30.0710 3504 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:47:30.0726 3504 TBS - ok
14:47:30.0757 3504 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:47:30.0819 3504 Tcpip - ok
14:47:30.0850 3504 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:47:30.0882 3504 TCPIP6 - ok
14:47:30.0882 3504 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:47:30.0913 3504 tcpipreg - ok
14:47:30.0913 3504 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:47:30.0944 3504 TDPIPE - ok
14:47:30.0944 3504 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:47:30.0960 3504 TDTCP - ok
14:47:30.0960 3504 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:47:30.0975 3504 tdx - ok
14:47:30.0975 3504 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:47:30.0991 3504 TermDD - ok
14:47:31.0006 3504 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
14:47:31.0022 3504 TermService - ok
14:47:31.0038 3504 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:47:31.0053 3504 Themes - ok
14:47:31.0053 3504 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:47:31.0069 3504 THREADORDER - ok
14:47:31.0084 3504 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:47:31.0116 3504 TrkWks - ok
14:47:31.0147 3504 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:47:31.0147 3504 TrustedInstaller - ok
14:47:31.0162 3504 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:47:31.0178 3504 tssecsrv - ok
14:47:31.0194 3504 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:47:31.0209 3504 tunnel - ok
14:47:31.0209 3504 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:47:31.0209 3504 uagp35 - ok
14:47:31.0225 3504 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:47:31.0240 3504 udfs - ok
14:47:31.0256 3504 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:47:31.0272 3504 UI0Detect - ok
14:47:31.0272 3504 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:47:31.0287 3504 uliagpkx - ok
14:47:31.0287 3504 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:47:31.0303 3504 umbus - ok
14:47:31.0303 3504 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:47:31.0303 3504 UmPass - ok
14:47:31.0318 3504 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
14:47:31.0334 3504 UmRdpService - ok
14:47:31.0350 3504 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:47:31.0365 3504 upnphost - ok
14:47:31.0365 3504 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:47:31.0381 3504 usbccgp - ok
14:47:31.0381 3504 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:47:31.0396 3504 usbcir - ok
14:47:31.0396 3504 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:47:31.0412 3504 usbehci - ok
14:47:31.0412 3504 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:47:31.0428 3504 usbhub - ok
14:47:31.0428 3504 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:47:31.0428 3504 usbohci - ok
14:47:31.0443 3504 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:47:31.0443 3504 usbprint - ok
14:47:31.0443 3504 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:47:31.0459 3504 USBSTOR - ok
14:47:31.0459 3504 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:47:31.0474 3504 usbuhci - ok
14:47:31.0490 3504 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:47:31.0506 3504 UxSms - ok
14:47:31.0521 3504 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
14:47:31.0521 3504 VaultSvc - ok
14:47:31.0521 3504 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:47:31.0537 3504 vdrvroot - ok
14:47:31.0552 3504 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
14:47:31.0568 3504 vds - ok
14:47:31.0568 3504 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:47:31.0584 3504 vga - ok
14:47:31.0584 3504 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:47:31.0599 3504 VgaSave - ok
14:47:31.0599 3504 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:47:31.0615 3504 vhdmp - ok
14:47:31.0615 3504 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
14:47:31.0630 3504 viaagp - ok
14:47:31.0630 3504 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
14:47:31.0646 3504 ViaC7 - ok
14:47:31.0646 3504 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:47:31.0662 3504 viaide - ok
14:47:31.0662 3504 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
14:47:31.0677 3504 vmbus - ok
14:47:31.0677 3504 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
14:47:31.0677 3504 VMBusHID - ok
14:47:31.0677 3504 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:47:31.0693 3504 volmgr - ok
14:47:31.0708 3504 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:47:31.0724 3504 volmgrx - ok
14:47:31.0740 3504 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
14:47:31.0740 3504 volsnap - ok
14:47:31.0755 3504 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:47:31.0755 3504 vsmraid - ok
14:47:31.0786 3504 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
14:47:31.0833 3504 VSS - ok
14:47:31.0833 3504 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:47:31.0849 3504 vwifibus - ok
14:47:31.0849 3504 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:47:31.0849 3504 vwififlt - ok
14:47:31.0864 3504 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:47:31.0880 3504 W32Time - ok
14:47:31.0880 3504 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:47:31.0896 3504 WacomPen - ok
14:47:31.0896 3504 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:47:31.0911 3504 WANARP - ok
14:47:31.0927 3504 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:47:31.0942 3504 Wanarpv6 - ok
14:47:31.0989 3504 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:47:32.0067 3504 WatAdminSvc - ok
14:47:32.0098 3504 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
14:47:32.0145 3504 wbengine - ok
14:47:32.0145 3504 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:47:32.0161 3504 WbioSrvc - ok
14:47:32.0161 3504 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:47:32.0192 3504 wcncsvc - ok
14:47:32.0192 3504 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:47:32.0223 3504 WcsPlugInService - ok
14:47:32.0223 3504 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:47:32.0223 3504 Wd - ok
14:47:32.0239 3504 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:47:32.0239 3504 Wdf01000 - ok
14:47:32.0254 3504 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:47:32.0270 3504 WdiServiceHost - ok
14:47:32.0270 3504 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:47:32.0286 3504 WdiSystemHost - ok
14:47:32.0286 3504 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
14:47:32.0301 3504 WebClient - ok
14:47:32.0317 3504 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:47:32.0332 3504 Wecsvc - ok
14:47:32.0348 3504 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:47:32.0364 3504 wercplsupport - ok
14:47:32.0364 3504 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:47:32.0379 3504 WerSvc - ok
14:47:32.0395 3504 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:47:32.0410 3504 WfpLwf - ok
14:47:32.0426 3504 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:47:32.0426 3504 WIMMount - ok
14:47:32.0473 3504 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:47:32.0520 3504 WinDefend - ok
14:47:32.0520 3504 WinHttpAutoProxySvc - ok
14:47:32.0613 3504 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:47:32.0660 3504 Winmgmt - ok
14:47:32.0691 3504 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
14:47:32.0754 3504 WinRM - ok
14:47:32.0785 3504 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:47:32.0800 3504 Wlansvc - ok
14:47:32.0816 3504 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:47:32.0816 3504 WmiAcpi - ok
14:47:32.0847 3504 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:47:32.0863 3504 wmiApSrv - ok
14:47:32.0878 3504 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:47:32.0910 3504 WMPNetworkSvc - ok
14:47:32.0925 3504 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:47:32.0941 3504 WPCSvc - ok
14:47:32.0956 3504 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:47:32.0956 3504 WPDBusEnum - ok
14:47:32.0956 3504 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:47:32.0972 3504 ws2ifsl - ok
14:47:32.0988 3504 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:47:33.0003 3504 wscsvc - ok
14:47:33.0003 3504 WSearch - ok
14:47:33.0034 3504 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:47:33.0081 3504 wuauserv - ok
14:47:33.0081 3504 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:47:33.0112 3504 WudfPf - ok
14:47:33.0128 3504 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:47:33.0144 3504 wudfsvc - ok
14:47:33.0144 3504 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:47:33.0159 3504 WwanSvc - ok
14:47:33.0175 3504 ================ Scan global ===============================
14:47:33.0190 3504 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
14:47:33.0206 3504 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
14:47:33.0206 3504 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
14:47:33.0222 3504 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:47:33.0237 3504 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:47:33.0237 3504 [Global] - ok
14:47:33.0237 3504 ================ Scan MBR ==================================
14:47:33.0253 3504 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:47:33.0736 3504 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:47:33.0736 3504 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:47:33.0752 3504 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:47:33.0861 3504 \Device\Harddisk1\DR1 - ok
14:47:33.0861 3504 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
14:47:35.0406 3504 \Device\Harddisk2\DR2 - ok
14:47:35.0421 3504 ================ Scan VBR ==================================
14:47:35.0421 3504 [ F339031EEF3CF76DE42F3E735AA738E2 ] \Device\Harddisk0\DR0\Partition1
14:47:35.0421 3504 \Device\Harddisk0\DR0\Partition1 - ok
14:47:35.0437 3504 [ 461DF96F392691B7BBB3DF4E4591DA78 ] \Device\Harddisk0\DR0\Partition2
14:47:35.0437 3504 \Device\Harddisk0\DR0\Partition2 - ok
14:47:35.0437 3504 [ 2F761EB74949C2C209353ED4C2B81791 ] \Device\Harddisk1\DR1\Partition1
14:47:35.0437 3504 \Device\Harddisk1\DR1\Partition1 - ok
14:47:35.0453 3504 [ 9322CDFB425B18D05675CCE19F6E5EFF ] \Device\Harddisk2\DR2\Partition1
14:47:35.0453 3504 \Device\Harddisk2\DR2\Partition1 - ok
14:47:35.0453 3504 ============================================================
14:47:35.0453 3504 Scan finished
14:47:35.0453 3504 ============================================================
14:47:35.0468 3496 Detected object count: 2
14:47:35.0468 3496 Actual detected object count: 2
14:49:06.0557 3496 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
14:49:06.0557 3496 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:49:06.0557 3496 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:49:06.0557 3496 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Run TDSSKiller again as the you did the last time and this time do not skip it when it says:
\Device\Harddisk0\DR0 ( TDSS File System ) . You want to delete this.
  • 0

