Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Home Desktop - Firefox - Server Not Found - Virus? [Closed]

Started by Daniel Christmas Lee , Mar 29 2012 12:19 AM

Page 4 of 11
2
3
4
5
6

Please log in to reply

#46
godawgs

Posted 19 June 2012 - 10:28 AM

Teacher

Retired Staff
8,228 posts

And let me know how the problem with the browsers is.

#47
Daniel Christmas Lee

Posted 22 June 2012 - 09:26 AM

Member

Topic Starter
Member
208 posts

Here is my MBAM log, still have to do ESET. Thank you Godawgs for having patience with me... as you can tell, I'm very busy at times... but we're inching along!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.21.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DLee :: DOLICA [administrator]

6/21/2012 3:57:51 PM
mbam-log-2012-06-21 (15-57-51).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358713
Time elapsed: 50 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#48
Daniel Christmas Lee

Posted 22 June 2012 - 09:51 AM

Member

Topic Starter
Member
208 posts

THIS IS AN EMERGENCY

Something has gone wrong and Microsoft Security Essentials has repeatedly detected a Trojan:DOS/Alureon.E

Attached is a screen shot... it won't stop. I can't remove it. It just keeps on detecting it... non stop.

WHAT DO I DO!?

Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh

Please help! Thanks!

Attached Thumbnails

#49
Daniel Christmas Lee

Posted 22 June 2012 - 09:56 AM

Member

Topic Starter
Member
208 posts

... and I successfully attached (uploaded) that image in my previous reply without timing out Firefox... however, further tests are required.

What I did was I killed the Microsoft Security Essentials process...

But I am worried. What is this Trojan:DOS/Alureon.E? And why couldn't MSE remove it? Help! Help!

#50
godawgs

Posted 22 June 2012 - 10:08 AM

Teacher

Retired Staff
8,228 posts

Delete the old copy of aswMBR from the desktop. Delete the MBR.dat and MBR.txt files as well.

Now download a fresh copy of aswMBR and run it.

Run aswMBR

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.

Things For Your Next Post:
1. The aswMBR log

#51
Daniel Christmas Lee

Posted 22 June 2012 - 10:14 AM

Member

Topic Starter
Member
208 posts

Thank you Godawgs for the quick reply. I am running the quick scan... will update shortly with a log!

#52
Daniel Christmas Lee

Posted 22 June 2012 - 10:37 AM

Member

Topic Starter
Member
208 posts

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 09:13:05
-----------------------------
09:13:05.987 OS Version: Windows 6.1.7601 Service Pack 1
09:13:05.987 Number of processors: 4 586 0x2505
09:13:05.988 ComputerName: DOLICA UserName: DLee
09:13:07.204 Initialize success
09:14:09.443 AVAST engine defs: 12062200
09:14:22.925 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:14:22.927 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 11
09:14:22.929 Disk 0 MBR read successfully
09:14:22.930 Disk 0 MBR scan
09:14:22.934 Disk 0 Windows 7 default MBR code
09:14:22.936 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:14:22.959 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 81920
09:14:22.986 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 304445 MB offset 1617920
09:14:23.015 Disk 0 scanning sectors +625121968
09:14:23.117 Disk 0 scanning C:\Windows\system32\drivers
09:14:39.563 Service scanning
09:14:50.264 Service MpKsleeabc2d0 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FA29868-4EB8-4F62-9F00-541EE71BF235}\MpKsleeabc2d0.sys **LOCKED** 32
09:15:01.709 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:15:09.165 Modules scanning
09:15:15.028 Disk 0 trace - called modules:
09:15:15.049 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x859631e8]<<
09:15:15.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86878ac8]
09:15:15.058 3 CLASSPNP.SYS[8bb8859e] -> nt!IofCallDriver -> [0x866a2918]
09:15:15.062 5 ACPI.sys[8b6313d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866e0030]
09:15:15.066 \Driver\atapi[0x866c6660] -> IRP_MJ_CREATE -> 0x859631e8
09:15:15.787 AVAST engine scan C:\Windows
09:15:17.753 AVAST engine scan C:\Windows\system32
09:18:52.086 AVAST engine scan C:\Windows\system32\drivers
09:19:19.427 AVAST engine scan C:\Users\DLee
09:26:17.483 AVAST engine scan C:\ProgramData
09:35:31.571 Scan finished successfully
09:36:58.747 Disk 0 MBR has been saved successfully to "C:\Users\DLee\Desktop\MBR.dat"
09:36:58.801 The log file has been saved successfully to "C:\Users\DLee\Desktop\aswMBR LOG.txt"

#53
Daniel Christmas Lee

Posted 22 June 2012 - 11:39 AM

Member

Topic Starter
Member
208 posts

And FYI, my problem with uploading/downloading then Firefox losing connection still exists...

This makes me sad

How come I have all these problems?

#54
godawgs

Posted 22 June 2012 - 02:22 PM

Teacher

Retired Staff
8,228 posts

Hi Daniel,

How come I have all these problems?

Because your computer was infected. And malware hides almost everywhere and it take time to run it down. I believe another part of the problem is the way we are having to try to find and kill the malware. Because it is a work computer you need to use it all day and we are trying to identify what is wrong and kill it when we can.
But the days between getting information from you and all the while using the computer is, I believe, making us play catch up all the time. The days between asking for information and getting a reply are days that the malware spends trying hide and do more damage. As a result new problems are always showing up and I'm not sure we will ever get ahead of it this way.

It appears that MSSE is finding files that are already in the TDSSKiller's quarantine folder. If you look at the bottom of the screen shot you will see this:

Items:
file:C\TDSSKiller_Quarantine\19.03.2012_09.51.37\mbr0000\mbr0000\tsk0001.dta

That indicates that the file(s) found are already quarantined and aren't harmful. BUT, the aswMBR scan did find another UNKNOWN file so let's get a new TDSSKiller and run it.

Please delete the old TDSSKiller.exe file and any TDSSKiller text files from the desktop. And delete the TDSSKiller_Quarantine folder from the rood drive (C:)

TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Turn MSSE back on and see if it still detects anything.

Things For Your Next Post:
1. The TDSSKiller log

#55
Daniel Christmas Lee

Posted 22 June 2012 - 02:29 PM

Member

Topic Starter
Member
208 posts

My apologies, I too am frustrated that I cannot fit fixing my computer into my work schedule.

As for the current concern regarding MSSE... I must clarify that the problem is that MSSE is ... every second/minute... popping up a new notification (lower right) telling that so and such Trojan has been quarantined. As per my screen shot, you can see that the list is long, logging at various times the same Trojan... and the list continues... on and on... eventually lagging my computer.

I've disabled MSSE.

And I will run the TDSKiller now and will report back shortly!

Thanks again!