#5
dost

dost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok ran TDSSKiller again; sorry for the mistake.

17:25:29.0419 2772 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:25:29.0919 2772 ============================================================
17:25:29.0919 2772 Current date / time: 2012/08/26 17:25:29.0919
17:25:29.0919 2772 SystemInfo:
17:25:29.0919 2772
17:25:29.0919 2772 OS Version: 6.1.7600 ServicePack: 0.0
17:25:29.0919 2772 Product type: Workstation
17:25:29.0919 2772 ComputerName: KRIS-PC
17:25:29.0919 2772 UserName: Kris
17:25:29.0919 2772 Windows directory: C:\Windows
17:25:29.0919 2772 System windows directory: C:\Windows
17:25:29.0919 2772 Processor architecture: Intel x86
17:25:29.0919 2772 Number of processors: 2
17:25:29.0919 2772 Page size: 0x1000
17:25:29.0919 2772 Boot type: Normal boot
17:25:29.0919 2772 ============================================================
17:25:30.0387 2772 BG loaded
17:25:30.0589 2772 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:25:39.0653 2772 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:25:39.0653 2772 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:25:43.0116 2772 ============================================================
17:25:43.0116 2772 \Device\Harddisk0\DR0:
17:25:43.0116 2772 MBR partitions:
17:25:43.0116 2772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:25:43.0116 2772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
17:25:43.0116 2772 \Device\Harddisk1\DR1:
17:25:43.0116 2772 MBR partitions:
17:25:43.0116 2772 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
17:25:43.0116 2772 \Device\Harddisk2\DR2:
17:25:43.0132 2772 MBR partitions:
17:25:43.0132 2772 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:25:43.0132 2772 ============================================================
17:25:43.0147 2772 C: <-> \Device\Harddisk0\DR0\Partition2
17:25:43.0194 2772 D: <-> \Device\Harddisk1\DR1\Partition1
17:25:43.0319 2772 F: <-> \Device\Harddisk2\DR2\Partition1
17:25:43.0319 2772 ============================================================
17:25:43.0319 2772 Initialize success
17:25:43.0319 2772 ============================================================
17:25:54.0457 2628 ============================================================
17:25:54.0457 2628 Scan started
17:25:54.0457 2628 Mode: Manual; SigCheck; TDLFS;
17:25:54.0457 2628 ============================================================
17:25:55.0830 2628 ================ Scan system memory ========================
17:25:55.0830 2628 System memory - ok
17:25:55.0830 2628 ================ Scan services =============================
17:25:56.0220 2628 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:25:56.0361 2628 1394ohci - ok
17:25:56.0376 2628 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:25:56.0392 2628 ACPI - ok
17:25:56.0407 2628 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:25:56.0470 2628 AcpiPmi - ok
17:25:56.0485 2628 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:25:56.0517 2628 adp94xx - ok
17:25:56.0517 2628 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:25:56.0532 2628 adpahci - ok
17:25:56.0532 2628 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:25:56.0548 2628 adpu320 - ok
17:25:56.0579 2628 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:25:56.0657 2628 AeLookupSvc - ok
17:25:56.0688 2628 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
17:25:56.0813 2628 AFD - ok
17:25:56.0813 2628 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:25:56.0829 2628 agp440 - ok
17:25:56.0844 2628 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:25:56.0844 2628 aic78xx - ok
17:25:56.0860 2628 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:25:56.0875 2628 ALG - ok
17:25:56.0875 2628 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:25:56.0891 2628 aliide - ok
17:25:56.0891 2628 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
17:25:56.0891 2628 amdagp - ok
17:25:56.0891 2628 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:25:56.0907 2628 amdide - ok
17:25:56.0907 2628 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:25:56.0922 2628 AmdK8 - ok
17:25:56.0938 2628 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:25:56.0985 2628 AmdPPM - ok
17:25:57.0000 2628 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
17:25:57.0000 2628 amdsata - ok
17:25:57.0016 2628 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:25:57.0031 2628 amdsbs - ok
17:25:57.0031 2628 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
17:25:57.0031 2628 amdxata - ok
17:25:57.0031 2628 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
17:25:57.0063 2628 AppID - ok
17:25:57.0063 2628 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:25:57.0172 2628 AppIDSvc - ok
17:25:57.0172 2628 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
17:25:57.0219 2628 Appinfo - ok
17:25:57.0234 2628 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:25:57.0250 2628 AppMgmt - ok
17:25:57.0265 2628 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:25:57.0265 2628 arc - ok
17:25:57.0281 2628 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:25:57.0297 2628 arcsas - ok
17:25:57.0312 2628 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:25:57.0375 2628 AsyncMac - ok
17:25:57.0390 2628 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:25:57.0390 2628 atapi - ok
17:25:57.0437 2628 [ 5987AA8B5740A3CED3063C0B875D4A69 ] athr C:\Windows\system32\DRIVERS\athr.sys
17:25:57.0515 2628 athr - ok
17:25:57.0531 2628 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:25:57.0577 2628 AudioEndpointBuilder - ok
17:25:57.0593 2628 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:25:57.0609 2628 Audiosrv - ok
17:25:57.0624 2628 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:25:57.0687 2628 AxInstSV - ok
17:25:57.0702 2628 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:25:57.0749 2628 b06bdrv - ok
17:25:57.0749 2628 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:25:57.0796 2628 b57nd60x - ok
17:25:57.0811 2628 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:25:57.0889 2628 BDESVC - ok
17:25:57.0889 2628 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:25:57.0936 2628 Beep - ok
17:25:57.0967 2628 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
17:25:57.0999 2628 BFE - ok
17:25:58.0014 2628 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
17:25:58.0045 2628 BITS - ok
17:25:58.0061 2628 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:25:58.0061 2628 blbdrive - ok
17:25:58.0061 2628 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:25:58.0092 2628 bowser - ok
17:25:58.0092 2628 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:25:58.0123 2628 BrFiltLo - ok
17:25:58.0123 2628 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:25:58.0139 2628 BrFiltUp - ok
17:25:58.0139 2628 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
17:25:58.0170 2628 Browser - ok
17:25:58.0170 2628 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:25:58.0201 2628 Brserid - ok
17:25:58.0201 2628 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:25:58.0233 2628 BrSerWdm - ok
17:25:58.0233 2628 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:25:58.0248 2628 BrUsbMdm - ok
17:25:58.0248 2628 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:25:58.0264 2628 BrUsbSer - ok
17:25:58.0264 2628 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:25:58.0279 2628 BTHMODEM - ok
17:25:58.0279 2628 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:25:58.0311 2628 bthserv - ok
17:25:58.0326 2628 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:25:58.0342 2628 cdfs - ok
17:25:58.0357 2628 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:25:58.0373 2628 cdrom - ok
17:25:58.0389 2628 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
17:25:58.0404 2628 CertPropSvc - ok
17:25:58.0404 2628 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:25:58.0420 2628 circlass - ok
17:25:58.0435 2628 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:25:58.0435 2628 CLFS - ok
17:25:58.0529 2628 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:25:58.0560 2628 clr_optimization_v2.0.50727_32 - ok
17:25:58.0576 2628 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:25:58.0591 2628 CmBatt - ok
17:25:58.0591 2628 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:25:58.0607 2628 cmdide - ok
17:25:58.0623 2628 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
17:25:58.0638 2628 CNG - ok
17:25:58.0654 2628 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:25:58.0654 2628 Compbatt - ok
17:25:58.0654 2628 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:25:58.0669 2628 CompositeBus - ok
17:25:58.0669 2628 COMSysApp - ok
17:25:58.0669 2628 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:25:58.0685 2628 crcdisk - ok
17:25:58.0701 2628 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:25:58.0732 2628 CryptSvc - ok
17:25:58.0732 2628 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
17:25:58.0810 2628 CSC - ok
17:25:58.0825 2628 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
17:25:58.0841 2628 CscService - ok
17:25:58.0872 2628 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
17:25:58.0888 2628 DcomLaunch - ok
17:25:58.0919 2628 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:25:58.0935 2628 defragsvc - ok
17:25:58.0935 2628 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:25:58.0966 2628 DfsC - ok
17:25:58.0982 2628 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:25:59.0013 2628 Dhcp - ok
17:25:59.0013 2628 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:25:59.0028 2628 discache - ok
17:25:59.0044 2628 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:25:59.0044 2628 Disk - ok
17:25:59.0060 2628 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:25:59.0091 2628 Dnscache - ok
17:25:59.0106 2628 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
17:25:59.0138 2628 dot3svc - ok
17:25:59.0153 2628 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
17:25:59.0169 2628 DPS - ok
17:25:59.0200 2628 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:25:59.0231 2628 drmkaud - ok
17:25:59.0278 2628 [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:25:59.0309 2628 DXGKrnl - ok
17:25:59.0340 2628 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:25:59.0356 2628 E1G60 - ok
17:25:59.0356 2628 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:25:59.0372 2628 EapHost - ok
17:25:59.0434 2628 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:25:59.0543 2628 ebdrv - ok
17:25:59.0543 2628 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
17:25:59.0574 2628 EFS - ok
17:25:59.0652 2628 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:25:59.0730 2628 ehRecvr - ok
17:25:59.0746 2628 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:25:59.0777 2628 ehSched - ok
17:25:59.0793 2628 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:25:59.0808 2628 elxstor - ok
17:25:59.0808 2628 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:25:59.0824 2628 ErrDev - ok
17:25:59.0840 2628 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:25:59.0871 2628 EventSystem - ok
17:25:59.0886 2628 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:25:59.0902 2628 exfat - ok
17:25:59.0902 2628 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:25:59.0933 2628 fastfat - ok
17:25:59.0949 2628 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
17:25:59.0964 2628 Fax - ok
17:25:59.0964 2628 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:25:59.0980 2628 fdc - ok
17:25:59.0996 2628 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:26:00.0011 2628 fdPHost - ok
17:26:00.0027 2628 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:26:00.0042 2628 FDResPub - ok
17:26:00.0058 2628 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:26:00.0058 2628 FileInfo - ok
17:26:00.0058 2628 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:26:00.0089 2628 Filetrace - ok
17:26:00.0089 2628 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:26:00.0105 2628 flpydisk - ok
17:26:00.0120 2628 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:26:00.0120 2628 FltMgr - ok
17:26:00.0167 2628 [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache C:\Windows\system32\FntCache.dll
17:26:00.0245 2628 FontCache - ok
17:26:00.0308 2628 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:26:00.0339 2628 FontCache3.0.0.0 - ok
17:26:00.0339 2628 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:26:00.0354 2628 FsDepends - ok
17:26:00.0370 2628 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:26:00.0386 2628 Fs_Rec - ok
17:26:00.0401 2628 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:26:00.0417 2628 fvevol - ok
17:26:00.0417 2628 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:26:00.0417 2628 gagp30kx - ok
17:26:00.0432 2628 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
17:26:00.0464 2628 gpsvc - ok
17:26:00.0479 2628 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:26:00.0495 2628 hcw85cir - ok
17:26:00.0526 2628 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:26:00.0557 2628 HdAudAddService - ok
17:26:00.0588 2628 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:26:00.0604 2628 HDAudBus - ok
17:26:00.0604 2628 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:26:00.0620 2628 HidBatt - ok
17:26:00.0620 2628 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:26:00.0635 2628 HidBth - ok
17:26:00.0651 2628 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:26:00.0666 2628 HidIr - ok
17:26:00.0682 2628 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:26:00.0713 2628 hidserv - ok
17:26:00.0744 2628 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:26:00.0760 2628 HidUsb - ok
17:26:00.0776 2628 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:26:00.0791 2628 hkmsvc - ok
17:26:00.0807 2628 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:26:00.0822 2628 HomeGroupListener - ok
17:26:00.0838 2628 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:26:00.0885 2628 HomeGroupProvider - ok
17:26:00.0900 2628 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:26:00.0916 2628 HpSAMD - ok
17:26:00.0932 2628 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:26:00.0978 2628 HTTP - ok
17:26:00.0978 2628 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:26:00.0994 2628 hwpolicy - ok
17:26:00.0994 2628 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:26:01.0010 2628 i8042prt - ok
17:26:01.0010 2628 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
17:26:01.0025 2628 iaStorV - ok
17:26:01.0088 2628 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:26:01.0166 2628 idsvc - ok
17:26:01.0166 2628 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:26:01.0166 2628 iirsp - ok
17:26:01.0197 2628 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
17:26:01.0228 2628 IKEEXT - ok
17:26:01.0228 2628 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:26:01.0228 2628 intelide - ok
17:26:01.0244 2628 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:26:01.0259 2628 intelppm - ok
17:26:01.0259 2628 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:26:01.0275 2628 IPBusEnum - ok