#56
Daniel Christmas Lee

Posted 22 June 2012 - 02:39 PM

Member

Topic Starter
Member
208 posts

13:38:24.0916 4420 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
13:38:25.0395 4420 ============================================================
13:38:25.0395 4420 Current date / time: 2012/06/22 13:38:25.0395
13:38:25.0395 4420 SystemInfo:
13:38:25.0395 4420
13:38:25.0395 4420 OS Version: 6.1.7601 ServicePack: 1.0
13:38:25.0395 4420 Product type: Workstation
13:38:25.0395 4420 ComputerName: DOLICA
13:38:25.0396 4420 UserName: DLee
13:38:25.0396 4420 Windows directory: C:\Windows
13:38:25.0396 4420 System windows directory: C:\Windows
13:38:25.0396 4420 Processor architecture: Intel x86
13:38:25.0396 4420 Number of processors: 4
13:38:25.0396 4420 Page size: 0x1000
13:38:25.0396 4420 Boot type: Normal boot
13:38:25.0396 4420 ============================================================
13:38:26.0532 4420 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:38:26.0561 4420 ============================================================
13:38:26.0561 4420 \Device\Harddisk0\DR0:
13:38:26.0561 4420 MBR partitions:
13:38:26.0561 4420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x177000
13:38:26.0561 4420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18B000, BlocksNum 0x2529EAB0
13:38:26.0561 4420 ============================================================
13:38:26.0596 4420 C: <-> \Device\Harddisk0\DR0\Partition1
13:38:26.0596 4420 ============================================================
13:38:26.0596 4420 Initialize success
13:38:26.0596 4420 ============================================================
13:38:32.0534 4472 ============================================================
13:38:32.0535 4472 Scan started
13:38:32.0535 4472 Mode: Manual; SigCheck; TDLFS;
13:38:32.0535 4472 ============================================================
13:38:33.0006 4472 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:38:33.0049 4472 !SASCORE - ok
13:38:33.0152 4472 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:38:33.0174 4472 1394ohci - ok
13:38:33.0211 4472 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:38:33.0226 4472 ACPI - ok
13:38:33.0236 4472 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:38:33.0250 4472 AcpiPmi - ok
13:38:33.0322 4472 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:38:33.0336 4472 AdobeFlashPlayerUpdateSvc - ok
13:38:33.0406 4472 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:38:33.0458 4472 adp94xx - ok
13:38:33.0549 4472 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:38:33.0572 4472 adpahci - ok
13:38:33.0593 4472 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:38:33.0613 4472 adpu320 - ok
13:38:33.0650 4472 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:38:33.0660 4472 AeLookupSvc - ok
13:38:33.0706 4472 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:38:33.0729 4472 AFD - ok
13:38:33.0749 4472 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:38:33.0759 4472 agp440 - ok
13:38:33.0778 4472 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:38:33.0792 4472 aic78xx - ok
13:38:33.0806 4472 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:38:33.0818 4472 ALG - ok
13:38:33.0827 4472 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:38:33.0838 4472 aliide - ok
13:38:33.0853 4472 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:38:33.0863 4472 amdagp - ok
13:38:33.0874 4472 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:38:33.0884 4472 amdide - ok
13:38:33.0899 4472 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:38:33.0911 4472 AmdK8 - ok
13:38:33.0917 4472 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:38:33.0930 4472 AmdPPM - ok
13:38:33.0978 4472 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:38:33.0989 4472 amdsata - ok
13:38:34.0012 4472 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:38:34.0031 4472 amdsbs - ok
13:38:34.0048 4472 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:38:34.0057 4472 amdxata - ok
13:38:34.0084 4472 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:38:34.0106 4472 AppID - ok
13:38:34.0121 4472 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:38:34.0143 4472 AppIDSvc - ok
13:38:34.0178 4472 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:38:34.0200 4472 Appinfo - ok
13:38:34.0228 4472 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:38:34.0249 4472 AppMgmt - ok
13:38:34.0270 4472 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:38:34.0281 4472 arc - ok
13:38:34.0294 4472 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:38:34.0307 4472 arcsas - ok
13:38:34.0328 4472 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:38:34.0352 4472 AsyncMac - ok
13:38:34.0362 4472 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:38:34.0371 4472 atapi - ok
13:38:34.0425 4472 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:38:34.0454 4472 AudioEndpointBuilder - ok
13:38:34.0458 4472 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:38:34.0485 4472 Audiosrv - ok
13:38:34.0510 4472 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:38:34.0527 4472 AxInstSV - ok
13:38:34.0583 4472 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:38:34.0640 4472 b06bdrv - ok
13:38:34.0667 4472 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:38:34.0684 4472 b57nd60x - ok
13:38:34.0719 4472 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:38:34.0732 4472 BDESVC - ok
13:38:34.0752 4472 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:38:34.0776 4472 Beep - ok
13:38:34.0824 4472 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:38:34.0854 4472 BFE - ok
13:38:34.0907 4472 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
13:38:34.0942 4472 BITS - ok
13:38:34.0965 4472 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:38:34.0978 4472 blbdrive - ok
13:38:35.0015 4472 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:38:35.0033 4472 bowser - ok
13:38:35.0040 4472 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:38:35.0052 4472 BrFiltLo - ok
13:38:35.0065 4472 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:38:35.0078 4472 BrFiltUp - ok
13:38:35.0124 4472 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
13:38:35.0148 4472 BridgeMP - ok
13:38:35.0176 4472 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:38:35.0211 4472 Browser - ok
13:38:35.0239 4472 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:38:35.0265 4472 Brserid - ok
13:38:35.0278 4472 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:38:35.0293 4472 BrSerWdm - ok
13:38:35.0312 4472 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:38:35.0325 4472 BrUsbMdm - ok
13:38:35.0331 4472 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:38:35.0343 4472 BrUsbSer - ok
13:38:35.0356 4472 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:38:35.0370 4472 BTHMODEM - ok
13:38:35.0384 4472 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:38:35.0409 4472 bthserv - ok
13:38:35.0423 4472 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:38:35.0447 4472 cdfs - ok
13:38:35.0481 4472 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:38:35.0496 4472 cdrom - ok
13:38:35.0529 4472 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:38:35.0551 4472 CertPropSvc - ok
13:38:35.0564 4472 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:38:35.0577 4472 circlass - ok
13:38:35.0619 4472 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:38:35.0637 4472 CLFS - ok
13:38:35.0712 4472 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:38:35.0722 4472 clr_optimization_v2.0.50727_32 - ok
13:38:35.0790 4472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:38:35.0810 4472 clr_optimization_v4.0.30319_32 - ok
13:38:35.0821 4472 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:38:35.0833 4472 CmBatt - ok
13:38:35.0859 4472 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:38:35.0868 4472 cmdide - ok
13:38:35.0908 4472 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:38:35.0932 4472 CNG - ok
13:38:35.0944 4472 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:38:35.0954 4472 Compbatt - ok
13:38:35.0982 4472 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:38:35.0996 4472 CompositeBus - ok
13:38:35.0998 4472 COMSysApp - ok
13:38:36.0009 4472 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:38:36.0018 4472 crcdisk - ok
13:38:36.0048 4472 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
13:38:36.0070 4472 CryptSvc - ok
13:38:36.0110 4472 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:38:36.0135 4472 CSC - ok
13:38:36.0188 4472 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:38:36.0212 4472 CscService - ok
13:38:36.0243 4472 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:38:36.0267 4472 DcomLaunch - ok
13:38:36.0313 4472 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:38:36.0344 4472 defragsvc - ok
13:38:36.0404 4472 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:38:36.0427 4472 DfsC - ok
13:38:36.0479 4472 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:38:36.0507 4472 Dhcp - ok
13:38:36.0517 4472 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:38:36.0541 4472 discache - ok
13:38:36.0551 4472 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:38:36.0561 4472 Disk - ok
13:38:36.0607 4472 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:38:36.0633 4472 Dnscache - ok
13:38:36.0670 4472 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:38:36.0699 4472 dot3svc - ok
13:38:36.0732 4472 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:38:36.0764 4472 DPS - ok
13:38:36.0791 4472 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:38:36.0804 4472 drmkaud - ok
13:38:36.0852 4472 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:38:36.0870 4472 dtsoftbus01 - ok
13:38:36.0942 4472 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:38:36.0966 4472 DXGKrnl - ok
13:38:37.0001 4472 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:38:37.0028 4472 EapHost - ok
13:38:37.0199 4472 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:38:37.0261 4472 ebdrv - ok
13:38:37.0360 4472 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:38:37.0372 4472 EFS - ok
13:38:37.0453 4472 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:38:37.0478 4472 ehRecvr - ok
13:38:37.0512 4472 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:38:37.0527 4472 ehSched - ok
13:38:37.0597 4472 ElephantDrive-MappedDrive.exe (20495d06ef477c6bf478d547d86a5ffd) C:\Program Files\ElephantDrive\ElephantDrive\ElephantDrive-MappedDrive.exe
13:38:37.0607 4472 ElephantDrive-MappedDrive.exe - ok
13:38:37.0623 4472 ElephantDrive-Service.exe (a8c5cac04ddb103f3560d70f3f63b380) C:\Program Files\ElephantDrive\ElephantDrive\ElephantDrive-Service.exe
13:38:37.0632 4472 ElephantDrive-Service.exe - ok
13:38:37.0711 4472 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:38:37.0729 4472 elxstor - ok
13:38:37.0754 4472 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:38:37.0766 4472 ErrDev - ok
13:38:37.0833 4472 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:38:37.0862 4472 EventSystem - ok
13:38:37.0879 4472 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:38:37.0912 4472 exfat - ok
13:38:37.0930 4472 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:38:37.0963 4472 fastfat - ok
13:38:38.0016 4472 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:38:38.0040 4472 Fax - ok
13:38:38.0051 4472 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:38:38.0064 4472 fdc - ok
13:38:38.0075 4472 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:38:38.0099 4472 fdPHost - ok
13:38:38.0105 4472 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:38:38.0129 4472 FDResPub - ok
13:38:38.0138 4472 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:38:38.0148 4472 FileInfo - ok
13:38:38.0157 4472 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:38:38.0181 4472 Filetrace - ok
13:38:38.0191 4472 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:38:38.0201 4472 flpydisk - ok
13:38:38.0226 4472 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:38:38.0244 4472 FltMgr - ok
13:38:38.0315 4472 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:38:38.0352 4472 FontCache - ok
13:38:38.0445 4472 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:38:38.0453 4472 FontCache3.0.0.0 - ok
13:38:38.0468 4472 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:38:38.0478 4472 FsDepends - ok
13:38:38.0494 4472 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:38:38.0504 4472 Fs_Rec - ok
13:38:38.0578 4472 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:38:38.0597 4472 fvevol - ok
13:38:38.0614 4472 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:38:38.0624 4472 gagp30kx - ok
13:38:38.0682 4472 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:38:38.0717 4472 gpsvc - ok
13:38:38.0840 4472 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:38:38.0858 4472 gupdate - ok
13:38:38.0861 4472 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:38:38.0870 4472 gupdatem - ok
13:38:38.0887 4472 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:38:38.0899 4472 hcw85cir - ok
13:38:38.0941 4472 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:38:38.0966 4472 HdAudAddService - ok
13:38:39.0000 4472 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:38:39.0024 4472 HDAudBus - ok
13:38:39.0058 4472 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
13:38:39.0077 4472 HECI - ok
13:38:39.0091 4472 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:38:39.0103 4472 HidBatt - ok
13:38:39.0119 4472 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:38:39.0135 4472 HidBth - ok
13:38:39.0144 4472 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:38:39.0158 4472 HidIr - ok
13:38:39.0189 4472 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
13:38:39.0213 4472 hidserv - ok
13:38:39.0224 4472 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:38:39.0236 4472 HidUsb - ok
13:38:39.0265 4472 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:38:39.0291 4472 hkmsvc - ok
13:38:39.0336 4472 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:38:39.0363 4472 HomeGroupListener - ok
13:38:39.0399 4472 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:38:39.0419 4472 HomeGroupProvider - ok
13:38:39.0439 4472 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:38:39.0449 4472 HpSAMD - ok
13:38:39.0501 4472 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:38:39.0537 4472 HTTP - ok
13:38:39.0572 4472 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:38:39.0582 4472 hwpolicy - ok
13:38:39.0614 4472 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:38:39.0629 4472 i8042prt - ok
13:38:39.0658 4472 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
13:38:39.0681 4472 iaStorV - ok
13:38:39.0800 4472 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:38:39.0823 4472 idsvc - ok
13:38:39.0839 4472 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:38:39.0850 4472 iirsp - ok
13:38:39.0916 4472 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:38:39.0953 4472 IKEEXT - ok
13:38:39.0963 4472 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:38:39.0972 4472 intelide - ok
13:38:39.0984 4472 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:38:39.0996 4472 intelppm - ok
13:38:40.0025 4472 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:38:40.0052 4472 IPBusEnum - ok
13:38:40.0067 4472 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:38:40.0091 4472 IpFilterDriver - ok
13:38:40.0127 4472 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:38:40.0163 4472 iphlpsvc - ok
13:38:40.0196 4472 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:38:40.0208 4472 IPMIDRV - ok
13:38:40.0235 4472 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:38:40.0260 4472 IPNAT - ok
13:38:40.0274 4472 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:38:40.0288 4472 IRENUM - ok
13:38:40.0303 4472 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:38:40.0314 4472 isapnp - ok
13:38:40.0353 4472 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:38:40.0369 4472 iScsiPrt - ok
13:38:40.0423 4472 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
13:38:40.0436 4472 k57nd60x - ok
13:38:40.0451 4472 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:38:40.0461 4472 kbdclass - ok
13:38:40.0493 4472 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:38:40.0505 4472 kbdhid - ok
13:38:40.0535 4472 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:38:40.0547 4472 KeyIso - ok
13:38:40.0571 4472 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:38:40.0582 4472 KSecDD - ok
13:38:40.0601 4472 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:38:40.0621 4472 KSecPkg - ok
13:38:40.0662 4472 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:38:40.0699 4472 KtmRm - ok
13:38:40.0732 4472 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
13:38:40.0764 4472 LanmanServer - ok
13:38:40.0796 4472 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:38:40.0823 4472 LanmanWorkstation - ok
13:38:40.0929 4472 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:38:40.0951 4472 LBTServ - ok
13:38:40.0965 4472 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\Windows\system32\Drivers\LEqdUsb.Sys
13:38:40.0974 4472 LEqdUsb - ok
13:38:40.0992 4472 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\Windows\system32\Drivers\LHidEqd.Sys
13:38:41.0001 4472 LHidEqd - ok
13:38:41.0011 4472 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:38:41.0020 4472 LHidFilt - ok
13:38:41.0054 4472 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:38:41.0078 4472 lltdio - ok
13:38:41.0118 4472 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:38:41.0151 4472 lltdsvc - ok
13:38:41.0165 4472 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:38:41.0188 4472 lmhosts - ok
13:38:41.0216 4472 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:38:41.0226 4472 LMouFilt - ok
13:38:41.0250 4472 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:38:41.0261 4472 LSI_FC - ok
13:38:41.0273 4472 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:38:41.0287 4472 LSI_SAS - ok
13:38:41.0303 4472 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:38:41.0313 4472 LSI_SAS2 - ok
13:38:41.0325 4472 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:38:41.0337 4472 LSI_SCSI - ok
13:38:41.0354 4472 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:38:41.0382 4472 luafv - ok
13:38:41.0418 4472 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:38:41.0434 4472 Mcx2Svc - ok
13:38:41.0448 4472 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:38:41.0458 4472 megasas - ok
13:38:41.0493 4472 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:38:41.0510 4472 MegaSR - ok
13:38:41.0528 4472 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:38:41.0552 4472 MMCSS - ok
13:38:41.0561 4472 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:38:41.0584 4472 Modem - ok
13:38:41.0615 4472 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:38:41.0628 4472 monitor - ok
13:38:41.0659 4472 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:38:41.0669 4472 mouclass - ok
13:38:41.0676 4472 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:38:41.0688 4472 mouhid - ok
13:38:41.0726 4472 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:38:41.0737 4472 mountmgr - ok
13:38:41.0798 4472 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:38:41.0808 4472 MozillaMaintenance - ok
13:38:41.0836 4472 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
13:38:41.0855 4472 MpFilter - ok
13:38:41.0890 4472 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:38:41.0910 4472 mpio - ok
13:38:41.0996 4472 MpKsl8525d02d (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FA29868-4EB8-4F62-9F00-541EE71BF235}\MpKsl8525d02d.sys
13:38:42.0005 4472 MpKsl8525d02d - ok
13:38:42.0029 4472 MpKsleeabc2d0 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FA29868-4EB8-4F62-9F00-541EE71BF235}\MpKsleeabc2d0.sys
13:38:42.0037 4472 MpKsleeabc2d0 - ok
13:38:42.0060 4472 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:38:42.0082 4472 mpsdrv - ok
13:38:42.0137 4472 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:38:42.0170 4472 MpsSvc - ok
13:38:42.0210 4472 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:38:42.0235 4472 MRxDAV - ok
13:38:42.0275 4472 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:38:42.0308 4472 mrxsmb - ok
13:38:42.0339 4472 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:38:42.0357 4472 mrxsmb10 - ok
13:38:42.0396 4472 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:38:42.0419 4472 mrxsmb20 - ok
13:38:42.0433 4472 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
13:38:42.0443 4472 msahci - ok
13:38:42.0458 4472 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys
13:38:42.0479 4472 msdsm - ok
13:38:42.0512 4472 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:38:42.0534 4472 MSDTC - ok
13:38:42.0558 4472 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:38:42.0583 4472 Msfs - ok
13:38:42.0587 4472 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:38:42.0610 4472 mshidkmdf - ok
13:38:42.0628 4472 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:38:42.0637 4472 msisadrv - ok
13:38:42.0670 4472 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:38:42.0703 4472 MSiSCSI - ok
13:38:42.0705 4472 msiserver - ok
13:38:42.0730 4472 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:38:42.0754 4472 MSKSSRV - ok
13:38:42.0813 4472 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:38:42.0823 4472 MsMpSvc - ok
13:38:42.0838 4472 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:38:42.0862 4472 MSPCLOCK - ok
13:38:42.0880 4472 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:38:42.0904 4472 MSPQM - ok
13:38:42.0930 4472 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:38:42.0948 4472 MsRPC - ok
13:38:42.0962 4472 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:38:42.0972 4472 mssmbios - ok
13:38:43.0014 4472 MSSQL$ADCENTERDESKTOP - ok
13:38:43.0052 4472 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:38:43.0060 4472 MSSQLServerADHelper100 - ok
13:38:43.0072 4472 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:38:43.0096 4472 MSTEE - ok
13:38:43.0105 4472 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:38:43.0117 4472 MTConfig - ok
13:38:43.0136 4472 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:38:43.0147 4472 Mup - ok
13:38:43.0201 4472 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:38:43.0236 4472 napagent - ok
13:38:43.0274 4472 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:38:43.0293 4472 NativeWifiP - ok
13:38:43.0340 4472 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:38:43.0364 4472 NDIS - ok
13:38:43.0375 4472 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:38:43.0399 4472 NdisCap - ok
13:38:43.0413 4472 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:38:43.0435 4472 NdisTapi - ok
13:38:43.0464 4472 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:38:43.0487 4472 Ndisuio - ok
13:38:43.0539 4472 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:38:43.0572 4472 NdisWan - ok
13:38:43.0600 4472 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:38:43.0622 4472 NDProxy - ok
13:38:43.0640 4472 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:38:43.0664 4472 NetBIOS - ok
13:38:43.0713 4472 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:38:43.0744 4472 NetBT - ok
13:38:43.0768 4472 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:38:43.0780 4472 Netlogon - ok
13:38:43.0820 4472 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:38:43.0847 4472 Netman - ok
13:38:43.0873 4472 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:38:43.0909 4472 netprofm - ok
13:38:43.0977 4472 netr28u (9e0c69b1f27f10f2e05b94f655baa5fa) C:\Windows\system32\DRIVERS\netr28u.sys
13:38:44.0000 4472 netr28u - ok
13:38:44.0095 4472 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:38:44.0114 4472 NetTcpPortSharing - ok
13:38:44.0153 4472 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:38:44.0164 4472 nfrd960 - ok
13:38:44.0205 4472 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:38:44.0214 4472 NisDrv - ok
13:38:44.0270 4472 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:38:44.0288 4472 NisSrv - ok
13:38:44.0335 4472 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:38:44.0363 4472 NlaSvc - ok
13:38:44.0385 4472 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:38:44.0409 4472 Npfs - ok
13:38:44.0439 4472 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:38:44.0464 4472 nsi - ok
13:38:44.0469 4472 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:38:44.0493 4472 nsiproxy - ok
13:38:44.0611 4472 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:38:44.0647 4472 Ntfs - ok
13:38:44.0654 4472 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:38:44.0679 4472 Null - ok
13:38:45.0243 4472 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:38:45.0443 4472 nvlddmkm - ok
13:38:45.0594 4472 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:38:45.0615 4472 nvraid - ok
13:38:45.0635 4472 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:38:45.0654 4472 nvstor - ok
13:38:45.0722 4472 nvsvc (ce0939097491a3f101cc8511bdcaefc5) C:\Windows\system32\nvvsvc.exe
13:38:45.0743 4472 nvsvc - ok
13:38:45.0777 4472 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:38:45.0790 4472 nv_agp - ok
13:38:45.0822 4472 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:38:45.0834 4472 ohci1394 - ok
13:38:45.0905 4472 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:38:45.0923 4472 ose - ok
13:38:46.0192 4472 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:38:46.0281 4472 osppsvc - ok
13:38:46.0426 4472 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:38:46.0451 4472 p2pimsvc - ok
13:38:46.0496 4472 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:38:46.0520 4472 p2psvc - ok
13:38:46.0592 4472 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:38:46.0608 4472 Parport - ok
13:38:46.0634 4472 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:38:46.0644 4472 partmgr - ok
13:38:46.0658 4472 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:38:46.0670 4472 Parvdm - ok
13:38:46.0694 4472 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:38:46.0718 4472 PcaSvc - ok
13:38:46.0760 4472 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:38:46.0781 4472 pci - ok
13:38:46.0795 4472 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:38:46.0805 4472 pciide - ok
13:38:46.0827 4472 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:38:46.0846 4472 pcmcia - ok
13:38:46.0865 4472 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:38:46.0875 4472 pcw - ok
13:38:46.0915 4472 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:38:46.0950 4472 PEAUTH - ok
13:38:47.0049 4472 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:38:47.0089 4472 PeerDistSvc - ok
13:38:47.0200 4472 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:38:47.0251 4472 pla - ok
13:38:47.0372 4472 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:38:47.0397 4472 PlugPlay - ok
13:38:47.0428 4472 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:38:47.0440 4472 PNRPAutoReg - ok
13:38:47.0468 4472 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:38:47.0480 4472 PNRPsvc - ok
13:38:47.0506 4472 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:38:47.0538 4472 PolicyAgent - ok
13:38:47.0580 4472 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:38:47.0612 4472 Power - ok
13:38:47.0674 4472 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:38:47.0702 4472 PptpMiniport - ok
13:38:47.0731 4472 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:38:47.0742 4472 Processor - ok
13:38:47.0783 4472 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
13:38:47.0803 4472 ProfSvc - ok
13:38:47.0827 4472 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:38:47.0838 4472 ProtectedStorage - ok
13:38:47.0872 4472 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:38:47.0898 4472 Psched - ok
13:38:47.0988 4472 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:38:48.0027 4472 ql2300 - ok
13:38:48.0157 4472 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:38:48.0170 4472 ql40xx - ok
13:38:48.0210 4472 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:38:48.0231 4472 QWAVE - ok
13:38:48.0244 4472 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:38:48.0258 4472 QWAVEdrv - ok
13:38:48.0272 4472 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:38:48.0297 4472 RasAcd - ok
13:38:48.0326 4472 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:38:48.0349 4472 RasAgileVpn - ok
13:38:48.0360 4472 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:38:48.0387 4472 RasAuto - ok
13:38:48.0402 4472 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:38:48.0427 4472 Rasl2tp - ok
13:38:48.0465 4472 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:38:48.0493 4472 RasMan - ok
13:38:48.0524 4472 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:38:48.0549 4472 RasPppoe - ok
13:38:48.0559 4472 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:38:48.0582 4472 RasSstp - ok
13:38:48.0629 4472 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:38:48.0656 4472 rdbss - ok
13:38:48.0669 4472 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:38:48.0683 4472 rdpbus - ok
13:38:48.0713 4472 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:38:48.0735 4472 RDPCDD - ok
13:38:48.0771 4472 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:38:48.0804 4472 RDPDR - ok
13:38:48.0817 4472 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:38:48.0840 4472 RDPENCDD - ok
13:38:48.0844 4472 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:38:48.0867 4472 RDPREFMP - ok
13:38:48.0894 4472 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
13:38:48.0922 4472 RDPWD - ok
13:38:48.0963 4472 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:38:48.0981 4472 rdyboost - ok
13:38:49.0019 4472 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:38:49.0046 4472 RemoteAccess - ok
13:38:49.0082 4472 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:38:49.0116 4472 RemoteRegistry - ok
13:38:49.0124 4472 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:38:49.0150 4472 RpcEptMapper - ok
13:38:49.0185 4472 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:38:49.0196 4472 RpcLocator - ok
13:38:49.0244 4472 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:38:49.0269 4472 RpcSs - ok
13:38:49.0320 4472 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
13:38:49.0335 4472 RsFx0150 - ok
13:38:49.0369 4472 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:38:49.0393 4472 rspndr - ok
13:38:49.0425 4472 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:38:49.0435 4472 s3cap - ok
13:38:49.0452 4472 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:38:49.0464 4472 SamSs - ok
13:38:49.0518 4472 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:38:49.0526 4472 SASDIFSV - ok
13:38:49.0540 4472 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:38:49.0548 4472 SASKUTIL - ok