17:26:01.0290 2628 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:26:01.0306 2628 IpFilterDriver - ok
17:26:01.0337 2628 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:26:01.0353 2628 iphlpsvc - ok
17:26:01.0368 2628 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:26:01.0384 2628 IPMIDRV - ok
17:26:01.0384 2628 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:26:01.0415 2628 IPNAT - ok
17:26:01.0415 2628 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:26:01.0446 2628 IRENUM - ok
17:26:01.0446 2628 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:26:01.0462 2628 isapnp - ok
17:26:01.0478 2628 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:26:01.0478 2628 iScsiPrt - ok
17:26:01.0571 2628 [ CD9F4E53DA79ED4CD7562604FE9523A6 ] jswpsapi C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe
17:26:01.0618 2628 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
17:26:01.0618 2628 jswpsapi - detected UnsignedFile.Multi.Generic (1)
17:26:01.0634 2628 [ 55C9B4252B751226B838EED2BC50BB64 ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
17:26:01.0649 2628 jswpslwf - ok
17:26:01.0649 2628 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:26:01.0665 2628 kbdclass - ok
17:26:01.0665 2628 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:26:01.0696 2628 kbdhid - ok
17:26:01.0696 2628 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
17:26:01.0712 2628 KeyIso - ok
17:26:01.0712 2628 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:26:01.0727 2628 KSecDD - ok
17:26:01.0727 2628 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:26:01.0743 2628 KSecPkg - ok
17:26:01.0758 2628 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:26:01.0790 2628 KtmRm - ok
17:26:01.0805 2628 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:26:01.0836 2628 LanmanServer - ok
17:26:01.0852 2628 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:26:01.0868 2628 LanmanWorkstation - ok
17:26:01.0883 2628 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:26:01.0899 2628 lltdio - ok
17:26:01.0930 2628 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:26:01.0977 2628 lltdsvc - ok
17:26:01.0992 2628 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:26:02.0008 2628 lmhosts - ok
17:26:02.0024 2628 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:26:02.0024 2628 LSI_FC - ok
17:26:02.0024 2628 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:26:02.0039 2628 LSI_SAS - ok
17:26:02.0039 2628 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:26:02.0055 2628 LSI_SAS2 - ok
17:26:02.0055 2628 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:26:02.0055 2628 LSI_SCSI - ok
17:26:02.0070 2628 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:26:02.0148 2628 luafv - ok
17:26:02.0164 2628 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:26:02.0180 2628 Mcx2Svc - ok
17:26:02.0180 2628 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:26:02.0195 2628 megasas - ok
17:26:02.0211 2628 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:26:02.0211 2628 MegaSR - ok
17:26:02.0226 2628 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:26:02.0242 2628 MMCSS - ok
17:26:02.0242 2628 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:26:02.0273 2628 Modem - ok
17:26:02.0273 2628 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:26:02.0273 2628 monitor - ok
17:26:02.0273 2628 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:26:02.0289 2628 mouclass - ok
17:26:02.0289 2628 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:26:02.0304 2628 mouhid - ok
17:26:02.0304 2628 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:26:02.0320 2628 mountmgr - ok
17:26:02.0320 2628 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:26:02.0320 2628 mpio - ok
17:26:02.0336 2628 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:26:02.0351 2628 mpsdrv - ok
17:26:02.0382 2628 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
17:26:02.0414 2628 MpsSvc - ok
17:26:02.0414 2628 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:26:02.0429 2628 MRxDAV - ok
17:26:02.0445 2628 [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:26:02.0460 2628 mrxsmb - ok
17:26:02.0476 2628 [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:26:02.0492 2628 mrxsmb10 - ok
17:26:02.0507 2628 [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:26:02.0523 2628 mrxsmb20 - ok
17:26:02.0523 2628 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:26:02.0523 2628 msahci - ok
17:26:02.0538 2628 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:26:02.0538 2628 msdsm - ok
17:26:02.0554 2628 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:26:02.0570 2628 MSDTC - ok
17:26:02.0570 2628 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:26:02.0585 2628 Msfs - ok
17:26:02.0585 2628 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:26:02.0616 2628 mshidkmdf - ok
17:26:02.0616 2628 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:26:02.0616 2628 msisadrv - ok
17:26:02.0648 2628 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:26:02.0694 2628 MSiSCSI - ok
17:26:02.0694 2628 msiserver - ok
17:26:02.0710 2628 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:26:02.0757 2628 MSKSSRV - ok
17:26:02.0757 2628 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:26:02.0772 2628 MSPCLOCK - ok
17:26:02.0772 2628 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:26:02.0788 2628 MSPQM - ok
17:26:02.0788 2628 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:26:02.0804 2628 MsRPC - ok
17:26:02.0804 2628 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:26:02.0819 2628 mssmbios - ok
17:26:02.0819 2628 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:26:02.0835 2628 MSTEE - ok
17:26:02.0835 2628 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:26:02.0850 2628 MTConfig - ok
17:26:02.0850 2628 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:26:02.0850 2628 Mup - ok
17:26:02.0897 2628 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
17:26:02.0944 2628 napagent - ok
17:26:02.0991 2628 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:26:03.0022 2628 NativeWifiP - ok
17:26:03.0038 2628 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:26:03.0069 2628 NDIS - ok
17:26:03.0069 2628 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:26:03.0084 2628 NdisCap - ok
17:26:03.0100 2628 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:26:03.0116 2628 NdisTapi - ok
17:26:03.0116 2628 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:26:03.0147 2628 Ndisuio - ok
17:26:03.0147 2628 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:26:03.0162 2628 NdisWan - ok
17:26:03.0162 2628 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:26:03.0178 2628 NDProxy - ok
17:26:03.0178 2628 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:26:03.0209 2628 NetBIOS - ok
17:26:03.0209 2628 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:26:03.0240 2628 NetBT - ok
17:26:03.0256 2628 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
17:26:03.0272 2628 Netlogon - ok
17:26:03.0287 2628 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:26:03.0303 2628 Netman - ok
17:26:03.0318 2628 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:26:03.0334 2628 netprofm - ok
17:26:03.0365 2628 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:03.0365 2628 NetTcpPortSharing - ok
17:26:03.0396 2628 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:26:03.0396 2628 nfrd960 - ok
17:26:03.0412 2628 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
17:26:03.0428 2628 NlaSvc - ok
17:26:03.0443 2628 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:26:03.0459 2628 Npfs - ok