13:38:49.0579 4472 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:38:49.0590 4472 sbp2port - ok
13:38:49.0608 4472 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:38:49.0639 4472 SCardSvr - ok
13:38:49.0681 4472 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:38:49.0704 4472 scfilter - ok
13:38:49.0765 4472 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:38:49.0798 4472 Schedule - ok
13:38:49.0838 4472 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:38:49.0860 4472 SCPolicySvc - ok
13:38:49.0892 4472 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:38:49.0914 4472 SDRSVC - ok
13:38:49.0918 4472 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:38:49.0941 4472 secdrv - ok
13:38:49.0974 4472 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:38:49.0998 4472 seclogon - ok
13:38:50.0014 4472 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:38:50.0038 4472 SENS - ok
13:38:50.0072 4472 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:38:50.0095 4472 SensrSvc - ok
13:38:50.0108 4472 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:38:50.0120 4472 Serenum - ok
13:38:50.0133 4472 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:38:50.0148 4472 Serial - ok
13:38:50.0171 4472 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:38:50.0183 4472 sermouse - ok
13:38:50.0219 4472 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:38:50.0253 4472 SessionEnv - ok
13:38:50.0283 4472 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:38:50.0297 4472 sffdisk - ok
13:38:50.0308 4472 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:38:50.0322 4472 sffp_mmc - ok
13:38:50.0332 4472 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:38:50.0345 4472 sffp_sd - ok
13:38:50.0358 4472 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:38:50.0370 4472 sfloppy - ok
13:38:50.0418 4472 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:38:50.0455 4472 SharedAccess - ok
13:38:50.0517 4472 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:38:50.0549 4472 ShellHWDetection - ok
13:38:50.0581 4472 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:38:50.0592 4472 sisagp - ok
13:38:50.0604 4472 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:38:50.0615 4472 SiSRaid2 - ok
13:38:50.0638 4472 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:38:50.0649 4472 SiSRaid4 - ok
13:38:50.0661 4472 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:38:50.0686 4472 Smb - ok
13:38:50.0712 4472 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:38:50.0725 4472 SNMPTRAP - ok
13:38:50.0734 4472 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:38:50.0745 4472 spldr - ok
13:38:50.0794 4472 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:38:50.0828 4472 Spooler - ok
13:38:51.0017 4472 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:38:51.0085 4472 sppsvc - ok
13:38:51.0201 4472 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:38:51.0229 4472 sppuinotify - ok
13:38:51.0302 4472 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\Windows\System32\Drivers\sptd.sys
13:38:51.0302 4472 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
13:38:51.0303 4472 sptd ( LockedFile.Multi.Generic ) - warning
13:38:51.0303 4472 sptd - detected LockedFile.Multi.Generic (1)
13:38:51.0383 4472 SQLAgent$ADCENTERDESKTOP (37761f6be2ebaed72cc0d43bd4c8c2a6) c:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE
13:38:51.0402 4472 SQLAgent$ADCENTERDESKTOP - ok
13:38:51.0432 4472 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:38:51.0446 4472 SQLBrowser - ok
13:38:51.0473 4472 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:38:51.0484 4472 SQLWriter - ok
13:38:51.0536 4472 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:38:51.0563 4472 srv - ok
13:38:51.0607 4472 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:38:51.0631 4472 srv2 - ok
13:38:51.0659 4472 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:38:51.0672 4472 srvnet - ok
13:38:51.0711 4472 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:38:51.0744 4472 SSDPSRV - ok
13:38:51.0756 4472 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:38:51.0781 4472 SstpSvc - ok
13:38:51.0812 4472 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:38:51.0822 4472 stexstor - ok
13:38:51.0869 4472 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:38:51.0899 4472 StiSvc - ok
13:38:51.0937 4472 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:38:51.0947 4472 storflt - ok
13:38:51.0990 4472 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
13:38:52.0008 4472 StorSvc - ok
13:38:52.0040 4472 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:38:52.0050 4472 storvsc - ok
13:38:52.0064 4472 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:38:52.0075 4472 swenum - ok
13:38:52.0198 4472 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:38:52.0212 4472 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:38:52.0212 4472 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:38:52.0240 4472 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:38:52.0269 4472 swprv - ok
13:38:52.0353 4472 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:38:52.0393 4472 SysMain - ok
13:38:52.0424 4472 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:38:52.0439 4472 TabletInputService - ok
13:38:52.0479 4472 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:38:52.0508 4472 TapiSrv - ok
13:38:52.0517 4472 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:38:52.0546 4472 TBS - ok
13:38:52.0658 4472 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
13:38:52.0700 4472 Tcpip - ok
13:38:52.0709 4472 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
13:38:52.0735 4472 TCPIP6 - ok
13:38:52.0769 4472 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:38:52.0792 4472 tcpipreg - ok
13:38:52.0823 4472 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:38:52.0842 4472 TDPIPE - ok
13:38:52.0858 4472 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:38:52.0870 4472 TDTCP - ok
13:38:52.0909 4472 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:38:52.0933 4472 tdx - ok
13:38:52.0960 4472 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:38:52.0971 4472 TermDD - ok
13:38:53.0017 4472 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:38:53.0052 4472 TermService - ok
13:38:53.0066 4472 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:38:53.0081 4472 Themes - ok
13:38:53.0112 4472 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:38:53.0136 4472 THREADORDER - ok
13:38:53.0168 4472 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:38:53.0196 4472 TrkWks - ok
13:38:53.0238 4472 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:38:53.0267 4472 TrustedInstaller - ok
13:38:53.0299 4472 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:38:53.0322 4472 tssecsrv - ok
13:38:53.0366 4472 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:38:53.0386 4472 TsUsbFlt - ok
13:38:53.0420 4472 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:38:53.0446 4472 tunnel - ok
13:38:53.0471 4472 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:38:53.0482 4472 uagp35 - ok
13:38:53.0515 4472 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:38:53.0542 4472 udfs - ok
13:38:53.0561 4472 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:38:53.0575 4472 UI0Detect - ok
13:38:53.0591 4472 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:38:53.0601 4472 uliagpkx - ok
13:38:53.0636 4472 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:38:53.0648 4472 umbus - ok
13:38:53.0672 4472 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:38:53.0684 4472 UmPass - ok
13:38:53.0729 4472 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:38:53.0748 4472 UmRdpService - ok
13:38:53.0768 4472 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:38:53.0805 4472 upnphost - ok
13:38:53.0838 4472 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:38:53.0856 4472 usbccgp - ok
13:38:53.0894 4472 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:38:53.0908 4472 usbcir - ok
13:38:53.0935 4472 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:38:53.0947 4472 usbehci - ok
13:38:53.0967 4472 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:38:53.0984 4472 usbhub - ok
13:38:54.0007 4472 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:38:54.0019 4472 usbohci - ok
13:38:54.0032 4472 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:38:54.0046 4472 usbprint - ok
13:38:54.0078 4472 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:38:54.0094 4472 USBSTOR - ok
13:38:54.0103 4472 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
13:38:54.0114 4472 usbuhci - ok
13:38:54.0119 4472 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:38:54.0143 4472 UxSms - ok
13:38:54.0160 4472 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:38:54.0172 4472 VaultSvc - ok
13:38:54.0181 4472 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:38:54.0192 4472 vdrvroot - ok
13:38:54.0250 4472 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:38:54.0288 4472 vds - ok
13:38:54.0301 4472 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:38:54.0315 4472 vga - ok
13:38:54.0327 4472 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:38:54.0352 4472 VgaSave - ok
13:38:54.0388 4472 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:38:54.0407 4472 vhdmp - ok
13:38:54.0425 4472 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:38:54.0435 4472 viaagp - ok
13:38:54.0447 4472 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:38:54.0459 4472 ViaC7 - ok
13:38:54.0471 4472 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:38:54.0481 4472 viaide - ok
13:38:54.0506 4472 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:38:54.0524 4472 vmbus - ok
13:38:54.0536 4472 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:38:54.0548 4472 VMBusHID - ok
13:38:54.0565 4472 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:38:54.0575 4472 volmgr - ok
13:38:54.0603 4472 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:38:54.0615 4472 volmgrx - ok
13:38:54.0633 4472 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:38:54.0651 4472 volsnap - ok
13:38:54.0671 4472 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:38:54.0682 4472 vsmraid - ok
13:38:54.0782 4472 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:38:54.0823 4472 VSS - ok
13:38:54.0843 4472 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:38:54.0856 4472 vwifibus - ok
13:38:54.0880 4472 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:38:54.0895 4472 vwififlt - ok
13:38:54.0941 4472 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:38:54.0978 4472 W32Time - ok
13:38:54.0993 4472 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:38:55.0005 4472 WacomPen - ok
13:38:55.0034 4472 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:38:55.0057 4472 WANARP - ok
13:38:55.0059 4472 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:38:55.0082 4472 Wanarpv6 - ok
13:38:55.0198 4472 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
13:38:55.0239 4472 WatAdminSvc - ok
13:38:55.0315 4472 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:38:55.0347 4472 wbengine - ok
13:38:55.0365 4472 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:38:55.0387 4472 WbioSrvc - ok
13:38:55.0430 4472 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:38:55.0457 4472 wcncsvc - ok
13:38:55.0467 4472 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:38:55.0486 4472 WcsPlugInService - ok
13:38:55.0548 4472 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:38:55.0557 4472 Wd - ok
13:38:55.0591 4472 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:38:55.0612 4472 Wdf01000 - ok
13:38:55.0627 4472 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:38:55.0653 4472 WdiServiceHost - ok
13:38:55.0655 4472 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:38:55.0670 4472 WdiSystemHost - ok
13:38:55.0703 4472 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:38:55.0722 4472 WebClient - ok
13:38:55.0741 4472 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:38:55.0775 4472 Wecsvc - ok
13:38:55.0792 4472 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:38:55.0816 4472 wercplsupport - ok
13:38:55.0825 4472 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:38:55.0851 4472 WerSvc - ok
13:38:55.0857 4472 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:38:55.0880 4472 WfpLwf - ok
13:38:55.0893 4472 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:38:55.0902 4472 WIMMount - ok
13:38:56.0018 4472 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:38:56.0047 4472 WinDefend - ok
13:38:56.0051 4472 WinHttpAutoProxySvc - ok
13:38:56.0127 4472 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:38:56.0158 4472 Winmgmt - ok
13:38:56.0246 4472 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:38:56.0289 4472 WinRM - ok
13:38:56.0372 4472 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:38:56.0385 4472 WinUsb - ok
13:38:56.0456 4472 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:38:56.0484 4472 Wlansvc - ok
13:38:56.0513 4472 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:38:56.0525 4472 WmiAcpi - ok
13:38:56.0561 4472 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:38:56.0583 4472 wmiApSrv - ok
13:38:56.0690 4472 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:38:56.0726 4472 WMPNetworkSvc - ok
13:38:56.0738 4472 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:38:56.0751 4472 WPCSvc - ok
13:38:56.0783 4472 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:38:56.0798 4472 WPDBusEnum - ok
13:38:56.0843 4472 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:38:56.0867 4472 ws2ifsl - ok
13:38:56.0880 4472 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
13:38:56.0895 4472 wscsvc - ok
13:38:56.0897 4472 WSearch - ok
13:38:57.0167 4472 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:38:57.0220 4472 wuauserv - ok
13:38:57.0322 4472 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:38:57.0345 4472 WudfPf - ok
13:38:57.0399 4472 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:38:57.0432 4472 WUDFRd - ok
13:38:57.0488 4472 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:38:57.0516 4472 wudfsvc - ok
13:38:57.0538 4472 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:38:57.0560 4472 WwanSvc - ok
13:38:57.0574 4472 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:38:57.0803 4472 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:38:57.0803 4472 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:38:57.0805 4472 Boot (0x1200) (af7a45be431281337ff4d4da24fa4f93) \Device\Harddisk0\DR0\Partition0
13:38:57.0807 4472 \Device\Harddisk0\DR0\Partition0 - ok
13:38:57.0842 4472 Boot (0x1200) (ae02db6dd7a4288ed5924c2d0d71dd3e) \Device\Harddisk0\DR0\Partition1
13:38:57.0843 4472 \Device\Harddisk0\DR0\Partition1 - ok
13:38:57.0844 4472 ============================================================
13:38:57.0844 4472 Scan finished
13:38:57.0844 4472 ============================================================
13:38:57.0852 4828 Detected object count: 3
13:38:57.0852 4828 Actual detected object count: 3
13:39:00.0266 4828 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:39:00.0266 4828 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:39:00.0267 4828 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:00.0267 4828 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:39:00.0268 4828 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:39:00.0268 4828 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:39:03.0642 2284 Deinitialize success

#57
godawgs

Posted 22 June 2012 - 03:27 PM

Teacher

Retired Staff
8,228 posts

I understood what you were saying about the new MSSE detections. I was just saying that AV's sometimes find quarantined files and alerts on them. It appears that MSSE is throwing all the new alerts because it has found another TDSS File System.

I will be back to you as soon as my instructor signs off on my next steps.

#58
godawgs

Posted 22 June 2012 - 03:59 PM

Teacher

Retired Staff
8,228 posts

TDSSKiller found another TDSS File System:

Delete the TDSS File System

Re-run TDSSKiller please with the same settings - when you see the following then select delete:
- \Device\Harddisk0\DR0 ( TDSS File System )
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Post the contents of the TDSSKiller log in your next reply.

#59
Daniel Christmas Lee

Posted 22 June 2012 - 04:06 PM

Member

Topic Starter
Member
208 posts

Thank you Godawgs!

15:05:14.0671 2172 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:05:15.0199 2172 ============================================================
15:05:15.0199 2172 Current date / time: 2012/06/22 15:05:15.0198
15:05:15.0199 2172 SystemInfo:
15:05:15.0199 2172
15:05:15.0199 2172 OS Version: 6.1.7601 ServicePack: 1.0
15:05:15.0199 2172 Product type: Workstation
15:05:15.0199 2172 ComputerName: DOLICA
15:05:15.0199 2172 UserName: DLee
15:05:15.0199 2172 Windows directory: C:\Windows
15:05:15.0199 2172 System windows directory: C:\Windows
15:05:15.0199 2172 Processor architecture: Intel x86
15:05:15.0199 2172 Number of processors: 4
15:05:15.0199 2172 Page size: 0x1000
15:05:15.0199 2172 Boot type: Normal boot
15:05:15.0199 2172 ============================================================
15:05:16.0318 2172 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:05:16.0368 2172 ============================================================
15:05:16.0368 2172 \Device\Harddisk0\DR0:
15:05:16.0368 2172 MBR partitions:
15:05:16.0368 2172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x177000
15:05:16.0368 2172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18B000, BlocksNum 0x2529EAB0
15:05:16.0368 2172 ============================================================
15:05:16.0399 2172 C: <-> \Device\Harddisk0\DR0\Partition1
15:05:16.0399 2172 ============================================================
15:05:16.0399 2172 Initialize success
15:05:16.0399 2172 ============================================================
15:05:21.0728 4812 ============================================================
15:05:21.0728 4812 Scan started
15:05:21.0728 4812 Mode: Manual; SigCheck; TDLFS;
15:05:21.0728 4812 ============================================================
15:05:21.0992 4812 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:05:22.0035 4812 !SASCORE - ok
15:05:22.0213 4812 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:05:22.0236 4812 1394ohci - ok
15:05:22.0288 4812 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:05:22.0304 4812 ACPI - ok
15:05:22.0330 4812 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:05:22.0344 4812 AcpiPmi - ok
15:05:22.0416 4812 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:05:22.0431 4812 AdobeFlashPlayerUpdateSvc - ok
15:05:22.0473 4812 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:05:22.0494 4812 adp94xx - ok
15:05:22.0527 4812 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:05:22.0542 4812 adpahci - ok
15:05:22.0587 4812 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:05:22.0608 4812 adpu320 - ok
15:05:22.0653 4812 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:05:22.0667 4812 AeLookupSvc - ok
15:05:22.0709 4812 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:05:22.0746 4812 AFD - ok
15:05:22.0760 4812 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:05:22.0770 4812 agp440 - ok
15:05:22.0789 4812 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:05:22.0803 4812 aic78xx - ok
15:05:22.0817 4812 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:05:22.0829 4812 ALG - ok
15:05:22.0864 4812 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:05:22.0873 4812 aliide - ok
15:05:22.0889 4812 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:05:22.0899 4812 amdagp - ok
15:05:22.0910 4812 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:05:22.0920 4812 amdide - ok
15:05:22.0935 4812 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:05:22.0947 4812 AmdK8 - ok
15:05:22.0962 4812 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:05:22.0973 4812 AmdPPM - ok
15:05:23.0015 4812 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:05:23.0025 4812 amdsata - ok
15:05:23.0048 4812 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:05:23.0067 4812 amdsbs - ok
15:05:23.0085 4812 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:05:23.0095 4812 amdxata - ok
15:05:23.0128 4812 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:05:23.0151 4812 AppID - ok
15:05:23.0165 4812 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:05:23.0188 4812 AppIDSvc - ok
15:05:23.0223 4812 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:05:23.0246 4812 Appinfo - ok
15:05:23.0281 4812 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
15:05:23.0304 4812 AppMgmt - ok
15:05:23.0315 4812 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:05:23.0329 4812 arc - ok
15:05:23.0347 4812 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:05:23.0360 4812 arcsas - ok
15:05:23.0381 4812 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:05:23.0405 4812 AsyncMac - ok
15:05:23.0415 4812 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:05:23.0423 4812 atapi - ok
15:05:23.0477 4812 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:05:23.0507 4812 AudioEndpointBuilder - ok
15:05:23.0511 4812 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:05:23.0536 4812 Audiosrv - ok
15:05:23.0554 4812 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:05:23.0571 4812 AxInstSV - ok
15:05:23.0602 4812 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:05:23.0621 4812 b06bdrv - ok
15:05:23.0644 4812 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:05:23.0661 4812 b57nd60x - ok
15:05:23.0697 4812 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:05:23.0714 4812 BDESVC - ok
15:05:23.0730 4812 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:05:23.0754 4812 Beep - ok
15:05:23.0802 4812 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:05:23.0839 4812 BFE - ok
15:05:23.0893 4812 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
15:05:23.0928 4812 BITS - ok
15:05:23.0938 4812 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:05:23.0948 4812 blbdrive - ok
15:05:23.0984 4812 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:05:24.0002 4812 bowser - ok
15:05:24.0009 4812 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:05:24.0023 4812 BrFiltLo - ok
15:05:24.0034 4812 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:05:24.0047 4812 BrFiltUp - ok
15:05:24.0085 4812 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:05:24.0109 4812 BridgeMP - ok
15:05:24.0137 4812 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:05:24.0162 4812 Browser - ok
15:05:24.0192 4812 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:05:24.0210 4812 Brserid - ok
15:05:24.0223 4812 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:05:24.0236 4812 BrSerWdm - ok
15:05:24.0243 4812 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:05:24.0255 4812 BrUsbMdm - ok
15:05:24.0267 4812 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:05:24.0279 4812 BrUsbSer - ok
15:05:24.0292 4812 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:05:24.0306 4812 BTHMODEM - ok
15:05:24.0353 4812 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:05:24.0377 4812 bthserv - ok
15:05:24.0392 4812 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:05:24.0416 4812 cdfs - ok
15:05:24.0451 4812 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:05:24.0466 4812 cdrom - ok
15:05:24.0498 4812 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:05:24.0522 4812 CertPropSvc - ok
15:05:24.0533 4812 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:05:24.0546 4812 circlass - ok
15:05:24.0573 4812 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:05:24.0589 4812 CLFS - ok
15:05:24.0665 4812 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:05:24.0675 4812 clr_optimization_v2.0.50727_32 - ok
15:05:24.0743 4812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:05:24.0762 4812 clr_optimization_v4.0.30319_32 - ok
15:05:24.0774 4812 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:05:24.0786 4812 CmBatt - ok
15:05:24.0812 4812 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:05:24.0821 4812 cmdide - ok
15:05:24.0860 4812 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:05:24.0885 4812 CNG - ok
15:05:24.0897 4812 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:05:24.0906 4812 Compbatt - ok
15:05:24.0935 4812 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:05:24.0948 4812 CompositeBus - ok
15:05:24.0950 4812 COMSysApp - ok
15:05:24.0961 4812 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:05:24.0971 4812 crcdisk - ok
15:05:25.0000 4812 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
15:05:25.0030 4812 CryptSvc - ok
15:05:25.0071 4812 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:05:25.0096 4812 CSC - ok
15:05:25.0149 4812 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
15:05:25.0173 4812 CscService - ok
15:05:25.0203 4812 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:05:25.0228 4812 DcomLaunch - ok
15:05:25.0274 4812 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:05:25.0305 4812 defragsvc - ok
15:05:25.0365 4812 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:05:25.0388 4812 DfsC - ok
15:05:25.0440 4812 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:05:25.0466 4812 Dhcp - ok
15:05:25.0478 4812 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:05:25.0503 4812 discache - ok
15:05:25.0511 4812 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:05:25.0522 4812 Disk - ok
15:05:25.0560 4812 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:05:25.0593 4812 Dnscache - ok
15:05:25.0631 4812 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:05:25.0662 4812 dot3svc - ok
15:05:25.0693 4812 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:05:25.0725 4812 DPS - ok
15:05:25.0752 4812 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:05:25.0765 4812 drmkaud - ok
15:05:25.0813 4812 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:05:25.0832 4812 dtsoftbus01 - ok
15:05:25.0894 4812 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:05:25.0918 4812 DXGKrnl - ok
15:05:25.0954 4812 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:05:25.0980 4812 EapHost - ok
15:05:26.0144 4812 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:05:26.0196 4812 ebdrv - ok
15:05:26.0297 4812 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
15:05:26.0308 4812 EFS - ok
15:05:26.0390 4812 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:05:26.0415 4812 ehRecvr - ok
15:05:26.0448 4812 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:05:26.0464 4812 ehSched - ok
15:05:26.0542 4812 ElephantDrive-MappedDrive.exe (20495d06ef477c6bf478d547d86a5ffd) C:\Program Files\ElephantDrive\ElephantDrive\ElephantDrive-MappedDrive.exe
15:05:26.0551 4812 ElephantDrive-MappedDrive.exe - ok
15:05:26.0583 4812 ElephantDrive-Service.exe (a8c5cac04ddb103f3560d70f3f63b380) C:\Program Files\ElephantDrive\ElephantDrive\ElephantDrive-Service.exe
15:05:26.0592 4812 ElephantDrive-Service.exe - ok
15:05:26.0664 4812 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:05:26.0682 4812 elxstor - ok
15:05:26.0761 4812 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:05:26.0795 4812 ErrDev - ok
15:05:26.0919 4812 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:05:26.0949 4812 EventSystem - ok
15:05:26.0973 4812 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:05:27.0006 4812 exfat - ok
15:05:27.0024 4812 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:05:27.0059 4812 fastfat - ok
15:05:27.0126 4812 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:05:27.0158 4812 Fax - ok