17:26:03.0474 2628 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:26:03.0490 2628 nsi - ok
17:26:03.0490 2628 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:26:03.0506 2628 nsiproxy - ok
17:26:03.0537 2628 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:26:03.0568 2628 Ntfs - ok
17:26:03.0568 2628 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:26:03.0599 2628 Null - ok
17:26:03.0646 2628 [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
17:26:03.0693 2628 NVHDA - ok
17:26:03.0880 2628 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:26:04.0130 2628 nvlddmkm - ok
17:26:04.0145 2628 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
17:26:04.0161 2628 nvraid - ok
17:26:04.0161 2628 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
17:26:04.0176 2628 nvstor - ok
17:26:04.0192 2628 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:26:04.0208 2628 nvsvc - ok
17:26:04.0270 2628 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:26:04.0348 2628 nvUpdatusService - ok
17:26:04.0348 2628 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:26:04.0364 2628 nv_agp - ok
17:26:04.0379 2628 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:26:04.0395 2628 ohci1394 - ok
17:26:04.0410 2628 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:26:04.0473 2628 p2pimsvc - ok
17:26:04.0504 2628 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:26:04.0520 2628 p2psvc - ok
17:26:04.0535 2628 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:26:04.0551 2628 Parport - ok
17:26:04.0582 2628 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:26:04.0598 2628 partmgr - ok
17:26:04.0598 2628 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:26:04.0613 2628 Parvdm - ok
17:26:04.0613 2628 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:26:04.0629 2628 PcaSvc - ok
17:26:04.0644 2628 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
17:26:04.0644 2628 pci - ok
17:26:04.0660 2628 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:26:04.0660 2628 pciide - ok
17:26:04.0660 2628 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:26:04.0676 2628 pcmcia - ok
17:26:04.0676 2628 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:26:04.0691 2628 pcw - ok
17:26:04.0691 2628 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:26:04.0722 2628 PEAUTH - ok
17:26:04.0754 2628 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:26:04.0800 2628 PeerDistSvc - ok
17:26:04.0832 2628 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
17:26:04.0878 2628 pla - ok
17:26:04.0894 2628 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:26:04.0956 2628 PlugPlay - ok
17:26:04.0972 2628 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:26:04.0988 2628 PNRPAutoReg - ok
17:26:05.0003 2628 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:26:05.0019 2628 PNRPsvc - ok
17:26:05.0050 2628 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:26:05.0081 2628 PolicyAgent - ok
17:26:05.0097 2628 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
17:26:05.0128 2628 Power - ok
17:26:05.0128 2628 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:26:05.0159 2628 PptpMiniport - ok
17:26:05.0159 2628 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:26:05.0175 2628 Processor - ok
17:26:05.0190 2628 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
17:26:05.0222 2628 ProfSvc - ok
17:26:05.0222 2628 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:26:05.0237 2628 ProtectedStorage - ok
17:26:05.0253 2628 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:26:05.0268 2628 Psched - ok
17:26:05.0300 2628 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:26:05.0331 2628 ql2300 - ok
17:26:05.0331 2628 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:26:05.0346 2628 ql40xx - ok
17:26:05.0362 2628 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:26:05.0378 2628 QWAVE - ok
17:26:05.0378 2628 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:26:05.0393 2628 QWAVEdrv - ok
17:26:05.0393 2628 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:26:05.0409 2628 RasAcd - ok
17:26:05.0440 2628 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:26:05.0456 2628 RasAgileVpn - ok
17:26:05.0456 2628 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:26:05.0471 2628 RasAuto - ok
17:26:05.0487 2628 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:05.0502 2628 Rasl2tp - ok
17:26:05.0518 2628 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
17:26:05.0549 2628 RasMan - ok
17:26:05.0549 2628 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:05.0580 2628 RasPppoe - ok
17:26:05.0580 2628 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:26:05.0612 2628 RasSstp - ok
17:26:05.0612 2628 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:26:05.0627 2628 rdbss - ok
17:26:05.0643 2628 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:26:05.0643 2628 rdpbus - ok
17:26:05.0658 2628 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:05.0674 2628 RDPCDD - ok
17:26:05.0674 2628 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:26:05.0705 2628 RDPDR - ok
17:26:05.0721 2628 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:26:05.0752 2628 RDPENCDD - ok
17:26:05.0768 2628 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:26:05.0799 2628 RDPREFMP - ok
17:26:05.0814 2628 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:26:05.0830 2628 RDPWD - ok
17:26:05.0830 2628 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:26:05.0846 2628 rdyboost - ok
17:26:05.0846 2628 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:26:05.0877 2628 RemoteAccess - ok
17:26:05.0892 2628 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:26:05.0908 2628 RemoteRegistry - ok
17:26:05.0908 2628 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:26:05.0939 2628 RpcEptMapper - ok
17:26:05.0939 2628 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:26:05.0955 2628 RpcLocator - ok
17:26:05.0970 2628 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
17:26:05.0986 2628 RpcSs - ok
17:26:05.0986 2628 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:26:06.0002 2628 rspndr - ok
17:26:06.0017 2628 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
17:26:06.0064 2628 s3cap - ok
17:26:06.0080 2628 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
17:26:06.0080 2628 SamSs - ok
17:26:06.0095 2628 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:26:06.0111 2628 sbp2port - ok
17:26:06.0126 2628 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:26:06.0158 2628 SCardSvr - ok
17:26:06.0158 2628 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:26:06.0173 2628 scfilter - ok
17:26:06.0204 2628 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll
17:26:06.0220 2628 Schedule - ok
17:26:06.0236 2628 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:26:06.0282 2628 SCPolicySvc - ok
17:26:06.0298 2628 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:26:06.0314 2628 SDRSVC - ok
17:26:06.0314 2628 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:26:06.0345 2628 secdrv - ok
17:26:06.0345 2628 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:26:06.0376 2628 seclogon - ok
17:26:06.0376 2628 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:26:06.0407 2628 SENS - ok
17:26:06.0423 2628 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:26:06.0438 2628 SensrSvc - ok
17:26:06.0438 2628 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:26:06.0438 2628 Serenum - ok
17:26:06.0454 2628 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:26:06.0454 2628 Serial - ok