15:05:27.0171 4812 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:05:27.0184 4812 fdc - ok
15:05:27.0194 4812 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:05:27.0219 4812 fdPHost - ok
15:05:27.0233 4812 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:05:27.0258 4812 FDResPub - ok
15:05:27.0275 4812 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:05:27.0285 4812 FileInfo - ok
15:05:27.0293 4812 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:05:27.0317 4812 Filetrace - ok
15:05:27.0327 4812 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:05:27.0337 4812 flpydisk - ok
15:05:27.0355 4812 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:05:27.0373 4812 FltMgr - ok
15:05:27.0443 4812 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:05:27.0480 4812 FontCache - ok
15:05:27.0573 4812 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:05:27.0581 4812 FontCache3.0.0.0 - ok
15:05:27.0596 4812 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:05:27.0606 4812 FsDepends - ok
15:05:27.0622 4812 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
15:05:27.0632 4812 Fs_Rec - ok
15:05:27.0672 4812 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:05:27.0692 4812 fvevol - ok
15:05:27.0708 4812 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:05:27.0718 4812 gagp30kx - ok
15:05:27.0777 4812 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:05:27.0812 4812 gpsvc - ok
15:05:27.0935 4812 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:05:27.0953 4812 gupdate - ok
15:05:27.0955 4812 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:05:27.0964 4812 gupdatem - ok
15:05:27.0973 4812 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:05:27.0985 4812 hcw85cir - ok
15:05:28.0026 4812 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:05:28.0052 4812 HdAudAddService - ok
15:05:28.0086 4812 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:05:28.0110 4812 HDAudBus - ok
15:05:28.0153 4812 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
15:05:28.0171 4812 HECI - ok
15:05:28.0194 4812 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:05:28.0206 4812 HidBatt - ok
15:05:28.0222 4812 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:05:28.0238 4812 HidBth - ok
15:05:28.0255 4812 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:05:28.0268 4812 HidIr - ok
15:05:28.0300 4812 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
15:05:28.0324 4812 hidserv - ok
15:05:28.0335 4812 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:05:28.0347 4812 HidUsb - ok
15:05:28.0376 4812 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:05:28.0402 4812 hkmsvc - ok
15:05:28.0439 4812 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:05:28.0466 4812 HomeGroupListener - ok
15:05:28.0501 4812 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:05:28.0522 4812 HomeGroupProvider - ok
15:05:28.0542 4812 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:05:28.0552 4812 HpSAMD - ok
15:05:28.0603 4812 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:05:28.0641 4812 HTTP - ok
15:05:28.0675 4812 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:05:28.0684 4812 hwpolicy - ok
15:05:28.0717 4812 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:05:28.0732 4812 i8042prt - ok
15:05:28.0761 4812 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
15:05:28.0783 4812 iaStorV - ok
15:05:28.0969 4812 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:05:28.0992 4812 idsvc - ok
15:05:29.0009 4812 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:05:29.0018 4812 iirsp - ok
15:05:29.0086 4812 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:05:29.0122 4812 IKEEXT - ok
15:05:29.0132 4812 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:05:29.0141 4812 intelide - ok
15:05:29.0152 4812 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:05:29.0164 4812 intelppm - ok
15:05:29.0194 4812 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:05:29.0220 4812 IPBusEnum - ok
15:05:29.0237 4812 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:05:29.0262 4812 IpFilterDriver - ok
15:05:29.0297 4812 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:05:29.0335 4812 iphlpsvc - ok
15:05:29.0365 4812 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:05:29.0378 4812 IPMIDRV - ok
15:05:29.0396 4812 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:05:29.0431 4812 IPNAT - ok
15:05:29.0443 4812 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:05:29.0457 4812 IRENUM - ok
15:05:29.0472 4812 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:05:29.0482 4812 isapnp - ok
15:05:29.0521 4812 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:05:29.0547 4812 iScsiPrt - ok
15:05:29.0597 4812 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
15:05:29.0614 4812 k57nd60x - ok
15:05:29.0628 4812 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:05:29.0638 4812 kbdclass - ok
15:05:29.0670 4812 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:05:29.0680 4812 kbdhid - ok
15:05:29.0696 4812 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:05:29.0706 4812 KeyIso - ok
15:05:29.0730 4812 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:05:29.0740 4812 KSecDD - ok
15:05:29.0752 4812 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:05:29.0773 4812 KSecPkg - ok
15:05:29.0812 4812 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:05:29.0842 4812 KtmRm - ok
15:05:29.0876 4812 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
15:05:29.0899 4812 LanmanServer - ok
15:05:29.0932 4812 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:05:29.0954 4812 LanmanWorkstation - ok
15:05:30.0057 4812 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:05:30.0068 4812 LBTServ - ok
15:05:30.0085 4812 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\Windows\system32\Drivers\LEqdUsb.Sys
15:05:30.0093 4812 LEqdUsb - ok
15:05:30.0111 4812 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\Windows\system32\Drivers\LHidEqd.Sys
15:05:30.0119 4812 LHidEqd - ok
15:05:30.0130 4812 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:05:30.0139 4812 LHidFilt - ok
15:05:30.0164 4812 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:05:30.0187 4812 lltdio - ok
15:05:30.0228 4812 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:05:30.0253 4812 lltdsvc - ok
15:05:30.0267 4812 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:05:30.0289 4812 lmhosts - ok
15:05:30.0310 4812 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:05:30.0317 4812 LMouFilt - ok
15:05:30.0332 4812 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:05:30.0341 4812 LSI_FC - ok
15:05:30.0358 4812 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:05:30.0368 4812 LSI_SAS - ok
15:05:30.0379 4812 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:05:30.0388 4812 LSI_SAS2 - ok
15:05:30.0402 4812 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:05:30.0411 4812 LSI_SCSI - ok
15:05:30.0431 4812 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:05:30.0453 4812 luafv - ok
15:05:30.0487 4812 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:05:30.0499 4812 Mcx2Svc - ok
15:05:30.0517 4812 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:05:30.0526 4812 megasas - ok
15:05:30.0562 4812 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:05:30.0573 4812 MegaSR - ok
15:05:30.0606 4812 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:05:30.0630 4812 MMCSS - ok
15:05:30.0640 4812 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:05:30.0665 4812 Modem - ok
15:05:30.0693 4812 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:05:30.0706 4812 monitor - ok
15:05:30.0736 4812 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:05:30.0746 4812 mouclass - ok
15:05:30.0762 4812 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:05:30.0773 4812 mouhid - ok
15:05:30.0804 4812 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:05:30.0814 4812 mountmgr - ok
15:05:30.0875 4812 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:05:30.0884 4812 MozillaMaintenance - ok
15:05:30.0913 4812 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
15:05:30.0932 4812 MpFilter - ok
15:05:30.0968 4812 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:05:30.0978 4812 mpio - ok
15:05:31.0066 4812 MpKsl8525d02d (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FA29868-4EB8-4F62-9F00-541EE71BF235}\MpKsl8525d02d.sys
15:05:31.0074 4812 MpKsl8525d02d - ok
15:05:31.0099 4812 MpKsleeabc2d0 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FA29868-4EB8-4F62-9F00-541EE71BF235}\MpKsleeabc2d0.sys
15:05:31.0106 4812 MpKsleeabc2d0 - ok
15:05:31.0130 4812 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:05:31.0151 4812 mpsdrv - ok
15:05:31.0206 4812 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
15:05:31.0232 4812 MpsSvc - ok
15:05:31.0271 4812 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:05:31.0285 4812 MRxDAV - ok
15:05:31.0327 4812 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:05:31.0343 4812 mrxsmb - ok
15:05:31.0375 4812 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:05:31.0386 4812 mrxsmb10 - ok
15:05:31.0424 4812 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:05:31.0434 4812 mrxsmb20 - ok
15:05:31.0444 4812 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
15:05:31.0454 4812 msahci - ok
15:05:31.0469 4812 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys
15:05:31.0479 4812 msdsm - ok
15:05:31.0515 4812 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:05:31.0526 4812 MSDTC - ok
15:05:31.0544 4812 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:05:31.0568 4812 Msfs - ok
15:05:31.0573 4812 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:05:31.0596 4812 mshidkmdf - ok
15:05:31.0614 4812 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:05:31.0623 4812 msisadrv - ok
15:05:31.0656 4812 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:05:31.0679 4812 MSiSCSI - ok
15:05:31.0681 4812 msiserver - ok
15:05:31.0708 4812 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:05:31.0731 4812 MSKSSRV - ok
15:05:31.0791 4812 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:05:31.0800 4812 MsMpSvc - ok
15:05:31.0807 4812 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:05:31.0830 4812 MSPCLOCK - ok
15:05:31.0850 4812 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:05:31.0874 4812 MSPQM - ok
15:05:31.0891 4812 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:05:31.0902 4812 MsRPC - ok
15:05:31.0914 4812 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:05:31.0924 4812 mssmbios - ok
15:05:31.0958 4812 MSSQL$ADCENTERDESKTOP - ok
15:05:31.0996 4812 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
15:05:32.0004 4812 MSSQLServerADHelper100 - ok
15:05:32.0016 4812 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:05:32.0040 4812 MSTEE - ok
15:05:32.0049 4812 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:05:32.0060 4812 MTConfig - ok
15:05:32.0081 4812 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:05:32.0090 4812 Mup - ok
15:05:32.0137 4812 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
15:05:32.0162 4812 napagent - ok
15:05:32.0201 4812 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:05:32.0215 4812 NativeWifiP - ok
15:05:32.0260 4812 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:05:32.0278 4812 NDIS - ok
15:05:32.0295 4812 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:05:32.0318 4812 NdisCap - ok
15:05:32.0332 4812 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:05:32.0355 4812 NdisTapi - ok
15:05:32.0384 4812 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:05:32.0406 4812 Ndisuio - ok
15:05:32.0458 4812 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:05:32.0481 4812 NdisWan - ok
15:05:32.0511 4812 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:05:32.0533 4812 NDProxy - ok
15:05:32.0543 4812 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:05:32.0566 4812 NetBIOS - ok
15:05:32.0616 4812 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:05:32.0638 4812 NetBT - ok
15:05:32.0654 4812 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:05:32.0666 4812 Netlogon - ok