17:26:06.0454 2628 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:26:06.0470 2628 sermouse - ok
17:26:06.0485 2628 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
17:26:06.0516 2628 SessionEnv - ok
17:26:06.0516 2628 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:26:06.0532 2628 sffdisk - ok
17:26:06.0532 2628 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:26:06.0548 2628 sffp_mmc - ok
17:26:06.0548 2628 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:26:06.0563 2628 sffp_sd - ok
17:26:06.0563 2628 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:26:06.0579 2628 sfloppy - ok
17:26:06.0594 2628 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:26:06.0610 2628 SharedAccess - ok
17:26:06.0641 2628 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:26:06.0672 2628 ShellHWDetection - ok
17:26:06.0672 2628 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
17:26:06.0672 2628 sisagp - ok
17:26:06.0688 2628 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:26:06.0704 2628 SiSRaid2 - ok
17:26:06.0704 2628 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:26:06.0704 2628 SiSRaid4 - ok
17:26:06.0719 2628 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:26:06.0735 2628 Smb - ok
17:26:06.0735 2628 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:26:06.0750 2628 SNMPTRAP - ok
17:26:06.0750 2628 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:26:06.0766 2628 spldr - ok
17:26:06.0766 2628 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe
17:26:06.0797 2628 Spooler - ok
17:26:06.0844 2628 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
17:26:06.0953 2628 sppsvc - ok
17:26:06.0953 2628 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:26:07.0000 2628 sppuinotify - ok
17:26:07.0000 2628 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:26:07.0031 2628 srv - ok
17:26:07.0031 2628 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:26:07.0047 2628 srv2 - ok
17:26:07.0062 2628 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:26:07.0078 2628 srvnet - ok
17:26:07.0078 2628 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:26:07.0109 2628 SSDPSRV - ok
17:26:07.0109 2628 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:26:07.0140 2628 SstpSvc - ok
17:26:07.0203 2628 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:26:07.0250 2628 Stereo Service - ok
17:26:07.0250 2628 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:26:07.0265 2628 stexstor - ok
17:26:07.0296 2628 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
17:26:07.0328 2628 StiSvc - ok
17:26:07.0343 2628 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
17:26:07.0343 2628 storflt - ok
17:26:07.0343 2628 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
17:26:07.0359 2628 storvsc - ok
17:26:07.0359 2628 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:26:07.0374 2628 swenum - ok
17:26:07.0374 2628 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:26:07.0406 2628 swprv - ok
17:26:07.0421 2628 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
17:26:07.0468 2628 SysMain - ok
17:26:07.0468 2628 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:26:07.0484 2628 TabletInputService - ok
17:26:07.0499 2628 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
17:26:07.0530 2628 TapiSrv - ok
17:26:07.0530 2628 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:26:07.0546 2628 TBS - ok
17:26:07.0593 2628 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:26:07.0655 2628 Tcpip - ok
17:26:07.0718 2628 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:26:07.0749 2628 TCPIP6 - ok
17:26:07.0764 2628 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:26:07.0780 2628 tcpipreg - ok
17:26:07.0780 2628 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:26:07.0811 2628 TDPIPE - ok
17:26:07.0827 2628 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:26:07.0858 2628 TDTCP - ok
17:26:07.0858 2628 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:26:07.0889 2628 tdx - ok
17:26:07.0889 2628 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:26:07.0905 2628 TermDD - ok
17:26:07.0920 2628 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
17:26:07.0936 2628 TermService - ok
17:26:07.0952 2628 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:26:07.0967 2628 Themes - ok
17:26:07.0983 2628 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:26:07.0998 2628 THREADORDER - ok
17:26:08.0014 2628 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:26:08.0045 2628 TrkWks - ok
17:26:08.0076 2628 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:26:08.0108 2628 TrustedInstaller - ok
17:26:08.0108 2628 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:08.0139 2628 tssecsrv - ok
17:26:08.0154 2628 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:26:08.0170 2628 tunnel - ok
17:26:08.0186 2628 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:26:08.0201 2628 uagp35 - ok
17:26:08.0201 2628 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:26:08.0217 2628 udfs - ok
17:26:08.0232 2628 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:26:08.0248 2628 UI0Detect - ok
17:26:08.0264 2628 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:26:08.0264 2628 uliagpkx - ok
17:26:08.0264 2628 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:26:08.0279 2628 umbus - ok
17:26:08.0295 2628 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:26:08.0295 2628 UmPass - ok
17:26:08.0310 2628 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
17:26:08.0326 2628 UmRdpService - ok
17:26:08.0342 2628 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:26:08.0373 2628 upnphost - ok
17:26:08.0373 2628 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:08.0388 2628 usbccgp - ok
17:26:08.0388 2628 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:26:08.0404 2628 usbcir - ok
17:26:08.0404 2628 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:26:08.0404 2628 usbehci - ok
17:26:08.0420 2628 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:26:08.0435 2628 usbhub - ok
17:26:08.0451 2628 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:26:08.0451 2628 usbohci - ok
17:26:08.0451 2628 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:26:08.0466 2628 usbprint - ok
17:26:08.0466 2628 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:08.0466 2628 USBSTOR - ok
17:26:08.0482 2628 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:26:08.0498 2628 usbuhci - ok
17:26:08.0513 2628 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:26:08.0529 2628 UxSms - ok
17:26:08.0544 2628 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
17:26:08.0544 2628 VaultSvc - ok
17:26:08.0544 2628 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:26:08.0560 2628 vdrvroot - ok
17:26:08.0560 2628 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
17:26:08.0591 2628 vds - ok
17:26:08.0591 2628 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:26:08.0607 2628 vga - ok
17:26:08.0607 2628 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:26:08.0622 2628 VgaSave - ok
17:26:08.0638 2628 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:26:08.0654 2628 vhdmp - ok
17:26:08.0654 2628 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
17:26:08.0654 2628 viaagp - ok
17:26:08.0669 2628 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:26:08.0669 2628 ViaC7 - ok
17:26:08.0669 2628 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:26:08.0685 2628 viaide - ok
17:26:08.0685 2628 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
17:26:08.0700 2628 vmbus - ok
17:26:08.0700 2628 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