15:05:32.0706 4812 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:05:32.0730 4812 Netman - ok
15:05:32.0759 4812 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:05:32.0784 4812 netprofm - ok
15:05:32.0845 4812 netr28u (9e0c69b1f27f10f2e05b94f655baa5fa) C:\Windows\system32\DRIVERS\netr28u.sys
15:05:32.0861 4812 netr28u - ok
15:05:32.0956 4812 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:05:32.0965 4812 NetTcpPortSharing - ok
15:05:32.0989 4812 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:05:32.0999 4812 nfrd960 - ok
15:05:33.0041 4812 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:05:33.0050 4812 NisDrv - ok
15:05:33.0107 4812 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
15:05:33.0124 4812 NisSrv - ok
15:05:33.0163 4812 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
15:05:33.0185 4812 NlaSvc - ok
15:05:33.0197 4812 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:05:33.0220 4812 Npfs - ok
15:05:33.0250 4812 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:05:33.0274 4812 nsi - ok
15:05:33.0281 4812 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:05:33.0305 4812 nsiproxy - ok
15:05:33.0397 4812 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:05:33.0421 4812 Ntfs - ok
15:05:33.0432 4812 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:05:33.0456 4812 Null - ok
15:05:34.0004 4812 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:05:34.0152 4812 nvlddmkm - ok
15:05:34.0289 4812 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:05:34.0299 4812 nvraid - ok
15:05:34.0321 4812 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:05:34.0332 4812 nvstor - ok
15:05:34.0400 4812 nvsvc (ce0939097491a3f101cc8511bdcaefc5) C:\Windows\system32\nvvsvc.exe
15:05:34.0415 4812 nvsvc - ok
15:05:34.0447 4812 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:05:34.0457 4812 nv_agp - ok
15:05:34.0491 4812 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:05:34.0514 4812 ohci1394 - ok
15:05:34.0616 4812 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:05:34.0625 4812 ose - ok
15:05:34.0919 4812 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:05:34.0988 4812 osppsvc - ok
15:05:35.0112 4812 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:05:35.0129 4812 p2pimsvc - ok
15:05:35.0172 4812 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:05:35.0185 4812 p2psvc - ok
15:05:35.0253 4812 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:05:35.0264 4812 Parport - ok
15:05:35.0286 4812 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
15:05:35.0296 4812 partmgr - ok
15:05:35.0311 4812 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:05:35.0322 4812 Parvdm - ok
15:05:35.0339 4812 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:05:35.0353 4812 PcaSvc - ok
15:05:35.0397 4812 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:05:35.0407 4812 pci - ok
15:05:35.0415 4812 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:05:35.0424 4812 pciide - ok
15:05:35.0447 4812 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:05:35.0457 4812 pcmcia - ok
15:05:35.0476 4812 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:05:35.0485 4812 pcw - ok
15:05:35.0525 4812 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:05:35.0552 4812 PEAUTH - ok
15:05:35.0626 4812 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
15:05:35.0650 4812 PeerDistSvc - ok
15:05:35.0762 4812 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
15:05:35.0797 4812 pla - ok
15:05:35.0917 4812 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
15:05:35.0933 4812 PlugPlay - ok
15:05:35.0940 4812 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:05:35.0951 4812 PNRPAutoReg - ok
15:05:35.0996 4812 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:05:36.0008 4812 PNRPsvc - ok
15:05:36.0032 4812 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
15:05:36.0055 4812 PolicyAgent - ok
15:05:36.0092 4812 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
15:05:36.0115 4812 Power - ok
15:05:36.0160 4812 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:05:36.0184 4812 PptpMiniport - ok
15:05:36.0200 4812 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:05:36.0211 4812 Processor - ok
15:05:36.0244 4812 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
15:05:36.0255 4812 ProfSvc - ok
15:05:36.0279 4812 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:05:36.0291 4812 ProtectedStorage - ok
15:05:36.0308 4812 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:05:36.0332 4812 Psched - ok
15:05:36.0415 4812 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:05:36.0442 4812 ql2300 - ok
15:05:36.0501 4812 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:05:36.0511 4812 ql40xx - ok
15:05:36.0538 4812 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:05:36.0552 4812 QWAVE - ok
15:05:36.0563 4812 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:05:36.0575 4812 QWAVEdrv - ok
15:05:36.0592 4812 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:05:36.0615 4812 RasAcd - ok
15:05:36.0645 4812 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:05:36.0667 4812 RasAgileVpn - ok
15:05:36.0688 4812 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:05:36.0712 4812 RasAuto - ok
15:05:36.0729 4812 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:05:36.0751 4812 Rasl2tp - ok
15:05:36.0793 4812 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
15:05:36.0816 4812 RasMan - ok
15:05:36.0826 4812 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:05:36.0849 4812 RasPppoe - ok
15:05:36.0861 4812 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:05:36.0882 4812 RasSstp - ok
15:05:37.0024 4812 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:05:37.0047 4812 rdbss - ok
15:05:37.0064 4812 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:05:37.0076 4812 rdpbus - ok
15:05:37.0107 4812 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:05:37.0129 4812 RDPCDD - ok
15:05:37.0163 4812 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:05:37.0173 4812 RDPDR - ok
15:05:37.0185 4812 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:05:37.0207 4812 RDPENCDD - ok
15:05:37.0211 4812 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:05:37.0232 4812 RDPREFMP - ok
15:05:37.0263 4812 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
15:05:37.0282 4812 RDPWD - ok
15:05:37.0323 4812 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:05:37.0334 4812 rdyboost - ok
15:05:37.0362 4812 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:05:37.0385 4812 RemoteAccess - ok
15:05:37.0425 4812 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:05:37.0450 4812 RemoteRegistry - ok
15:05:37.0460 4812 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:05:37.0484 4812 RpcEptMapper - ok
15:05:37.0512 4812 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:05:37.0522 4812 RpcLocator - ok
15:05:37.0545 4812 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:05:37.0569 4812 RpcSs - ok
15:05:37.0613 4812 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
15:05:37.0623 4812 RsFx0150 - ok
15:05:37.0637 4812 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:05:37.0660 4812 rspndr - ok
15:05:37.0685 4812 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:05:37.0695 4812 s3cap - ok
15:05:37.0713 4812 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:05:37.0725 4812 SamSs - ok
15:05:37.0778 4812 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:05:37.0786 4812 SASDIFSV - ok
15:05:37.0800 4812 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:05:37.0808 4812 SASKUTIL - ok
15:05:37.0840 4812 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:05:37.0850 4812 sbp2port - ok
15:05:37.0869 4812 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:05:37.0892 4812 SCardSvr - ok
15:05:37.0925 4812 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:05:37.0947 4812 scfilter - ok
15:05:38.0008 4812 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
15:05:38.0038 4812 Schedule - ok
15:05:38.0073 4812 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:05:38.0095 4812 SCPolicySvc - ok
15:05:38.0127 4812 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
15:05:38.0143 4812 SDRSVC - ok
15:05:38.0146 4812 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:05:38.0169 4812 secdrv - ok
15:05:38.0200 4812 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:05:38.0225 4812 seclogon - ok
15:05:38.0241 4812 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
15:05:38.0265 4812 SENS - ok
15:05:38.0307 4812 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:05:38.0330 4812 SensrSvc - ok
15:05:38.0344 4812 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:05:38.0356 4812 Serenum - ok
15:05:38.0368 4812 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:05:38.0379 4812 Serial - ok
15:05:38.0413 4812 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:05:38.0425 4812 sermouse - ok
15:05:38.0462 4812 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
15:05:38.0485 4812 SessionEnv - ok
15:05:38.0519 4812 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:05:38.0529 4812 sffdisk - ok
15:05:38.0543 4812 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:05:38.0556 4812 sffp_mmc - ok
15:05:38.0567 4812 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:05:38.0580 4812 sffp_sd - ok
15:05:38.0593 4812 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:05:38.0604 4812 sfloppy - ok
15:05:38.0653 4812 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:05:38.0678 4812 SharedAccess - ok
15:05:38.0735 4812 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
15:05:38.0760 4812 ShellHWDetection - ok
15:05:38.0784 4812 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:05:38.0793 4812 sisagp - ok
15:05:38.0806 4812 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:05:38.0815 4812 SiSRaid2 - ok
15:05:38.0835 4812 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:05:38.0845 4812 SiSRaid4 - ok
15:05:38.0864 4812 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:05:38.0887 4812 Smb - ok
15:05:38.0906 4812 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:05:38.0919 4812 SNMPTRAP - ok
15:05:38.0929 4812 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:05:38.0938 4812 spldr - ok
15:05:38.0982 4812 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
15:05:39.0006 4812 Spooler - ok
15:05:39.0195 4812 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
15:05:39.0247 4812 sppsvc - ok
15:05:39.0354 4812 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
15:05:39.0377 4812 sppuinotify - ok
15:05:39.0471 4812 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\Windows\System32\Drivers\sptd.sys
15:05:39.0472 4812 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
15:05:39.0472 4812 sptd ( LockedFile.Multi.Generic ) - warning
15:05:39.0472 4812 sptd - detected LockedFile.Multi.Generic (1)
15:05:39.0552 4812 SQLAgent$ADCENTERDESKTOP (37761f6be2ebaed72cc0d43bd4c8c2a6) c:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE
15:05:39.0563 4812 SQLAgent$ADCENTERDESKTOP - ok
15:05:39.0592 4812 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:05:39.0601 4812 SQLBrowser - ok
15:05:39.0634 4812 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:05:39.0642 4812 SQLWriter - ok
15:05:39.0696 4812 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:05:39.0716 4812 srv - ok
15:05:39.0759 4812 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:05:39.0771 4812 srv2 - ok
15:05:39.0811 4812 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:05:39.0822 4812 srvnet - ok
15:05:39.0864 4812 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:05:39.0888 4812 SSDPSRV - ok
15:05:39.0901 4812 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:05:39.0924 4812 SstpSvc - ok
15:05:39.0948 4812 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:05:39.0957 4812 stexstor - ok
15:05:40.0006 4812 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
15:05:40.0023 4812 StiSvc - ok
15:05:40.0057 4812 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:05:40.0067 4812 storflt - ok
15:05:40.0109 4812 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
15:05:40.0127 4812 StorSvc - ok
15:05:40.0159 4812 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:05:40.0168 4812 storvsc - ok
15:05:40.0184 4812 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:05:40.0193 4812 swenum - ok
15:05:40.0319 4812 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:05:40.0332 4812 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:05:40.0332 4812 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:05:40.0362 4812 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:05:40.0387 4812 swprv - ok
15:05:40.0476 4812 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
15:05:40.0500 4812 SysMain - ok
15:05:40.0526 4812 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
15:05:40.0541 4812 TabletInputService - ok
15:05:40.0581 4812 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
15:05:40.0604 4812 TapiSrv - ok
15:05:40.0620 4812 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:05:40.0645 4812 TBS - ok
15:05:40.0762 4812 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
15:05:40.0788 4812 Tcpip - ok
15:05:40.0796 4812 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
15:05:40.0821 4812 TCPIP6 - ok
15:05:40.0855 4812 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:05:40.0878 4812 tcpipreg - ok
15:05:40.0909 4812 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:05:40.0928 4812 TDPIPE - ok
15:05:40.0944 4812 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
15:05:40.0955 4812 TDTCP - ok
15:05:40.0995 4812 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:05:41.0018 4812 tdx - ok
15:05:41.0047 4812 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:05:41.0056 4812 TermDD - ok
15:05:41.0111 4812 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
15:05:41.0136 4812 TermService - ok
15:05:41.0153 4812 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:05:41.0167 4812 Themes - ok
15:05:41.0198 4812 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:05:41.0222 4812 THREADORDER - ok
15:05:41.0254 4812 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:05:41.0278 4812 TrkWks - ok
15:05:41.0324 4812 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
15:05:41.0345 4812 TrustedInstaller - ok
15:05:41.0377 4812 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:05:41.0399 4812 tssecsrv - ok
15:05:41.0445 4812 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:05:41.0464 4812 TsUsbFlt - ok
15:05:41.0498 4812 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:05:41.0521 4812 tunnel - ok
15:05:41.0549 4812 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:05:41.0558 4812 uagp35 - ok
15:05:41.0592 4812 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:05:41.0614 4812 udfs - ok
15:05:41.0631 4812 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:05:41.0643 4812 UI0Detect - ok
15:05:41.0660 4812 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:05:41.0670 4812 uliagpkx - ok
15:05:41.0698 4812 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:05:41.0709 4812 umbus - ok
15:05:41.0734 4812 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:05:41.0746 4812 UmPass - ok
15:05:41.0790 4812 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
15:05:41.0802 4812 UmRdpService - ok
15:05:41.0821 4812 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:05:41.0846 4812 upnphost - ok
15:05:41.0883 4812 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:05:41.0901 4812 usbccgp - ok
15:05:41.0939 4812 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:05:41.0952 4812 usbcir - ok
15:05:41.0980 4812 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:05:41.0990 4812 usbehci - ok
15:05:42.0012 4812 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:05:42.0025 4812 usbhub - ok
15:05:42.0076 4812 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:05:42.0087 4812 usbohci - ok
15:05:42.0101 4812 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:05:42.0114 4812 usbprint - ok
15:05:42.0148 4812 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:05:42.0166 4812 USBSTOR - ok
15:05:42.0185 4812 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
15:05:42.0196 4812 usbuhci - ok
15:05:42.0199 4812 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:05:42.0221 4812 UxSms - ok
15:05:42.0246 4812 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:05:42.0257 4812 VaultSvc - ok
15:05:42.0267 4812 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:05:42.0276 4812 vdrvroot - ok
15:05:42.0327 4812 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
15:05:42.0352 4812 vds - ok
15:05:42.0362 4812 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:05:42.0375 4812 vga - ok
15:05:42.0389 4812 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:05:42.0412 4812 VgaSave - ok
15:05:42.0449 4812 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:05:42.0460 4812 vhdmp - ok
15:05:42.0478 4812 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:05:42.0488 4812 viaagp - ok
15:05:42.0500 4812 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:05:42.0511 4812 ViaC7 - ok
15:05:42.0524 4812 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:05:42.0534 4812 viaide - ok
15:05:42.0551 4812 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:05:42.0562 4812 vmbus - ok
15:05:42.0573 4812 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:05:42.0583 4812 VMBusHID - ok
15:05:42.0593 4812 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:05:42.0603 4812 volmgr - ok
15:05:42.0631 4812 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:05:42.0643 4812 volmgrx - ok
15:05:42.0661 4812 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:05:42.0672 4812 volsnap - ok
15:05:42.0691 4812 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:05:42.0701 4812 vsmraid - ok
15:05:42.0784 4812 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
15:05:42.0816 4812 VSS - ok
15:05:42.0829 4812 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:05:42.0841 4812 vwifibus - ok
15:05:42.0866 4812 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:05:42.0879 4812 vwififlt - ok
15:05:42.0927 4812 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:05:42.0951 4812 W32Time - ok
15:05:42.0963 4812 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:05:42.0974 4812 WacomPen - ok
15:05:43.0004 4812 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:05:43.0027 4812 WANARP - ok
15:05:43.0029 4812 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:05:43.0051 4812 Wanarpv6 - ok
15:05:43.0151 4812 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:05:43.0177 4812 WatAdminSvc - ok
15:05:43.0250 4812 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:05:43.0281 4812 wbengine - ok
15:05:43.0301 4812 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:05:43.0316 4812 WbioSrvc - ok
15:05:43.0358 4812 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:05:43.0373 4812 wcncsvc - ok
15:05:43.0387 4812 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:05:43.0405 4812 WcsPlugInService - ok
15:05:43.0450 4812 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:05:43.0460 4812 Wd - ok
15:05:43.0496 4812 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:05:43.0510 4812 Wdf01000 - ok
15:05:43.0529 4812 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:05:43.0541 4812 WdiServiceHost - ok
15:05:43.0543 4812 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:05:43.0556 4812 WdiSystemHost - ok
15:05:43.0597 4812 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:05:43.0612 4812 WebClient - ok
15:05:43.0628 4812 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:05:43.0653 4812 Wecsvc - ok
15:05:43.0669 4812 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:05:43.0693 4812 wercplsupport - ok
15:05:43.0703 4812 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:05:43.0726 4812 WerSvc - ok
15:05:43.0735 4812 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:05:43.0757 4812 WfpLwf - ok
15:05:43.0770 4812 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:05:43.0779 4812 WIMMount - ok
15:05:43.0903 4812 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:05:43.0922 4812 WinDefend - ok
15:05:43.0926 4812 WinHttpAutoProxySvc - ok
15:05:43.0996 4812 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:05:44.0018 4812 Winmgmt - ok
15:05:44.0089 4812 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:05:44.0123 4812 WinRM - ok
15:05:44.0192 4812 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:05:44.0205 4812 WinUsb - ok
15:05:44.0275 4812 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:05:44.0297 4812 Wlansvc - ok
15:05:44.0324 4812 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:05:44.0335 4812 WmiAcpi - ok
15:05:44.0373 4812 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:05:44.0384 4812 wmiApSrv - ok
15:05:44.0477 4812 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:05:44.0507 4812 WMPNetworkSvc - ok
15:05:44.0516 4812 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:05:44.0534 4812 WPCSvc - ok
15:05:44.0569 4812 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:05:44.0582 4812 WPDBusEnum - ok
15:05:44.0612 4812 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:05:44.0636 4812 ws2ifsl - ok
15:05:44.0651 4812 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
15:05:44.0664 4812 wscsvc - ok
15:05:44.0667 4812 WSearch - ok
15:05:44.0785 4812 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:05:44.0820 4812 wuauserv - ok
15:05:44.0925 4812 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:05:44.0947 4812 WudfPf - ok
15:05:44.0993 4812 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:05:45.0026 4812 WUDFRd - ok
15:05:45.0083 4812 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:05:45.0110 4812 wudfsvc - ok
15:05:45.0132 4812 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:05:45.0147 4812 WwanSvc - ok
15:05:45.0160 4812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:05:45.0389 4812 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:05:45.0389 4812 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:05:45.0392 4812 Boot (0x1200) (af7a45be431281337ff4d4da24fa4f93) \Device\Harddisk0\DR0\Partition0
15:05:45.0393 4812 \Device\Harddisk0\DR0\Partition0 - ok
15:05:45.0419 4812 Boot (0x1200) (ae02db6dd7a4288ed5924c2d0d71dd3e) \Device\Harddisk0\DR0\Partition1
15:05:45.0421 4812 \Device\Harddisk0\DR0\Partition1 - ok
15:05:45.0421 4812 ============================================================
15:05:45.0421 4812 Scan finished
15:05:45.0421 4812 ============================================================
15:05:45.0429 1364 Detected object count: 3
15:05:45.0429 1364 Actual detected object count: 3
15:05:53.0096 1364 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:05:53.0096 1364 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:05:53.0096 1364 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:53.0096 1364 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:53.0203 1364 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
15:05:53.0206 1364 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
15:05:53.0219 1364 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:05:53.0224 1364 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:05:53.0350 1364 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:05:53.0462 1364 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:05:53.0517 1364 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:05:53.0658 1364 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:05:53.0687 1364 \Device\Harddisk0\DR0\TDLFS\socks.dll - copied to quarantine
15:05:53.0736 1364 \Device\Harddisk0\DR0\TDLFS - deleted
15:05:53.0736 1364 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
15:05:58.0262 3324 Deinitialize success

#60
godawgs

Posted 23 June 2012 - 08:50 AM

Teacher

Retired Staff
8,228 posts

Hi Daniel,

Since this is the second time that TDSS has gotten on the system and with the other delays, we are gonna use a bigger hammer and see if there is something we're missing.
Please run this as soon as possible.

Step-1.

Posted Image

Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Disable your Firewall

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Don't forget to re-enable your Firewall and Anti-Virus

Step-2.

Things For Your Next Post:
1. The ComboFix.txt log
2. How is the computer running?