17:26:08.0716 2628 VMBusHID - ok
17:26:08.0716 2628 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:26:08.0716 2628 volmgr - ok
17:26:08.0732 2628 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:26:08.0732 2628 volmgrx - ok
17:26:08.0763 2628 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:26:08.0763 2628 volsnap - ok
17:26:08.0778 2628 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:26:08.0778 2628 vsmraid - ok
17:26:08.0794 2628 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
17:26:08.0825 2628 VSS - ok
17:26:08.0825 2628 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:26:08.0841 2628 vwifibus - ok
17:26:08.0841 2628 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:26:08.0841 2628 vwififlt - ok
17:26:08.0856 2628 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:26:08.0872 2628 W32Time - ok
17:26:08.0872 2628 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:26:08.0888 2628 WacomPen - ok
17:26:08.0888 2628 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:26:08.0903 2628 WANARP - ok
17:26:08.0903 2628 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:26:08.0919 2628 Wanarpv6 - ok
17:26:08.0981 2628 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:26:09.0028 2628 WatAdminSvc - ok
17:26:09.0059 2628 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
17:26:09.0122 2628 wbengine - ok
17:26:09.0122 2628 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:26:09.0137 2628 WbioSrvc - ok
17:26:09.0137 2628 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:26:09.0168 2628 wcncsvc - ok
17:26:09.0168 2628 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:26:09.0200 2628 WcsPlugInService - ok
17:26:09.0200 2628 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:26:09.0215 2628 Wd - ok
17:26:09.0215 2628 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:26:09.0231 2628 Wdf01000 - ok
17:26:09.0246 2628 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:26:09.0262 2628 WdiServiceHost - ok
17:26:09.0262 2628 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:26:09.0262 2628 WdiSystemHost - ok
17:26:09.0278 2628 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
17:26:09.0293 2628 WebClient - ok
17:26:09.0309 2628 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:26:09.0324 2628 Wecsvc - ok
17:26:09.0340 2628 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:26:09.0356 2628 wercplsupport - ok
17:26:09.0371 2628 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:26:09.0402 2628 WerSvc - ok
17:26:09.0402 2628 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:26:09.0418 2628 WfpLwf - ok
17:26:09.0418 2628 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:26:09.0434 2628 WIMMount - ok
17:26:09.0480 2628 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:26:09.0527 2628 WinDefend - ok
17:26:09.0527 2628 WinHttpAutoProxySvc - ok
17:26:09.0621 2628 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:26:09.0668 2628 Winmgmt - ok
17:26:09.0699 2628 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
17:26:09.0761 2628 WinRM - ok
17:26:09.0808 2628 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:26:09.0855 2628 Wlansvc - ok
17:26:09.0870 2628 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:26:09.0886 2628 WmiAcpi - ok
17:26:09.0917 2628 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:26:09.0933 2628 wmiApSrv - ok
17:26:09.0964 2628 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:26:10.0058 2628 WMPNetworkSvc - ok
17:26:10.0073 2628 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:26:10.0104 2628 WPCSvc - ok
17:26:10.0104 2628 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:26:10.0151 2628 WPDBusEnum - ok
17:26:10.0151 2628 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:26:10.0182 2628 ws2ifsl - ok
17:26:10.0198 2628 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:26:10.0214 2628 wscsvc - ok
17:26:10.0214 2628 WSearch - ok
17:26:10.0245 2628 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:26:10.0323 2628 wuauserv - ok
17:26:10.0338 2628 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:26:10.0354 2628 WudfPf - ok
17:26:10.0370 2628 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:26:10.0385 2628 wudfsvc - ok
17:26:10.0401 2628 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:26:10.0401 2628 WwanSvc - ok
17:26:10.0416 2628 ================ Scan global ===============================
17:26:10.0448 2628 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
17:26:10.0463 2628 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
17:26:10.0479 2628 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
17:26:10.0510 2628 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:26:10.0510 2628 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:26:10.0526 2628 [Global] - ok
17:26:10.0526 2628 ================ Scan MBR ==================================
17:26:10.0526 2628 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:26:11.0025 2628 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:26:11.0025 2628 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:26:11.0025 2628 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:26:11.0134 2628 \Device\Harddisk1\DR1 - ok
17:26:11.0150 2628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
17:26:12.0569 2628 \Device\Harddisk2\DR2 - ok
17:26:12.0569 2628 ================ Scan VBR ==================================
17:26:12.0569 2628 [ F339031EEF3CF76DE42F3E735AA738E2 ] \Device\Harddisk0\DR0\Partition1
17:26:12.0569 2628 \Device\Harddisk0\DR0\Partition1 - ok
17:26:12.0585 2628 [ 461DF96F392691B7BBB3DF4E4591DA78 ] \Device\Harddisk0\DR0\Partition2
17:26:12.0585 2628 \Device\Harddisk0\DR0\Partition2 - ok
17:26:12.0600 2628 [ 2F761EB74949C2C209353ED4C2B81791 ] \Device\Harddisk1\DR1\Partition1
17:26:12.0600 2628 \Device\Harddisk1\DR1\Partition1 - ok
17:26:12.0600 2628 [ 9322CDFB425B18D05675CCE19F6E5EFF ] \Device\Harddisk2\DR2\Partition1
17:26:12.0600 2628 \Device\Harddisk2\DR2\Partition1 - ok
17:26:12.0600 2628 ============================================================
17:26:12.0600 2628 Scan finished
17:26:12.0600 2628 ============================================================
17:26:12.0616 1452 Detected object count: 2
17:26:12.0616 1452 Actual detected object count: 2
17:26:41.0351 1452 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:41.0351 1452 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:41.0382 1452 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:26:41.0382 1452 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:26:41.0382 1452 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:26:41.0398 1452 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:26:41.0414 1452 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:26:41.0429 1452 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:26:41.0429 1452 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:26:41.0445 1452 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:26:41.0445 1452 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:26:41.0445 1452 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:26:41.0445 1452 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:26:41.0460 1452 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:26:41.0460 1452 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:26:41.0460 1452 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:26:41.0460 1452 \Device\Harddisk0\DR0\TDLFS - deleted
17:26:41.0460 1452 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
If you are still getting redirected:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.
  • 0

#7
dost

dost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have don't have google redirects or preformance issues anymore, and I'm able to update my windows now.

However, I received the rootkit virus after I reformatted my harddrive and reinstalled windows. Is it still possible the virus may still lie in my external harddrives, or has this process eleminated that threat anyway?
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
If it's an MBR virus then it doesn't matter if it's on your external drives since you don't boot off them (tho MBRCheck says your external drives that it saw have valid MBRS). The danger is if it's also one that fires off via Autorun.inf or Desktop.ini. Normally there is a Windows update that removes the ability to run autorun.inf programs on anything but CD/DVDs but I don't see it on your PC. Farber said your Windows Update was not running. Make sure you have all of your updates and that you keep up to date or you will get infected again. If you have Java or Adobe products like reader or flash these must also be kept up to date.

I don't see an anti-virus. I would get the free Avast!

http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free tho the free version will not be the default.

There is a program called AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC via autorun.inf if you do not have the windows update that removes autorun from everything but CD/DVDs.

Download, Save and Run by Right clicking and Run As Admin.

The other threat is easy to guard again. You use a Command Window to put a directory called desktop.ini in the root of each drive. Say you have an external drive in F:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


F:
mkdir  \desktop.ini

(you can also do the same for autorun.inf)
mkdir  \autorun.inf

Then I would scan the drive with Avast.

One other precaution. The maximum number of partitions on a drive is 4 so you can prevent one of the nastiest infections by simply creating more minimum size partitions on your boot drive so that you have a total of 4.


You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP