fordie66
-
Posts
19 -
Joined
-
Last visited
-
Hello Marius Thank you so much for your time and knowledge. You should be receiving a few beer tokens through the e-tap. Enjoy Ian
-
Marius: Thank you for your continued support
-
and this from Security Check: Results of screen317's Security Check version 0.99.77 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Adobe Flash Player 11.9.900.117 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (25.0) Mozilla Thunderbird (24.1.0) Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
-
Deleted the 2 files, no issue Ran updated AdwCleaner: # AdwCleaner v3.012 - Report created 12/11/2013 at 21:12:27 # Updated 11/11/2013 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : John - JOHN-PC # Running from : C:\Users\John\Downloads\adwcleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16514 -\\ Mozilla Firefox v25.0 (en-GB) [ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\prefs.js ] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [22070 octets] - [06/11/2013 18:18:50] AdwCleaner[R1].txt - [21445 octets] - [06/11/2013 18:21:57] AdwCleaner[R2].txt - [1402 octets] - [12/11/2013 21:10:00] AdwCleaner[s0].txt - [1145 octets] - [06/11/2013 18:19:48] AdwCleaner[s1].txt - [21625 octets] - [06/11/2013 18:22:41] AdwCleaner[s2].txt - [1329 octets] - [12/11/2013 21:12:27] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1389 octets] ##########
-
ESET finished. 13 threats C:\AdwCleaner\Quarantine\C\Program Files\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q application C:\AdwCleaner\Quarantine\C\Program Files\FreeSoundRecorder\ldrtbFree.dll.vir a variant of Win32/Toolbar.Conduit.P application C:\AdwCleaner\Quarantine\C\Program Files\FreeSoundRecorder\prxtbFree.dll.vir Win32/Toolbar.Conduit.O application C:\AdwCleaner\Quarantine\C\Program Files\FreeSoundRecorder\tbFree.dll.vir a variant of Win32/Toolbar.Conduit.B application C:\AdwCleaner\Quarantine\C\Users\John\AppData\LocalLow\FreeSoundRecorder\ldrtbFre0.dll.vir a variant of Win32/Toolbar.Conduit.P application C:\AdwCleaner\Quarantine\C\Users\John\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir a variant of Win32/Toolbar.Conduit.P application C:\AdwCleaner\Quarantine\C\Users\John\AppData\LocalLow\FreeSoundRecorder\tbFre0.dll.vir a variant of Win32/Toolbar.Conduit.B application C:\AdwCleaner\Quarantine\C\Users\John\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir a variant of Win32/Toolbar.Conduit.B application C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Ripper virus C:\Users\John\Downloads\CrypticTrojanRemovalTool.exe a variant of Win32/SecurityStronghold.A application C:\Users\John\Downloads\RN_ErrorsFix_Setup.exe a variant of Win32/RegistryNuke application D:\tftpd32.400\tftpd32.exe a variant of Win32/TFTPD32.A application F:\recover\g\Tent Review\CloakedLinks\index.php PHP/Obfuscated.F application
-
Full scan - no malicious items detected Just about to follow the next step (ESET) The report: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.11.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 John :: JOHN-PC [administrator] Protection: Enabled 12/11/2013 06:48:28 mbam-log-2013-11-12 (06-48-28).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 717050 Time elapsed: 5 hour(s), 10 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
version 13.11.10.2 gives: ComboFix 13-11-10.02 - John 11/11/2013 16:29:21.2.2 - x86 Running from: c:\users\John\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . /wow section - STAGE 7 . . ((((((((((((((((((((((((( Files Created from 2013-10-11 to 2013-11-11 ))))))))))))))))))))))))))))))) . . 2013-11-11 08:47 . 2013-11-11 08:47 -------- d-----w- c:\users\John\AppData\Local\temp 2013-11-11 08:47 . 2013-11-11 08:47 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2013-11-11 08:47 . 2013-11-11 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-06 12:58 . 2013-11-06 12:58 -------- d-----w- C:\TDSSKiller_Quarantine 2013-11-06 11:04 . 2013-11-06 11:04 -------- d-----w- c:\windows\ERUNT 2013-11-06 10:18 . 2013-11-06 10:38 -------- d-----w- C:\AdwCleaner 2013-11-05 22:33 . 2013-11-05 22:33 -------- d-----w- c:\program files\ATI 2013-11-03 22:19 . 2013-11-03 22:19 -------- d-----w- c:\program files\XATI - Copy 2013-10-29 22:14 . 2013-10-29 22:38 -------- d-----w- c:\program files\RegistryNuke 2013 2013-10-28 13:03 . 2013-10-28 21:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-28 12:58 . 2013-11-05 23:55 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-28 10:49 . 2013-10-28 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-10-28 10:49 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-27 22:36 . 2013-10-27 22:36 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes 2013-10-27 22:36 . 2013-10-27 22:36 -------- d-----w- c:\programdata\Malwarebytes 2013-10-27 22:03 . 2013-10-28 02:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2013-10-27 13:06 . 2013-10-27 21:22 -------- d-----w- c:\program files\Cryptic Trojan Removal Tool 2013-10-27 13:06 . 2012-12-10 03:04 81920 ----a-w- c:\windows\eSellerateControl350.dll 2013-10-27 13:06 . 2012-12-10 03:04 356352 ----a-w- c:\windows\eSellerateEngine.dll 2013-10-27 13:06 . 2009-07-23 10:32 274432 ----a-w- c:\windows\system32\ssleay32.dll 2013-10-27 13:06 . 2009-07-23 10:32 1122304 ----a-w- c:\windows\system32\libeay32.dll 2013-10-27 11:24 . 2013-10-27 22:43 -------- d-----w- C:\sh4ldr 2013-10-27 11:24 . 2013-10-27 11:24 -------- d-----w- c:\program files\Enigma Software Group 2013-10-27 11:22 . 2013-10-27 22:43 -------- d-----w- c:\windows\865537E164904193A4B6669C62711852.TMP 2013-10-22 03:10 . 2013-10-22 03:10 -------- d-----w- c:\users\John\AppData\Roaming\Free Sound Recorder 2013-10-20 02:24 . 2013-10-20 02:24 -------- d-----w- c:\programdata\Oracle 2013-10-20 02:24 . 2013-10-20 02:24 -------- d-----w- c:\program files\Common Files\Java 2013-10-20 02:24 . 2013-10-20 02:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-10-17 07:04 . 2013-10-17 07:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-10-13 11:42 . 2013-10-30 21:09 -------- d-----w- c:\program files\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-08 23:26 . 2013-01-13 00:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-08 23:26 . 2013-01-13 00:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-08 23:26 . 2013-10-08 23:26 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-10-01 23:02 . 2013-01-13 01:21 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-09-22 10:22 . 2013-10-10 13:14 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 10:14 . 2013-10-10 13:14 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-09-22 10:13 . 2013-10-10 13:14 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 10:08 . 2013-10-10 13:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-09-22 10:06 . 2013-10-10 13:14 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-09-22 10:03 . 2013-10-10 13:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-09 17:34 . 2013-09-09 17:34 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-04 17:43 . 2013-09-04 17:43 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-08-29 07:36 . 2013-10-09 21:58 2050048 ----a-w- c:\windows\system32\win32k.sys 2013-08-27 02:47 . 2013-10-09 21:58 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-08-27 02:47 . 2013-10-09 21:58 189952 ----a-w- c:\windows\system32\d3d10core.dll 2013-08-27 02:47 . 2013-10-09 21:58 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2013-08-27 02:47 . 2013-10-09 21:58 1029120 ----a-w- c:\windows\system32\d3d10.dll 2013-08-27 01:52 . 2013-10-09 21:58 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2013-08-27 01:50 . 2013-10-09 21:58 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2013-08-27 01:32 . 2013-10-09 21:58 683008 ----a-w- c:\windows\system32\d2d1.dll 2013-08-27 01:28 . 2013-10-09 21:58 1069056 ----a-w- c:\windows\system32\DWrite.dll 2013-08-27 01:28 . 2013-10-09 21:58 798208 ----a-w- c:\windows\system32\FntCache.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2013-01-10 4706304] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-27 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-10-12 05:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-11 05:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload] 2013-09-04 10:16 1564528 ----a-w- c:\program files\Samsung\Kies\Kies.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2013-09-04 10:16 311152 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2] 2011-10-30 07:44 571392 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2013-10-21 07:27 20549280 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-16 22:18 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 23:26] . 2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 03:23] . 2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 03:23] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\ASProxy.dll Trusted Zone: china-journeys.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-09-27 06:14; {75CEEE46-9B64-46f8-94BF-54012DE155F0}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi FF - ExtSQL: 2013-09-27 06:14; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-11 16:47 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-11-11 16:50:36 ComboFix-quarantined-files.txt 2013-11-11 08:50 ComboFix2.txt 2013-11-06 13:43 . Pre-Run: 9,017,147,392 bytes free Post-Run: 8,872,955,904 bytes free . - - End Of File - - 2B418C714E0E2FEF786085CA57AD4497 A653B30D987352BB248DF094454B1CB6
-
Hi Marius Very much appreciated, thank you. I get instant notifications when you post anything so will be patient. Cheers Ian
-
Hi Marius Have you been able to get any further information? I will not make any system changes until I hear back. Ian
-
Hi Marius Thanks. There is a remaining issue. On startup I get told that Catalyst Control Center isn't working. I have searched and there is different advice as to removal of a possible virus. I will wait for yours. Ian
-
ComboFix 13-11-04.01 - John 06/11/2013 21:04:07.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1615 [GMT 8:00] Running from: c:\users\John\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . /wow section - STAGE 7 R6025 - pure virtual function call . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\dfg.sys c:\windows\tmp c:\windows\tmp\dd_vcredistMSI1557.txt c:\windows\tmp\dd_vcredistUI1557.txt c:\windows\tmp\qtsingleapp-koboex-f4a6-1-lockfile . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF -------\Service_dfg . . ((((((((((((((((((((((((( Files Created from 2013-10-06 to 2013-11-06 ))))))))))))))))))))))))))))))) . . 2013-11-06 13:21 . 2013-11-06 13:34 -------- d-----w- c:\users\John\AppData\Local\temp 2013-11-06 13:21 . 2013-11-06 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-06 12:58 . 2013-11-06 12:58 -------- d-----w- C:\TDSSKiller_Quarantine 2013-11-06 11:04 . 2013-11-06 11:04 -------- d-----w- c:\windows\ERUNT 2013-11-06 10:18 . 2013-11-06 10:38 -------- d-----w- C:\AdwCleaner 2013-11-05 22:33 . 2013-11-05 22:33 -------- d-----w- c:\program files\ATI 2013-11-03 22:19 . 2013-11-03 22:19 -------- d-----w- c:\program files\XATI - Copy 2013-10-29 22:14 . 2013-10-29 22:38 -------- d-----w- c:\program files\RegistryNuke 2013 2013-10-28 13:03 . 2013-10-28 21:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-28 12:58 . 2013-11-05 23:55 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-28 10:49 . 2013-10-28 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-10-28 10:49 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-27 22:36 . 2013-10-27 22:36 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes 2013-10-27 22:36 . 2013-10-27 22:36 -------- d-----w- c:\programdata\Malwarebytes 2013-10-27 22:03 . 2013-10-28 02:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2013-10-27 13:06 . 2013-10-27 21:22 -------- d-----w- c:\program files\Cryptic Trojan Removal Tool 2013-10-27 13:06 . 2012-12-10 03:04 81920 ----a-w- c:\windows\eSellerateControl350.dll 2013-10-27 13:06 . 2012-12-10 03:04 356352 ----a-w- c:\windows\eSellerateEngine.dll 2013-10-27 13:06 . 2009-07-23 10:32 274432 ----a-w- c:\windows\system32\ssleay32.dll 2013-10-27 13:06 . 2009-07-23 10:32 1122304 ----a-w- c:\windows\system32\libeay32.dll 2013-10-27 11:24 . 2013-10-27 22:43 -------- d-----w- C:\sh4ldr 2013-10-27 11:24 . 2013-10-27 11:24 -------- d-----w- c:\program files\Enigma Software Group 2013-10-27 11:22 . 2013-10-27 22:43 -------- d-----w- c:\windows\865537E164904193A4B6669C62711852.TMP 2013-10-22 03:10 . 2013-10-22 03:10 -------- d-----w- c:\users\John\AppData\Roaming\Free Sound Recorder 2013-10-20 02:24 . 2013-10-20 02:24 -------- d-----w- c:\programdata\Oracle 2013-10-20 02:24 . 2013-10-20 02:24 -------- d-----w- c:\program files\Common Files\Java 2013-10-20 02:24 . 2013-10-20 02:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-10-17 07:04 . 2013-10-17 07:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-10-13 11:42 . 2013-10-30 21:09 -------- d-----w- c:\program files\Mozilla Thunderbird 2013-10-09 21:58 . 2013-08-01 03:16 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-10-08 23:26 . 2013-10-08 23:26 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-08 23:26 . 2013-01-13 00:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-08 23:26 . 2013-01-13 00:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-01 23:02 . 2013-01-13 01:21 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-09-09 17:34 . 2013-09-09 17:34 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-04 17:43 . 2013-09-04 17:43 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2013-01-10 4706304] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-27 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-10-12 05:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-11 05:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload] 2013-09-04 10:16 1564528 ----a-w- c:\program files\Samsung\Kies\Kies.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2013-09-04 10:16 311152 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2] 2011-10-30 07:44 571392 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2013-10-02 03:08 20472992 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-16 22:18 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 23:26] . 2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 03:23] . 2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 03:23] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\ASProxy.dll Trusted Zone: china-journeys.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-09-27 06:14; {75CEEE46-9B64-46f8-94BF-54012DE155F0}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi FF - ExtSQL: 2013-09-27 06:14; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\i18phos6.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-RegZooka - c:\program files\RegZooka\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-06 21:33 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2013\avgrsx.exe c:\program files\AVG\AVG2013\avgcsrvx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\AVG\AVG2013\avgidsagent.exe c:\program files\AVG\AVG2013\avgwdsvc.exe c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe c:\program files\Google\Update\1.3.21.165\GoogleCrashHandler.exe c:\program files\Common Files\WinAgents\TftpService.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files\AVG\AVG2013\avgnsx.exe c:\program files\AVG\AVG2013\avgemcx.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\vssvc.exe . ************************************************************************** . Completion time: 2013-11-06 21:43:19 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-06 13:43 . Pre-Run: 7,490,097,152 bytes free Post-Run: 10,051,293,184 bytes free . - - End Of File - - 56D9E02F37853C4843793975B7CC887E A653B30D987352BB248DF094454B1CB6
-
Seems so close, I just wanted to check: 20:48:12.0188 2984 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:48:13.0580 2984 ============================================================ 20:48:13.0580 2984 Current date / time: 2013/11/06 20:48:13.0580 20:48:13.0580 2984 SystemInfo: 20:48:13.0580 2984 20:48:13.0580 2984 OS Version: 6.0.6002 ServicePack: 2.0 20:48:13.0580 2984 Product type: Workstation 20:48:13.0580 2984 ComputerName: JOHN-PC 20:48:13.0581 2984 UserName: John 20:48:13.0581 2984 Windows directory: C:\Windows 20:48:13.0581 2984 System windows directory: C:\Windows 20:48:13.0581 2984 Processor architecture: Intel x86 20:48:13.0581 2984 Number of processors: 2 20:48:13.0581 2984 Page size: 0x1000 20:48:13.0581 2984 Boot type: Normal boot 20:48:13.0581 2984 ============================================================ 20:48:14.0339 2984 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:48:14.0370 2984 ============================================================ 20:48:14.0370 2984 \Device\Harddisk0\DR0: 20:48:14.0370 2984 MBR partitions: 20:48:14.0370 2984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7801F1A 20:48:14.0382 2984 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7801F98, BlocksNum 0x9C41AD8 20:48:14.0393 2984 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11443AAF, BlocksNum 0x29810511 20:48:14.0404 2984 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3AC53FFF, BlocksNum 0x39AB19C2 20:48:14.0404 2984 ============================================================ 20:48:14.0439 2984 C: <-> \Device\Harddisk0\DR0\Partition1 20:48:14.0499 2984 D: <-> \Device\Harddisk0\DR0\Partition2 20:48:14.0523 2984 E: <-> \Device\Harddisk0\DR0\Partition3 20:48:14.0549 2984 F: <-> \Device\Harddisk0\DR0\Partition4 20:48:14.0549 2984 ============================================================ 20:48:14.0550 2984 Initialize success 20:48:14.0550 2984 ============================================================ 20:48:17.0214 2080 ============================================================ 20:48:17.0214 2080 Scan started 20:48:17.0214 2080 Mode: Manual; 20:48:17.0214 2080 ============================================================ 20:48:17.0624 2080 ================ Scan system memory ======================== 20:48:17.0624 2080 System memory - ok 20:48:17.0624 2080 ================ Scan services ============================= 20:48:19.0174 2080 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 20:48:19.0176 2080 ACPI - ok 20:48:19.0253 2080 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 20:48:19.0254 2080 AdobeARMservice - ok 20:48:19.0302 2080 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 20:48:19.0304 2080 AdobeFlashPlayerUpdateSvc - ok 20:48:19.0323 2080 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:48:19.0327 2080 adp94xx - ok 20:48:19.0343 2080 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:48:19.0345 2080 adpahci - ok 20:48:19.0359 2080 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 20:48:19.0360 2080 adpu160m - ok 20:48:19.0375 2080 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:48:19.0377 2080 adpu320 - ok 20:48:19.0407 2080 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:48:19.0408 2080 AeLookupSvc - ok 20:48:19.0431 2080 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 20:48:19.0434 2080 AFD - ok 20:48:19.0447 2080 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:48:19.0448 2080 agp440 - ok 20:48:19.0461 2080 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 20:48:19.0462 2080 aic78xx - ok 20:48:19.0481 2080 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 20:48:19.0482 2080 ALG - ok 20:48:19.0499 2080 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 20:48:19.0500 2080 aliide - ok 20:48:19.0513 2080 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 20:48:19.0514 2080 amdagp - ok 20:48:19.0527 2080 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 20:48:19.0528 2080 amdide - ok 20:48:19.0538 2080 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 20:48:19.0539 2080 AmdK7 - ok 20:48:19.0551 2080 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:48:19.0553 2080 AmdK8 - ok 20:48:19.0569 2080 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 20:48:19.0570 2080 Appinfo - ok 20:48:19.0580 2080 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 20:48:19.0581 2080 arc - ok 20:48:19.0589 2080 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:48:19.0590 2080 arcsas - ok 20:48:19.0655 2080 [ 54AB80D7F53E0C228A3F0FDB167DC83E ] ASOVPNHelper C:\Program Files\Astrill\ASOvpnSvc.exe 20:48:19.0659 2080 ASOVPNHelper - ok 20:48:19.0698 2080 [ 1B69B335F6BCD85C104F8C674660D6D6 ] ASProxy C:\Program Files\Astrill\ASProxy.exe 20:48:19.0711 2080 ASProxy - ok 20:48:19.0745 2080 [ FA1F8B44242E0817F4B1BE2EE7979DF0 ] asvpndrv C:\Windows\system32\DRIVERS\asvpndrv.sys 20:48:19.0746 2080 asvpndrv - ok 20:48:19.0759 2080 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:48:19.0760 2080 AsyncMac - ok 20:48:19.0798 2080 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 20:48:19.0799 2080 atapi - ok 20:48:19.0853 2080 [ FD59145571041180F54A620FB8159746 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 20:48:19.0858 2080 Ati External Event Utility - ok 20:48:19.0927 2080 [ 514771DF4C8E653126C6DD7EE3661766 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:48:19.0950 2080 atikmdag - ok 20:48:19.0982 2080 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:48:19.0985 2080 AudioEndpointBuilder - ok 20:48:19.0990 2080 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 20:48:19.0993 2080 Audiosrv - ok 20:48:20.0141 2080 [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe 20:48:20.0173 2080 AVGIDSAgent - ok 20:48:20.0197 2080 [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys 20:48:20.0199 2080 AVGIDSDriver - ok 20:48:20.0209 2080 [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys 20:48:20.0210 2080 AVGIDSHX - ok 20:48:20.0233 2080 [ 2717EBC35166B8793DBFFB4390B8F2E7 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys 20:48:20.0234 2080 AVGIDSShim - ok 20:48:20.0256 2080 [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys 20:48:20.0257 2080 Avgldx86 - ok 20:48:20.0298 2080 [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys 20:48:20.0300 2080 Avglogx - ok 20:48:20.0326 2080 [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys 20:48:20.0327 2080 Avgmfx86 - ok 20:48:20.0333 2080 [ CBCE8ED318DB8EA431F9D25AC9B7FF41 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys 20:48:20.0334 2080 Avgrkx86 - ok 20:48:20.0351 2080 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys 20:48:20.0354 2080 Avgtdix - ok 20:48:20.0373 2080 [ 15ACA2AD17ACECA4814F249783E63AD3 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys 20:48:20.0374 2080 avgtp - ok 20:48:20.0396 2080 [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe 20:48:20.0399 2080 avgwd - ok 20:48:20.0410 2080 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 20:48:20.0411 2080 Beep - ok 20:48:20.0441 2080 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 20:48:20.0444 2080 BFE - ok 20:48:20.0505 2080 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 20:48:20.0512 2080 BITS - ok 20:48:20.0525 2080 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 20:48:20.0526 2080 blbdrive - ok 20:48:20.0540 2080 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:48:20.0541 2080 bowser - ok 20:48:20.0554 2080 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 20:48:20.0555 2080 BrFiltLo - ok 20:48:20.0559 2080 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 20:48:20.0560 2080 BrFiltUp - ok 20:48:20.0583 2080 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 20:48:20.0585 2080 Browser - ok 20:48:20.0592 2080 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 20:48:20.0593 2080 Brserid - ok 20:48:20.0606 2080 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 20:48:20.0608 2080 BrSerWdm - ok 20:48:20.0618 2080 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 20:48:20.0619 2080 BrUsbMdm - ok 20:48:20.0625 2080 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 20:48:20.0626 2080 BrUsbSer - ok 20:48:20.0639 2080 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:48:20.0640 2080 BTHMODEM - ok 20:48:20.0663 2080 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:48:20.0664 2080 cdfs - ok 20:48:20.0687 2080 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:48:20.0688 2080 cdrom - ok 20:48:20.0713 2080 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 20:48:20.0714 2080 CertPropSvc - ok 20:48:20.0724 2080 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 20:48:20.0725 2080 circlass - ok 20:48:20.0758 2080 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 20:48:20.0761 2080 CLFS - ok 20:48:20.0812 2080 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:48:20.0814 2080 clr_optimization_v2.0.50727_32 - ok 20:48:20.0853 2080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:48:20.0855 2080 clr_optimization_v4.0.30319_32 - ok 20:48:20.0876 2080 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:48:20.0877 2080 cmdide - ok 20:48:20.0896 2080 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:48:20.0897 2080 Compbatt - ok 20:48:20.0900 2080 COMSysApp - ok 20:48:20.0908 2080 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:48:20.0909 2080 crcdisk - ok 20:48:20.0931 2080 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 20:48:20.0932 2080 Crusoe - ok 20:48:20.0957 2080 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:48:20.0959 2080 CryptSvc - ok 20:48:20.0995 2080 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:48:21.0000 2080 DcomLaunch - ok 20:48:21.0033 2080 [ 96C25C84D31F3569E579BAA434A85174 ] dfg C:\Windows\system32\drivers\dfg.sys 20:48:21.0034 2080 dfg - ok 20:48:21.0069 2080 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:48:21.0070 2080 DfsC - ok 20:48:21.0121 2080 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 20:48:21.0136 2080 DFSR - ok 20:48:21.0178 2080 [ 54D0B8343CE8C22412A5F29D32EFD211 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 20:48:21.0179 2080 dg_ssudbus - ok 20:48:21.0202 2080 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 20:48:21.0204 2080 Dhcp - ok 20:48:21.0222 2080 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 20:48:21.0224 2080 disk - ok 20:48:21.0254 2080 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:48:21.0255 2080 Dnscache - ok 20:48:21.0289 2080 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:48:21.0291 2080 dot3svc - ok 20:48:21.0336 2080 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 20:48:21.0338 2080 Dot4 - ok 20:48:21.0363 2080 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 20:48:21.0364 2080 Dot4Print - ok 20:48:21.0376 2080 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 20:48:21.0377 2080 dot4usb - ok 20:48:21.0398 2080 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 20:48:21.0400 2080 DPS - ok 20:48:21.0419 2080 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:48:21.0420 2080 drmkaud - ok 20:48:21.0447 2080 [ 988670D8343EF9835FB3659DB71B2EFA ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:48:21.0452 2080 DXGKrnl - ok 20:48:21.0465 2080 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 20:48:21.0466 2080 E1G60 - ok 20:48:21.0500 2080 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 20:48:21.0501 2080 EapHost - ok 20:48:21.0542 2080 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 20:48:21.0543 2080 Ecache - ok 20:48:21.0600 2080 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:48:21.0602 2080 ehRecvr - ok 20:48:21.0627 2080 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 20:48:21.0629 2080 ehSched - ok 20:48:21.0641 2080 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 20:48:21.0642 2080 ehstart - ok 20:48:21.0652 2080 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:48:21.0655 2080 elxstor - ok 20:48:21.0680 2080 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 20:48:21.0685 2080 EMDMgmt - ok 20:48:21.0694 2080 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:48:21.0695 2080 ErrDev - ok 20:48:21.0742 2080 esgiguard - ok 20:48:21.0787 2080 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 20:48:21.0789 2080 EventSystem - ok 20:48:21.0812 2080 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 20:48:21.0814 2080 exfat - ok 20:48:21.0837 2080 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:48:21.0839 2080 fastfat - ok 20:48:21.0892 2080 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:48:21.0893 2080 fdc - ok 20:48:21.0918 2080 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 20:48:21.0920 2080 fdPHost - ok 20:48:21.0950 2080 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 20:48:21.0951 2080 FDResPub - ok 20:48:21.0960 2080 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:48:21.0962 2080 FileInfo - ok 20:48:21.0985 2080 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:48:21.0986 2080 Filetrace - ok 20:48:22.0003 2080 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:48:22.0004 2080 flpydisk - ok 20:48:22.0037 2080 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:48:22.0039 2080 FltMgr - ok 20:48:22.0070 2080 [ 2AFA3A46986AE935DAECEBC7E66314CF ] FontCache C:\Windows\system32\FntCache.dll 20:48:22.0076 2080 FontCache - ok 20:48:22.0114 2080 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:48:22.0116 2080 FontCache3.0.0.0 - ok 20:48:22.0131 2080 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:48:22.0132 2080 Fs_Rec - ok 20:48:22.0142 2080 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:48:22.0144 2080 gagp30kx - ok 20:48:22.0193 2080 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 20:48:22.0198 2080 gpsvc - ok 20:48:22.0256 2080 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 20:48:22.0258 2080 gupdate - ok 20:48:22.0262 2080 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 20:48:22.0264 2080 gupdatem - ok 20:48:22.0287 2080 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:48:22.0289 2080 HdAudAddService - ok 20:48:22.0321 2080 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:48:22.0325 2080 HDAudBus - ok 20:48:22.0337 2080 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:48:22.0338 2080 HidBth - ok 20:48:22.0349 2080 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 20:48:22.0350 2080 HidIr - ok 20:48:22.0375 2080 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 20:48:22.0377 2080 hidserv - ok 20:48:22.0388 2080 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:48:22.0389 2080 HidUsb - ok 20:48:22.0411 2080 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:48:22.0413 2080 hkmsvc - ok 20:48:22.0422 2080 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 20:48:22.0424 2080 HpCISSs - ok 20:48:22.0487 2080 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 20:48:22.0490 2080 hpqcxs08 - ok 20:48:22.0496 2080 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 20:48:22.0498 2080 hpqddsvc - ok 20:48:22.0522 2080 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:48:22.0526 2080 HTTP - ok 20:48:22.0530 2080 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 20:48:22.0531 2080 i2omp - ok 20:48:22.0537 2080 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:48:22.0538 2080 i8042prt - ok 20:48:22.0561 2080 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 20:48:22.0563 2080 iaStorV - ok 20:48:22.0624 2080 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:48:22.0625 2080 IDriverT - ok 20:48:22.0673 2080 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:48:22.0679 2080 idsvc - ok 20:48:22.0688 2080 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:48:22.0690 2080 iirsp - ok 20:48:22.0737 2080 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 20:48:22.0741 2080 IKEEXT - ok 20:48:22.0781 2080 [ EDC37B918E583A5A813C53D4F5588255 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 20:48:22.0794 2080 IntcAzAudAddService - ok 20:48:22.0807 2080 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 20:48:22.0808 2080 intelide - ok 20:48:22.0815 2080 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:48:22.0816 2080 intelppm - ok 20:48:22.0835 2080 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:48:22.0837 2080 IPBusEnum - ok 20:48:22.0841 2080 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:48:22.0842 2080 IpFilterDriver - ok 20:48:22.0859 2080 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:48:22.0862 2080 iphlpsvc - ok 20:48:22.0867 2080 IpInIp - ok 20:48:22.0879 2080 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 20:48:22.0881 2080 IPMIDRV - ok 20:48:22.0891 2080 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 20:48:22.0893 2080 IPNAT - ok 20:48:22.0898 2080 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:48:22.0899 2080 IRENUM - ok 20:48:22.0910 2080 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:48:22.0912 2080 isapnp - ok 20:48:22.0948 2080 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 20:48:22.0950 2080 iScsiPrt - ok 20:48:22.0958 2080 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 20:48:22.0959 2080 iteatapi - ok 20:48:22.0972 2080 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 20:48:22.0973 2080 iteraid - ok 20:48:22.0977 2080 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:48:22.0978 2080 kbdclass - ok 20:48:23.0007 2080 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:48:23.0008 2080 kbdhid - ok 20:48:23.0043 2080 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 20:48:23.0045 2080 KeyIso - ok 20:48:23.0096 2080 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:48:23.0099 2080 KSecDD - ok 20:48:23.0120 2080 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 20:48:23.0123 2080 KtmRm - ok 20:48:23.0160 2080 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 20:48:23.0164 2080 LanmanServer - ok 20:48:23.0202 2080 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:48:23.0208 2080 LanmanWorkstation - ok 20:48:23.0213 2080 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:48:23.0214 2080 lltdio - ok 20:48:23.0228 2080 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:48:23.0230 2080 lltdsvc - ok 20:48:23.0249 2080 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:48:23.0251 2080 lmhosts - ok 20:48:23.0264 2080 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:48:23.0265 2080 LSI_FC - ok 20:48:23.0274 2080 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:48:23.0275 2080 LSI_SAS - ok 20:48:23.0285 2080 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:48:23.0287 2080 LSI_SCSI - ok 20:48:23.0291 2080 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 20:48:23.0293 2080 luafv - ok 20:48:23.0352 2080 [ D6767D36902E4B9F9EBB2DDD3BBF1A35 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys 20:48:23.0353 2080 mbamchameleon - ok 20:48:23.0368 2080 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 20:48:23.0369 2080 MBAMProtector - ok 20:48:23.0397 2080 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 20:48:23.0400 2080 MBAMScheduler - ok 20:48:23.0427 2080 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:48:23.0432 2080 MBAMService - ok 20:48:23.0465 2080 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:48:23.0468 2080 Mcx2Svc - ok 20:48:23.0475 2080 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 20:48:23.0476 2080 megasas - ok 20:48:23.0495 2080 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 20:48:23.0498 2080 MegaSR - ok 20:48:23.0555 2080 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 20:48:23.0556 2080 Microsoft Office Groove Audit Service - ok 20:48:23.0565 2080 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 20:48:23.0568 2080 MMCSS - ok 20:48:23.0579 2080 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 20:48:23.0581 2080 Modem - ok 20:48:23.0595 2080 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:48:23.0597 2080 monitor - ok 20:48:23.0617 2080 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:48:23.0618 2080 mouclass - ok 20:48:23.0625 2080 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:48:23.0626 2080 mouhid - ok 20:48:23.0630 2080 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 20:48:23.0631 2080 MountMgr - ok 20:48:23.0688 2080 [ 5D494509432897338AFC19DB78A76DCB ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 20:48:23.0689 2080 MozillaMaintenance - ok 20:48:23.0706 2080 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 20:48:23.0707 2080 mpio - ok 20:48:23.0711 2080 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:48:23.0713 2080 mpsdrv - ok 20:48:23.0743 2080 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 20:48:23.0747 2080 MpsSvc - ok 20:48:23.0756 2080 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 20:48:23.0757 2080 Mraid35x - ok 20:48:23.0769 2080 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:48:23.0771 2080 MRxDAV - ok 20:48:23.0783 2080 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:48:23.0785 2080 mrxsmb - ok 20:48:23.0801 2080 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:48:23.0804 2080 mrxsmb10 - ok 20:48:23.0816 2080 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:48:23.0818 2080 mrxsmb20 - ok 20:48:23.0848 2080 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 20:48:23.0850 2080 msahci - ok 20:48:23.0858 2080 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:48:23.0860 2080 msdsm - ok 20:48:23.0875 2080 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 20:48:23.0877 2080 MSDTC - ok 20:48:23.0893 2080 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:48:23.0894 2080 Msfs - ok 20:48:23.0901 2080 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:48:23.0902 2080 msisadrv - ok 20:48:23.0922 2080 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:48:23.0924 2080 MSiSCSI - ok 20:48:23.0928 2080 msiserver - ok 20:48:23.0938 2080 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:48:23.0940 2080 MSKSSRV - ok 20:48:23.0951 2080 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:48:23.0952 2080 MSPCLOCK - ok 20:48:23.0962 2080 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:48:23.0963 2080 MSPQM - ok 20:48:23.0974 2080 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:48:23.0976 2080 MsRPC - ok 20:48:23.0982 2080 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:48:23.0983 2080 mssmbios - ok 20:48:23.0992 2080 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:48:23.0993 2080 MSTEE - ok 20:48:24.0007 2080 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 20:48:24.0009 2080 Mup - ok 20:48:24.0028 2080 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 20:48:24.0032 2080 napagent - ok 20:48:24.0057 2080 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:48:24.0059 2080 NativeWifiP - ok 20:48:24.0110 2080 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:48:24.0114 2080 NDIS - ok 20:48:24.0127 2080 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:48:24.0129 2080 NdisTapi - ok 20:48:24.0137 2080 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:48:24.0138 2080 Ndisuio - ok 20:48:24.0160 2080 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:48:24.0161 2080 NdisWan - ok 20:48:24.0173 2080 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:48:24.0174 2080 NDProxy - ok 20:48:24.0185 2080 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 20:48:24.0187 2080 Net Driver HPZ12 - ok 20:48:24.0191 2080 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:48:24.0192 2080 NetBIOS - ok 20:48:24.0222 2080 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 20:48:24.0224 2080 netbt - ok 20:48:24.0228 2080 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 20:48:24.0230 2080 Netlogon - ok 20:48:24.0262 2080 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 20:48:24.0266 2080 Netman - ok 20:48:24.0279 2080 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 20:48:24.0282 2080 netprofm - ok 20:48:24.0301 2080 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:48:24.0302 2080 NetTcpPortSharing - ok 20:48:24.0314 2080 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:48:24.0316 2080 nfrd960 - ok 20:48:24.0332 2080 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:48:24.0335 2080 NlaSvc - ok 20:48:24.0375 2080 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\Windows\system32\drivers\npf.sys 20:48:24.0376 2080 NPF - ok 20:48:24.0387 2080 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:48:24.0389 2080 Npfs - ok 20:48:24.0401 2080 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 20:48:24.0403 2080 nsi - ok 20:48:24.0408 2080 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:48:24.0409 2080 nsiproxy - ok 20:48:24.0446 2080 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:48:24.0453 2080 Ntfs - ok 20:48:24.0458 2080 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 20:48:24.0459 2080 ntrigdigi - ok 20:48:24.0468 2080 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 20:48:24.0469 2080 Null - ok 20:48:24.0476 2080 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:48:24.0478 2080 nvraid - ok 20:48:24.0488 2080 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:48:24.0489 2080 nvstor - ok 20:48:24.0499 2080 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:48:24.0501 2080 nv_agp - ok 20:48:24.0504 2080 NwlnkFlt - ok 20:48:24.0508 2080 NwlnkFwd - ok 20:48:24.0585 2080 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:48:24.0589 2080 odserv - ok 20:48:24.0599 2080 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 20:48:24.0600 2080 ohci1394 - ok 20:48:24.0613 2080 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:48:24.0615 2080 ose - ok 20:48:24.0643 2080 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 20:48:24.0649 2080 p2pimsvc - ok 20:48:24.0659 2080 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 20:48:24.0665 2080 p2psvc - ok 20:48:24.0675 2080 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 20:48:24.0676 2080 Parport - ok 20:48:24.0714 2080 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:48:24.0716 2080 partmgr - ok 20:48:24.0732 2080 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 20:48:24.0733 2080 Parvdm - ok 20:48:24.0747 2080 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 20:48:24.0750 2080 PcaSvc - ok 20:48:24.0783 2080 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 20:48:24.0784 2080 pci - ok 20:48:24.0814 2080 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 20:48:24.0815 2080 pciide - ok 20:48:24.0823 2080 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:48:24.0825 2080 pcmcia - ok 20:48:24.0843 2080 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:48:24.0849 2080 PEAUTH - ok 20:48:24.0888 2080 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 20:48:24.0900 2080 pla - ok 20:48:24.0941 2080 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:48:24.0946 2080 PlugPlay - ok 20:48:24.0969 2080 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 20:48:24.0971 2080 Pml Driver HPZ12 - ok 20:48:24.0982 2080 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 20:48:24.0988 2080 PNRPAutoReg - ok 20:48:25.0018 2080 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 20:48:25.0024 2080 PNRPsvc - ok 20:48:25.0057 2080 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:48:25.0061 2080 PolicyAgent - ok 20:48:25.0077 2080 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:48:25.0079 2080 PptpMiniport - ok 20:48:25.0091 2080 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 20:48:25.0092 2080 Processor - ok 20:48:25.0129 2080 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 20:48:25.0132 2080 ProfSvc - ok 20:48:25.0152 2080 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 20:48:25.0153 2080 ProtectedStorage - ok 20:48:25.0177 2080 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 20:48:25.0179 2080 PSched - ok 20:48:25.0293 2080 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:48:25.0300 2080 ql2300 - ok 20:48:25.0309 2080 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:48:25.0310 2080 ql40xx - ok 20:48:25.0333 2080 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 20:48:25.0337 2080 QWAVE - ok 20:48:25.0342 2080 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:48:25.0343 2080 QWAVEdrv - ok 20:48:25.0515 2080 [ AB51E1F08C8E789D6C9E8B94D15BE9A9 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys 20:48:25.0518 2080 RapportCerberus_59849 - ok 20:48:25.0620 2080 [ 9D52A4DEB9F28CC41EB61346E3808E4D ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 20:48:25.0622 2080 RapportEI - ok 20:48:25.0652 2080 [ 4136175FABB89CB493DF1D237DB50CF4 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys 20:48:25.0653 2080 RapportKELL - ok 20:48:25.0701 2080 [ 02396BD77121751A738444325E1F14E8 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 20:48:25.0711 2080 RapportMgmtService - ok 20:48:25.0739 2080 [ A9B99416DE6CADEE2D3C369B634F20F1 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 20:48:25.0741 2080 RapportPG - ok 20:48:25.0748 2080 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:48:25.0749 2080 RasAcd - ok 20:48:25.0768 2080 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 20:48:25.0771 2080 RasAuto - ok 20:48:25.0788 2080 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:48:25.0789 2080 Rasl2tp - ok 20:48:25.0815 2080 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 20:48:25.0819 2080 RasMan - ok 20:48:25.0850 2080 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:48:25.0851 2080 RasPppoe - ok 20:48:25.0879 2080 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:48:25.0880 2080 RasSstp - ok 20:48:25.0906 2080 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:48:25.0909 2080 rdbss - ok 20:48:25.0920 2080 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:48:25.0921 2080 RDPCDD - ok 20:48:25.0938 2080 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 20:48:25.0941 2080 rdpdr - ok 20:48:25.0945 2080 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:48:25.0946 2080 RDPENCDD - ok 20:48:25.0969 2080 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:48:25.0971 2080 RDPWD - ok 20:48:26.0001 2080 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:48:26.0004 2080 RemoteAccess - ok 20:48:26.0022 2080 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:48:26.0025 2080 RemoteRegistry - ok 20:48:26.0038 2080 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 20:48:26.0040 2080 RpcLocator - ok 20:48:26.0053 2080 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 20:48:26.0059 2080 RpcSs - ok 20:48:26.0066 2080 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:48:26.0068 2080 rspndr - ok 20:48:26.0092 2080 [ 1AA29238D4B14F4A20B2C4AAEA6E0F6E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys 20:48:26.0094 2080 RTHDMIAzAudService - ok 20:48:26.0113 2080 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 20:48:26.0115 2080 RTL8169 - ok 20:48:26.0120 2080 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 20:48:26.0122 2080 SamSs - ok 20:48:26.0129 2080 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:48:26.0131 2080 sbp2port - ok 20:48:26.0159 2080 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:48:26.0162 2080 SCardSvr - ok 20:48:26.0188 2080 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 20:48:26.0194 2080 Schedule - ok 20:48:26.0205 2080 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:48:26.0207 2080 SCPolicySvc - ok 20:48:26.0223 2080 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:48:26.0226 2080 SDRSVC - ok 20:48:26.0233 2080 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:48:26.0234 2080 secdrv - ok 20:48:26.0251 2080 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 20:48:26.0254 2080 seclogon - ok 20:48:26.0265 2080 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 20:48:26.0268 2080 SENS - ok 20:48:26.0280 2080 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 20:48:26.0281 2080 Serenum - ok 20:48:26.0293 2080 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 20:48:26.0295 2080 Serial - ok 20:48:26.0302 2080 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:48:26.0304 2080 sermouse - ok 20:48:26.0344 2080 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 20:48:26.0347 2080 SessionEnv - ok 20:48:26.0354 2080 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:48:26.0355 2080 sffdisk - ok 20:48:26.0361 2080 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:48:26.0362 2080 sffp_mmc - ok 20:48:26.0373 2080 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:48:26.0375 2080 sffp_sd - ok 20:48:26.0379 2080 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:48:26.0380 2080 sfloppy - ok 20:48:26.0424 2080 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:48:26.0427 2080 SharedAccess - ok 20:48:26.0469 2080 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:48:26.0473 2080 ShellHWDetection - ok 20:48:26.0480 2080 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 20:48:26.0482 2080 sisagp - ok 20:48:26.0495 2080 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 20:48:26.0497 2080 SiSRaid2 - ok 20:48:26.0510 2080 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:48:26.0511 2080 SiSRaid4 - ok 20:48:26.0621 2080 [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 20:48:26.0641 2080 Skype C2C Service - ok 20:48:26.0708 2080 [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 20:48:26.0710 2080 SkypeUpdate - ok 20:48:26.0777 2080 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 20:48:26.0800 2080 slsvc - ok 20:48:26.0837 2080 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 20:48:26.0840 2080 SLUINotify - ok 20:48:26.0854 2080 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:48:26.0855 2080 Smb - ok 20:48:26.0880 2080 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:48:26.0883 2080 SNMPTRAP - ok 20:48:26.0896 2080 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 20:48:26.0897 2080 spldr - ok 20:48:26.0909 2080 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 20:48:26.0913 2080 Spooler - ok 20:48:26.0940 2080 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:48:26.0942 2080 srv - ok 20:48:26.0953 2080 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:48:26.0955 2080 srv2 - ok 20:48:26.0970 2080 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:48:26.0971 2080 srvnet - ok 20:48:27.0013 2080 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:48:27.0016 2080 SSDPSRV - ok 20:48:27.0026 2080 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:48:27.0029 2080 SstpSvc - ok 20:48:27.0082 2080 [ D2C02234E3E87EA5FE420F045068099B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 20:48:27.0084 2080 ssudmdm - ok 20:48:27.0124 2080 [ E97F09A7EC9C45B7060FE45BC620766C ] ssudserd C:\Windows\system32\DRIVERS\ssudserd.sys 20:48:27.0126 2080 ssudserd - ok 20:48:27.0146 2080 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 20:48:27.0152 2080 stisvc - ok 20:48:27.0157 2080 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:48:27.0158 2080 swenum - ok 20:48:27.0197 2080 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 20:48:27.0202 2080 swprv - ok 20:48:27.0215 2080 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 20:48:27.0216 2080 Symc8xx - ok 20:48:27.0227 2080 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 20:48:27.0228 2080 Sym_hi - ok 20:48:27.0233 2080 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 20:48:27.0234 2080 Sym_u3 - ok 20:48:27.0262 2080 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 20:48:27.0267 2080 SysMain - ok 20:48:27.0282 2080 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:48:27.0285 2080 TabletInputService - ok 20:48:27.0326 2080 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:48:27.0330 2080 TapiSrv - ok 20:48:27.0343 2080 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 20:48:27.0346 2080 TBS - ok 20:48:27.0429 2080 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:48:27.0436 2080 Tcpip - ok 20:48:27.0450 2080 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 20:48:27.0456 2080 Tcpip6 - ok 20:48:27.0481 2080 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:48:27.0482 2080 tcpipreg - ok 20:48:27.0487 2080 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:48:27.0488 2080 TDPIPE - ok 20:48:27.0506 2080 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:48:27.0507 2080 TDTCP - ok 20:48:27.0529 2080 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:48:27.0531 2080 tdx - ok 20:48:27.0538 2080 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:48:27.0540 2080 TermDD - ok 20:48:27.0588 2080 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 20:48:27.0594 2080 TermService - ok 20:48:27.0619 2080 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 20:48:27.0623 2080 Themes - ok 20:48:27.0633 2080 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 20:48:27.0635 2080 THREADORDER - ok 20:48:27.0648 2080 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 20:48:27.0651 2080 TrkWks - ok 20:48:27.0685 2080 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:48:27.0686 2080 TrustedInstaller - ok 20:48:27.0721 2080 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:48:27.0722 2080 tssecsrv - ok 20:48:27.0726 2080 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 20:48:27.0728 2080 tunmp - ok 20:48:27.0743 2080 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:48:27.0744 2080 tunnel - ok 20:48:27.0758 2080 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:48:27.0759 2080 uagp35 - ok 20:48:27.0785 2080 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:48:27.0787 2080 udfs - ok 20:48:27.0806 2080 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:48:27.0809 2080 UI0Detect - ok 20:48:27.0823 2080 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:48:27.0824 2080 uliagpkx - ok 20:48:27.0836 2080 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 20:48:27.0839 2080 uliahci - ok 20:48:27.0848 2080 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 20:48:27.0849 2080 UlSata - ok 20:48:27.0862 2080 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 20:48:27.0863 2080 ulsata2 - ok 20:48:27.0867 2080 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:48:27.0868 2080 umbus - ok 20:48:27.0888 2080 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 20:48:27.0891 2080 upnphost - ok 20:48:27.0944 2080 [ 1114579556DB85E9FAF9590DBC64CD62 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:48:27.0945 2080 usbaudio - ok 20:48:27.0958 2080 [ AAB0B5F72D2D726FBFDC895A2902DE1D ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:48:27.0959 2080 usbccgp - ok 20:48:27.0974 2080 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:48:27.0975 2080 usbcir - ok 20:48:27.0992 2080 [ 153E8515CB86F8BB5D1A8B478EBF4BB2 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:48:27.0993 2080 usbehci - ok 20:48:28.0002 2080 [ 2AE6BCEBD85D31317E433733DAF25888 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:48:28.0003 2080 usbhub - ok 20:48:28.0018 2080 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:48:28.0019 2080 usbohci - ok 20:48:28.0037 2080 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:48:28.0038 2080 usbprint - ok 20:48:28.0050 2080 [ 1D714B8497CD68307806D5D3F60A5169 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:48:28.0051 2080 usbscan - ok 20:48:28.0077 2080 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:48:28.0078 2080 USBSTOR - ok 20:48:28.0099 2080 [ 44056325428A8E4C755830426E29878F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:48:28.0100 2080 usbuhci - ok 20:48:28.0114 2080 [ 73FF24E21B690625A58109637DDA0DF7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 20:48:28.0115 2080 usbvideo - ok 20:48:28.0168 2080 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys 20:48:28.0169 2080 usb_rndisx - ok 20:48:28.0181 2080 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 20:48:28.0184 2080 UxSms - ok 20:48:28.0207 2080 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 20:48:28.0212 2080 vds - ok 20:48:28.0228 2080 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:48:28.0229 2080 vga - ok 20:48:28.0234 2080 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 20:48:28.0235 2080 VgaSave - ok 20:48:28.0248 2080 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 20:48:28.0250 2080 viaagp - ok 20:48:28.0257 2080 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 20:48:28.0258 2080 ViaC7 - ok 20:48:28.0274 2080 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 20:48:28.0276 2080 viaide - ok 20:48:28.0284 2080 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:48:28.0286 2080 volmgr - ok 20:48:28.0311 2080 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:48:28.0314 2080 volmgrx - ok 20:48:28.0362 2080 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:48:28.0365 2080 volsnap - ok 20:48:28.0379 2080 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:48:28.0381 2080 vsmraid - ok 20:48:28.0415 2080 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 20:48:28.0425 2080 VSS - ok 20:48:28.0441 2080 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 20:48:28.0446 2080 W32Time - ok 20:48:28.0456 2080 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:48:28.0457 2080 WacomPen - ok 20:48:28.0462 2080 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 20:48:28.0463 2080 Wanarp - ok 20:48:28.0467 2080 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:48:28.0468 2080 Wanarpv6 - ok 20:48:28.0496 2080 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:48:28.0501 2080 wcncsvc - ok 20:48:28.0527 2080 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:48:28.0530 2080 WcsPlugInService - ok 20:48:28.0537 2080 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 20:48:28.0538 2080 Wd - ok 20:48:28.0577 2080 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:48:28.0581 2080 Wdf01000 - ok 20:48:28.0594 2080 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:48:28.0598 2080 WdiServiceHost - ok 20:48:28.0602 2080 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:48:28.0605 2080 WdiSystemHost - ok 20:48:28.0635 2080 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 20:48:28.0639 2080 WebClient - ok 20:48:28.0652 2080 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:48:28.0656 2080 Wecsvc - ok 20:48:28.0672 2080 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:48:28.0676 2080 wercplsupport - ok 20:48:28.0701 2080 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 20:48:28.0705 2080 WerSvc - ok 20:48:28.0734 2080 [ B9188CC0868C72F43261128E5BA7266D ] WinAgentsTftpService4 C:\Program Files\Common Files\WinAgents\TftpService.exe 20:48:28.0736 2080 WinAgentsTftpService4 - ok 20:48:28.0762 2080 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 20:48:28.0765 2080 WinDefend - ok 20:48:28.0771 2080 WinHttpAutoProxySvc - ok 20:48:28.0823 2080 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:48:28.0824 2080 Winmgmt - ok 20:48:28.0857 2080 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 20:48:28.0867 2080 WinRM - ok 20:48:28.0915 2080 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys 20:48:28.0916 2080 WinUSB - ok 20:48:28.0943 2080 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:48:28.0949 2080 Wlansvc - ok 20:48:28.0963 2080 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:48:28.0964 2080 WmiAcpi - ok 20:48:28.0994 2080 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:48:28.0996 2080 wmiApSrv - ok 20:48:29.0042 2080 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 20:48:29.0048 2080 WMPNetworkSvc - ok 20:48:29.0074 2080 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:48:29.0078 2080 WPCSvc - ok 20:48:29.0110 2080 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:48:29.0114 2080 WPDBusEnum - ok 20:48:29.0139 2080 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 20:48:29.0140 2080 WpdUsb - ok 20:48:29.0222 2080 [ 7CAEC4665452072662496CFCCAB727E2 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:48:29.0228 2080 WPFFontCache_v0400 - ok 20:48:29.0243 2080 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:48:29.0244 2080 ws2ifsl - ok 20:48:29.0276 2080 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 20:48:29.0280 2080 wscsvc - ok 20:48:29.0284 2080 WSearch - ok 20:48:29.0329 2080 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 20:48:29.0344 2080 wuauserv - ok 20:48:29.0374 2080 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:48:29.0376 2080 WudfPf - ok 20:48:29.0396 2080 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:48:29.0398 2080 WUDFRd - ok 20:48:29.0431 2080 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:48:29.0435 2080 wudfsvc - ok 20:48:29.0450 2080 ================ Scan global =============================== 20:48:29.0507 2080 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 20:48:29.0536 2080 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 20:48:29.0546 2080 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 20:48:29.0576 2080 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 20:48:29.0580 2080 [Global] - ok 20:48:29.0580 2080 ================ Scan MBR ================================== 20:48:29.0591 2080 [ A653B30D987352BB248DF094454B1CB6 ] \Device\Harddisk0\DR0 20:48:29.0957 2080 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning 20:48:29.0957 2080 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1) 20:48:29.0958 2080 ================ Scan VBR ================================== 20:48:29.0970 2080 [ 3A1A54D051FC2F4F63AA24417D229D15 ] \Device\Harddisk0\DR0\Partition1 20:48:29.0971 2080 \Device\Harddisk0\DR0\Partition1 - ok 20:48:29.0980 2080 [ 1D202433F64532632F3219D268EF008F ] \Device\Harddisk0\DR0\Partition2 20:48:29.0982 2080 \Device\Harddisk0\DR0\Partition2 - ok 20:48:29.0995 2080 [ A848A3832AFEB869A6853E2CE5241062 ] \Device\Harddisk0\DR0\Partition3 20:48:29.0997 2080 \Device\Harddisk0\DR0\Partition3 - ok 20:48:30.0014 2080 [ B9438ABE204B56248B911B26B5BFEC36 ] \Device\Harddisk0\DR0\Partition4 20:48:30.0016 2080 \Device\Harddisk0\DR0\Partition4 - ok 20:48:30.0017 2080 ============================================================ 20:48:30.0017 2080 Scan finished 20:48:30.0017 2080 ============================================================ 20:48:30.0024 6048 Detected object count: 1 20:48:30.0024 6048 Actual detected object count: 1 20:58:39.0674 6048 \Device\Harddisk0\DR0\# - copied to quarantine 20:58:39.0674 6048 \Device\Harddisk0\DR0 - copied to quarantine 20:58:39.0674 6048 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine
-
Hi Marius TDSS-Killer offers: Skip Copy to quarantine Restore not Cure. Please confirm I should use Copy to quarantine Thanks Ian
-
20:40:40.0683 5788 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:40:41.0307 5788 ============================================================ 20:40:41.0307 5788 Current date / time: 2013/11/06 20:40:41.0307 20:40:41.0307 5788 SystemInfo: 20:40:41.0307 5788 20:40:41.0307 5788 OS Version: 6.0.6002 ServicePack: 2.0 20:40:41.0307 5788 Product type: Workstation 20:40:41.0307 5788 ComputerName: JOHN-PC 20:40:41.0307 5788 UserName: John 20:40:41.0307 5788 Windows directory: C:\Windows 20:40:41.0307 5788 System windows directory: C:\Windows 20:40:41.0307 5788 Processor architecture: Intel x86 20:40:41.0307 5788 Number of processors: 2 20:40:41.0307 5788 Page size: 0x1000 20:40:41.0307 5788 Boot type: Normal boot 20:40:41.0307 5788 ============================================================ 20:40:42.0212 5788 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:40:42.0227 5788 ============================================================ 20:40:42.0227 5788 \Device\Harddisk0\DR0: 20:40:42.0227 5788 MBR partitions: 20:40:42.0227 5788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7801F1A 20:40:42.0243 5788 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7801F98, BlocksNum 0x9C41AD8 20:40:42.0259 5788 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11443AAF, BlocksNum 0x29810511 20:40:42.0259 5788 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3AC53FFF, BlocksNum 0x39AB19C2 20:40:42.0259 5788 ============================================================ 20:40:42.0290 5788 C: <-> \Device\Harddisk0\DR0\Partition1 20:40:42.0352 5788 D: <-> \Device\Harddisk0\DR0\Partition2 20:40:42.0399 5788 E: <-> \Device\Harddisk0\DR0\Partition3 20:40:42.0461 5788 F: <-> \Device\Harddisk0\DR0\Partition4 20:40:42.0461 5788 ============================================================ 20:40:42.0461 5788 Initialize success 20:40:42.0461 5788 ============================================================ 20:40:45.0301 3348 ============================================================ 20:40:45.0301 3348 Scan started 20:40:45.0301 3348 Mode: Manual; 20:40:45.0301 3348 ============================================================ 20:40:45.0940 3348 ================ Scan system memory ======================== 20:40:45.0940 3348 System memory - ok 20:40:45.0940 3348 ================ Scan services ============================= 20:40:47.0828 3348 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 20:40:47.0875 3348 ACPI - ok 20:40:48.0015 3348 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 20:40:48.0015 3348 AdobeARMservice - ok 20:40:48.0046 3348 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 20:40:48.0062 3348 AdobeFlashPlayerUpdateSvc - ok 20:40:48.0077 3348 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:40:48.0077 3348 adp94xx - ok 20:40:48.0109 3348 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:40:48.0109 3348 adpahci - ok 20:40:48.0124 3348 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 20:40:48.0124 3348 adpu160m - ok 20:40:48.0140 3348 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:40:48.0140 3348 adpu320 - ok 20:40:48.0171 3348 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:40:48.0171 3348 AeLookupSvc - ok 20:40:48.0187 3348 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 20:40:48.0187 3348 AFD - ok 20:40:48.0202 3348 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:40:48.0202 3348 agp440 - ok 20:40:48.0218 3348 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 20:40:48.0218 3348 aic78xx - ok 20:40:48.0249 3348 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 20:40:48.0249 3348 ALG - ok 20:40:48.0280 3348 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 20:40:48.0280 3348 aliide - ok 20:40:48.0296 3348 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 20:40:48.0296 3348 amdagp - ok 20:40:48.0311 3348 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 20:40:48.0311 3348 amdide - ok 20:40:48.0327 3348 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 20:40:48.0327 3348 AmdK7 - ok 20:40:48.0343 3348 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:40:48.0343 3348 AmdK8 - ok 20:40:48.0358 3348 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 20:40:48.0358 3348 Appinfo - ok 20:40:48.0374 3348 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 20:40:48.0374 3348 arc - ok 20:40:48.0389 3348 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:40:48.0389 3348 arcsas - ok 20:40:48.0452 3348 [ 54AB80D7F53E0C228A3F0FDB167DC83E ] ASOVPNHelper C:\Program Files\Astrill\ASOvpnSvc.exe 20:40:48.0452 3348 ASOVPNHelper - ok 20:40:48.0483 3348 [ 1B69B335F6BCD85C104F8C674660D6D6 ] ASProxy C:\Program Files\Astrill\ASProxy.exe 20:40:48.0499 3348 ASProxy - ok 20:40:48.0530 3348 [ FA1F8B44242E0817F4B1BE2EE7979DF0 ] asvpndrv C:\Windows\system32\DRIVERS\asvpndrv.sys 20:40:48.0545 3348 asvpndrv - ok 20:40:48.0561 3348 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:40:48.0577 3348 AsyncMac - ok 20:40:48.0577 3348 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 20:40:48.0577 3348 atapi - ok 20:40:48.0623 3348 [ FD59145571041180F54A620FB8159746 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 20:40:48.0639 3348 Ati External Event Utility - ok 20:40:48.0701 3348 [ 514771DF4C8E653126C6DD7EE3661766 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:40:48.0764 3348 atikmdag - ok 20:40:48.0795 3348 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:40:48.0795 3348 AudioEndpointBuilder - ok 20:40:48.0795 3348 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 20:40:48.0811 3348 Audiosrv - ok 20:40:48.0951 3348 [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe 20:40:48.0982 3348 AVGIDSAgent - ok 20:40:49.0013 3348 [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys 20:40:49.0045 3348 AVGIDSDriver - ok 20:40:49.0076 3348 [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys 20:40:49.0091 3348 AVGIDSHX - ok 20:40:49.0107 3348 [ 2717EBC35166B8793DBFFB4390B8F2E7 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys 20:40:49.0107 3348 AVGIDSShim - ok 20:40:49.0123 3348 [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys 20:40:49.0123 3348 Avgldx86 - ok 20:40:49.0154 3348 [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys 20:40:49.0154 3348 Avglogx - ok 20:40:49.0169 3348 [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys 20:40:49.0185 3348 Avgmfx86 - ok 20:40:49.0201 3348 [ CBCE8ED318DB8EA431F9D25AC9B7FF41 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys 20:40:49.0201 3348 Avgrkx86 - ok 20:40:49.0216 3348 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys 20:40:49.0216 3348 Avgtdix - ok 20:40:49.0232 3348 [ 15ACA2AD17ACECA4814F249783E63AD3 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys 20:40:49.0232 3348 avgtp - ok 20:40:49.0263 3348 [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe 20:40:49.0263 3348 avgwd - ok 20:40:49.0263 3348 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 20:40:49.0263 3348 Beep - ok 20:40:49.0294 3348 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 20:40:49.0310 3348 BFE - ok 20:40:49.0388 3348 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 20:40:49.0388 3348 BITS - ok 20:40:49.0403 3348 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 20:40:49.0419 3348 blbdrive - ok 20:40:49.0435 3348 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:40:49.0435 3348 bowser - ok 20:40:49.0450 3348 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 20:40:49.0450 3348 BrFiltLo - ok 20:40:49.0450 3348 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 20:40:49.0466 3348 BrFiltUp - ok 20:40:49.0481 3348 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 20:40:49.0481 3348 Browser - ok 20:40:49.0497 3348 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 20:40:49.0497 3348 Brserid - ok 20:40:49.0513 3348 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 20:40:49.0513 3348 BrSerWdm - ok 20:40:49.0528 3348 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 20:40:49.0528 3348 BrUsbMdm - ok 20:40:49.0528 3348 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 20:40:49.0544 3348 BrUsbSer - ok 20:40:49.0559 3348 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:40:49.0559 3348 BTHMODEM - ok 20:40:49.0591 3348 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:40:49.0591 3348 cdfs - ok 20:40:49.0622 3348 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:40:49.0622 3348 cdrom - ok 20:40:49.0653 3348 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 20:40:49.0653 3348 CertPropSvc - ok 20:40:49.0684 3348 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 20:40:49.0700 3348 circlass - ok 20:40:49.0731 3348 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 20:40:49.0747 3348 CLFS - ok 20:40:49.0809 3348 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:40:49.0809 3348 clr_optimization_v2.0.50727_32 - ok 20:40:49.0856 3348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:40:49.0856 3348 clr_optimization_v4.0.30319_32 - ok 20:40:49.0871 3348 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:40:49.0871 3348 cmdide - ok 20:40:49.0903 3348 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:40:49.0903 3348 Compbatt - ok 20:40:49.0903 3348 COMSysApp - ok 20:40:49.0934 3348 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:40:49.0934 3348 crcdisk - ok 20:40:49.0934 3348 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 20:40:49.0934 3348 Crusoe - ok 20:40:49.0981 3348 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:40:49.0981 3348 CryptSvc - ok 20:40:50.0027 3348 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:40:50.0027 3348 DcomLaunch - ok 20:40:50.0059 3348 [ 96C25C84D31F3569E579BAA434A85174 ] dfg C:\Windows\system32\drivers\dfg.sys 20:40:50.0074 3348 dfg - ok 20:40:50.0121 3348 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:40:50.0121 3348 DfsC - ok 20:40:50.0168 3348 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 20:40:50.0215 3348 DFSR - ok 20:40:50.0246 3348 [ 54D0B8343CE8C22412A5F29D32EFD211 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 20:40:50.0246 3348 dg_ssudbus - ok 20:40:50.0277 3348 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 20:40:50.0277 3348 Dhcp - ok 20:40:50.0293 3348 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 20:40:50.0293 3348 disk - ok 20:40:50.0324 3348 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:40:50.0324 3348 Dnscache - ok 20:40:50.0355 3348 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:40:50.0355 3348 dot3svc - ok 20:40:50.0386 3348 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 20:40:50.0386 3348 Dot4 - ok 20:40:50.0417 3348 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 20:40:50.0417 3348 Dot4Print - ok 20:40:50.0433 3348 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 20:40:50.0449 3348 dot4usb - ok 20:40:50.0464 3348 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 20:40:50.0464 3348 DPS - ok 20:40:50.0480 3348 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:40:50.0480 3348 drmkaud - ok 20:40:50.0511 3348 [ 988670D8343EF9835FB3659DB71B2EFA ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:40:50.0527 3348 DXGKrnl - ok 20:40:50.0542 3348 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 20:40:50.0542 3348 E1G60 - ok 20:40:50.0573 3348 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 20:40:50.0573 3348 EapHost - ok 20:40:50.0605 3348 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 20:40:50.0605 3348 Ecache - ok 20:40:50.0651 3348 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:40:50.0667 3348 ehRecvr - ok 20:40:50.0683 3348 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 20:40:50.0683 3348 ehSched - ok 20:40:50.0698 3348 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 20:40:50.0698 3348 ehstart - ok 20:40:50.0714 3348 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:40:50.0714 3348 elxstor - ok 20:40:50.0745 3348 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 20:40:50.0745 3348 EMDMgmt - ok 20:40:50.0761 3348 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:40:50.0776 3348 ErrDev - ok 20:40:50.0807 3348 esgiguard - ok 20:40:50.0854 3348 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 20:40:50.0854 3348 EventSystem - ok 20:40:50.0885 3348 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 20:40:50.0885 3348 exfat - ok 20:40:50.0901 3348 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:40:50.0901 3348 fastfat - ok 20:40:50.0948 3348 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:40:50.0948 3348 fdc - ok 20:40:50.0948 3348 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 20:40:50.0948 3348 fdPHost - ok 20:40:50.0963 3348 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 20:40:50.0963 3348 FDResPub - ok 20:40:50.0979 3348 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:40:50.0979 3348 FileInfo - ok 20:40:50.0979 3348 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:40:50.0995 3348 Filetrace - ok 20:40:51.0010 3348 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:40:51.0010 3348 flpydisk - ok 20:40:51.0041 3348 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:40:51.0057 3348 FltMgr - ok 20:40:51.0104 3348 [ 2AFA3A46986AE935DAECEBC7E66314CF ] FontCache C:\Windows\system32\FntCache.dll 20:40:51.0104 3348 FontCache - ok 20:40:51.0151 3348 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:40:51.0151 3348 FontCache3.0.0.0 - ok 20:40:51.0166 3348 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:40:51.0166 3348 Fs_Rec - ok 20:40:51.0197 3348 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:40:51.0197 3348 gagp30kx - ok 20:40:51.0229 3348 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 20:40:51.0229 3348 gpsvc - ok 20:40:51.0291 3348 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 20:40:51.0291 3348 gupdate - ok 20:40:51.0307 3348 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 20:40:51.0307 3348 gupdatem - ok 20:40:51.0322 3348 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:40:51.0338 3348 HdAudAddService - ok 20:40:51.0369 3348 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:40:51.0369 3348 HDAudBus - ok 20:40:51.0385 3348 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:40:51.0385 3348 HidBth - ok 20:40:51.0400 3348 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 20:40:51.0400 3348 HidIr - ok 20:40:51.0431 3348 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 20:40:51.0431 3348 hidserv - ok 20:40:51.0447 3348 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:40:51.0447 3348 HidUsb - ok 20:40:51.0463 3348 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:40:51.0463 3348 hkmsvc - ok 20:40:51.0478 3348 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 20:40:51.0478 3348 HpCISSs - ok 20:40:51.0525 3348 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 20:40:51.0541 3348 hpqcxs08 - ok 20:40:51.0541 3348 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 20:40:51.0556 3348 hpqddsvc - ok 20:40:51.0603 3348 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:40:51.0603 3348 HTTP - ok 20:40:51.0619 3348 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 20:40:51.0619 3348 i2omp - ok 20:40:51.0634 3348 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:40:51.0634 3348 i8042prt - ok 20:40:51.0665 3348 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 20:40:51.0681 3348 iaStorV - ok 20:40:51.0712 3348 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:40:51.0728 3348 IDriverT - ok 20:40:51.0775 3348 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:40:51.0775 3348 idsvc - ok 20:40:51.0806 3348 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:40:51.0806 3348 iirsp - ok 20:40:51.0821 3348 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 20:40:51.0821 3348 IKEEXT - ok 20:40:51.0868 3348 [ EDC37B918E583A5A813C53D4F5588255 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 20:40:51.0899 3348 IntcAzAudAddService - ok 20:40:51.0915 3348 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 20:40:51.0915 3348 intelide - ok 20:40:51.0931 3348 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:40:51.0931 3348 intelppm - ok 20:40:51.0946 3348 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:40:51.0962 3348 IPBusEnum - ok 20:40:51.0962 3348 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:40:51.0962 3348 IpFilterDriver - ok 20:40:51.0977 3348 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:40:51.0977 3348 iphlpsvc - ok 20:40:51.0977 3348 IpInIp - ok 20:40:51.0993 3348 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 20:40:52.0009 3348 IPMIDRV - ok 20:40:52.0024 3348 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 20:40:52.0024 3348 IPNAT - ok 20:40:52.0024 3348 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:40:52.0024 3348 IRENUM - ok 20:40:52.0040 3348 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:40:52.0040 3348 isapnp - ok 20:40:52.0055 3348 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 20:40:52.0055 3348 iScsiPrt - ok 20:40:52.0071 3348 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 20:40:52.0071 3348 iteatapi - ok 20:40:52.0087 3348 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 20:40:52.0087 3348 iteraid - ok 20:40:52.0102 3348 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:40:52.0102 3348 kbdclass - ok 20:40:52.0118 3348 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:40:52.0118 3348 kbdhid - ok 20:40:52.0133 3348 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 20:40:52.0149 3348 KeyIso - ok 20:40:52.0196 3348 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:40:52.0196 3348 KSecDD - ok 20:40:52.0227 3348 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 20:40:52.0227 3348 KtmRm - ok 20:40:52.0258 3348 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 20:40:52.0258 3348 LanmanServer - ok 20:40:52.0289 3348 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:40:52.0289 3348 LanmanWorkstation - ok 20:40:52.0321 3348 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:40:52.0321 3348 lltdio - ok 20:40:52.0336 3348 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:40:52.0336 3348 lltdsvc - ok 20:40:52.0336 3348 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:40:52.0336 3348 lmhosts - ok 20:40:52.0352 3348 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:40:52.0367 3348 LSI_FC - ok 20:40:52.0383 3348 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:40:52.0383 3348 LSI_SAS - ok 20:40:52.0383 3348 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:40:52.0383 3348 LSI_SCSI - ok 20:40:52.0399 3348 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 20:40:52.0399 3348 luafv - ok 20:40:52.0461 3348 [ D6767D36902E4B9F9EBB2DDD3BBF1A35 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys 20:40:52.0461 3348 mbamchameleon - ok 20:40:52.0477 3348 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 20:40:52.0477 3348 MBAMProtector - ok 20:40:52.0492 3348 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 20:40:52.0508 3348 MBAMScheduler - ok 20:40:52.0523 3348 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:40:52.0539 3348 MBAMService - ok 20:40:52.0555 3348 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:40:52.0555 3348 Mcx2Svc - ok 20:40:52.0570 3348 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 20:40:52.0570 3348 megasas - ok 20:40:52.0601 3348 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 20:40:52.0601 3348 MegaSR - ok 20:40:52.0757 3348 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 20:40:52.0757 3348 Microsoft Office Groove Audit Service - ok 20:40:52.0789 3348 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 20:40:52.0789 3348 MMCSS - ok 20:40:52.0820 3348 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 20:40:52.0835 3348 Modem - ok 20:40:52.0867 3348 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:40:52.0882 3348 monitor - ok 20:40:52.0945 3348 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:40:52.0945 3348 mouclass - ok 20:40:52.0960 3348 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:40:52.0960 3348 mouhid - ok 20:40:52.0960 3348 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 20:40:52.0960 3348 MountMgr - ok 20:40:53.0007 3348 [ 5D494509432897338AFC19DB78A76DCB ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 20:40:53.0007 3348 MozillaMaintenance - ok 20:40:53.0023 3348 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 20:40:53.0023 3348 mpio - ok 20:40:53.0038 3348 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:40:53.0038 3348 mpsdrv - ok 20:40:53.0054 3348 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 20:40:53.0069 3348 MpsSvc - ok 20:40:53.0085 3348 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 20:40:53.0085 3348 Mraid35x - ok 20:40:53.0101 3348 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:40:53.0101 3348 MRxDAV - ok 20:40:53.0116 3348 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:40:53.0116 3348 mrxsmb - ok 20:40:53.0132 3348 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:40:53.0132 3348 mrxsmb10 - ok 20:40:53.0147 3348 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:40:53.0147 3348 mrxsmb20 - ok 20:40:53.0179 3348 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 20:40:53.0179 3348 msahci - ok 20:40:53.0194 3348 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:40:53.0194 3348 msdsm - ok 20:40:53.0225 3348 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 20:40:53.0225 3348 MSDTC - ok 20:40:53.0241 3348 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:40:53.0241 3348 Msfs - ok 20:40:53.0257 3348 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:40:53.0257 3348 msisadrv - ok 20:40:53.0288 3348 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:40:53.0288 3348 MSiSCSI - ok 20:40:53.0288 3348 msiserver - ok 20:40:53.0303 3348 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:40:53.0303 3348 MSKSSRV - ok 20:40:53.0303 3348 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:40:53.0319 3348 MSPCLOCK - ok 20:40:53.0335 3348 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:40:53.0335 3348 MSPQM - ok 20:40:53.0366 3348 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:40:53.0366 3348 MsRPC - ok 20:40:53.0381 3348 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:40:53.0381 3348 mssmbios - ok 20:40:53.0381 3348 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:40:53.0381 3348 MSTEE - ok 20:40:53.0428 3348 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 20:40:53.0428 3348 Mup - ok 20:40:53.0444 3348 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 20:40:53.0444 3348 napagent - ok 20:40:53.0459 3348 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:40:53.0475 3348 NativeWifiP - ok 20:40:53.0491 3348 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:40:53.0506 3348 NDIS - ok 20:40:53.0506 3348 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:40:53.0506 3348 NdisTapi - ok 20:40:53.0522 3348 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:40:53.0522 3348 Ndisuio - ok 20:40:53.0569 3348 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:40:53.0569 3348 NdisWan - ok 20:40:53.0584 3348 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:40:53.0600 3348 NDProxy - ok 20:40:53.0615 3348 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 20:40:53.0631 3348 Net Driver HPZ12 - ok 20:40:53.0647 3348 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:40:53.0647 3348 NetBIOS - ok 20:40:53.0662 3348 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 20:40:53.0662 3348 netbt - ok 20:40:53.0678 3348 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 20:40:53.0678 3348 Netlogon - ok 20:40:53.0693 3348 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 20:40:53.0693 3348 Netman - ok 20:40:53.0709 3348 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 20:40:53.0709 3348 netprofm - ok 20:40:53.0725 3348 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:40:53.0725 3348 NetTcpPortSharing - ok 20:40:53.0756 3348 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:40:53.0756 3348 nfrd960 - ok 20:40:53.0771 3348 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:40:53.0771 3348 NlaSvc - ok 20:40:53.0818 3348 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\Windows\system32\drivers\npf.sys 20:40:53.0818 3348 NPF - ok 20:40:53.0834 3348 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:40:53.0834 3348 Npfs - ok 20:40:53.0849 3348 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 20:40:53.0849 3348 nsi - ok 20:40:53.0865 3348 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:40:53.0865 3348 nsiproxy - ok 20:40:53.0896 3348 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:40:53.0912 3348 Ntfs - ok 20:40:53.0927 3348 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 20:40:53.0927 3348 ntrigdigi - ok 20:40:53.0943 3348 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 20:40:53.0943 3348 Null - ok 20:40:53.0974 3348 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:40:53.0974 3348 nvraid - ok 20:40:53.0974 3348 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:40:53.0990 3348 nvstor - ok 20:40:54.0005 3348 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:40:54.0005 3348 nv_agp - ok 20:40:54.0021 3348 NwlnkFlt - ok 20:40:54.0021 3348 NwlnkFwd - ok 20:40:54.0099 3348 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:40:54.0115 3348 odserv - ok 20:40:54.0115 3348 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 20:40:54.0130 3348 ohci1394 - ok 20:40:54.0146 3348 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:40:54.0146 3348 ose - ok 20:40:54.0177 3348 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 20:40:54.0177 3348 p2pimsvc - ok 20:40:54.0193 3348 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 20:40:54.0208 3348 p2psvc - ok 20:40:54.0224 3348 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 20:40:54.0224 3348 Parport - ok 20:40:54.0255 3348 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:40:54.0271 3348 partmgr - ok 20:40:54.0286 3348 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 20:40:54.0286 3348 Parvdm - ok 20:40:54.0286 3348 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 20:40:54.0302 3348 PcaSvc - ok 20:40:54.0333 3348 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 20:40:54.0333 3348 pci - ok 20:40:54.0349 3348 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 20:40:54.0349 3348 pciide - ok 20:40:54.0364 3348 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:40:54.0364 3348 pcmcia - ok 20:40:54.0380 3348 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:40:54.0411 3348 PEAUTH - ok 20:40:54.0442 3348 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 20:40:54.0473 3348 pla - ok 20:40:54.0489 3348 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:40:54.0505 3348 PlugPlay - ok 20:40:54.0520 3348 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 20:40:54.0520 3348 Pml Driver HPZ12 - ok 20:40:54.0536 3348 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 20:40:54.0536 3348 PNRPAutoReg - ok 20:40:54.0567 3348 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 20:40:54.0567 3348 PNRPsvc - ok 20:40:54.0614 3348 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:40:54.0614 3348 PolicyAgent - ok 20:40:54.0645 3348 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:40:54.0645 3348 PptpMiniport - ok 20:40:54.0661 3348 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 20:40:54.0676 3348 Processor - ok 20:40:54.0707 3348 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 20:40:54.0723 3348 ProfSvc - ok 20:40:54.0723 3348 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 20:40:54.0723 3348 ProtectedStorage - ok 20:40:54.0739 3348 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 20:40:54.0754 3348 PSched - ok 20:40:54.0863 3348 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:40:54.0863 3348 ql2300 - ok 20:40:54.0895 3348 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:40:54.0895 3348 ql40xx - ok 20:40:54.0910 3348 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 20:40:54.0910 3348 QWAVE - ok 20:40:54.0926 3348 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:40:54.0926 3348 QWAVEdrv - ok 20:40:55.0082 3348 [ AB51E1F08C8E789D6C9E8B94D15BE9A9 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys 20:40:55.0082 3348 RapportCerberus_59849 - ok 20:40:55.0160 3348 [ 9D52A4DEB9F28CC41EB61346E3808E4D ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 20:40:55.0160 3348 RapportEI - ok 20:40:55.0175 3348 [ 4136175FABB89CB493DF1D237DB50CF4 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys 20:40:55.0175 3348 RapportKELL - ok 20:40:55.0222 3348 [ 02396BD77121751A738444325E1F14E8 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 20:40:55.0222 3348 RapportMgmtService - ok 20:40:55.0269 3348 [ A9B99416DE6CADEE2D3C369B634F20F1 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 20:40:55.0285 3348 RapportPG - ok 20:40:55.0285 3348 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:40:55.0300 3348 RasAcd - ok 20:40:55.0300 3348 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 20:40:55.0300 3348 RasAuto - ok 20:40:55.0316 3348 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:40:55.0331 3348 Rasl2tp - ok 20:40:55.0363 3348 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 20:40:55.0378 3348 RasMan - ok 20:40:55.0394 3348 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:40:55.0394 3348 RasPppoe - ok 20:40:55.0425 3348 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:40:55.0425 3348 RasSstp - ok 20:40:55.0456 3348 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:40:55.0456 3348 rdbss - ok 20:40:55.0456 3348 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:40:55.0472 3348 RDPCDD - ok 20:40:55.0487 3348 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 20:40:55.0487 3348 rdpdr - ok 20:40:55.0503 3348 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:40:55.0503 3348 RDPENCDD - ok 20:40:55.0519 3348 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:40:55.0519 3348 RDPWD - ok 20:40:55.0550 3348 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:40:55.0550 3348 RemoteAccess - ok 20:40:55.0565 3348 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:40:55.0565 3348 RemoteRegistry - ok 20:40:55.0581 3348 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 20:40:55.0581 3348 RpcLocator - ok 20:40:55.0597 3348 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 20:40:55.0597 3348 RpcSs - ok 20:40:55.0612 3348 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:40:55.0612 3348 rspndr - ok 20:40:55.0643 3348 [ 1AA29238D4B14F4A20B2C4AAEA6E0F6E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys 20:40:55.0643 3348 RTHDMIAzAudService - ok 20:40:55.0659 3348 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 20:40:55.0675 3348 RTL8169 - ok 20:40:55.0675 3348 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 20:40:55.0675 3348 SamSs - ok 20:40:55.0690 3348 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:40:55.0706 3348 sbp2port - ok 20:40:55.0721 3348 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:40:55.0737 3348 SCardSvr - ok 20:40:55.0753 3348 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 20:40:55.0768 3348 Schedule - ok 20:40:55.0768 3348 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:40:55.0768 3348 SCPolicySvc - ok 20:40:55.0784 3348 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:40:55.0799 3348 SDRSVC - ok 20:40:55.0799 3348 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:40:55.0799 3348 secdrv - ok 20:40:55.0815 3348 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 20:40:55.0831 3348 seclogon - ok 20:40:55.0846 3348 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 20:40:55.0846 3348 SENS - ok 20:40:55.0862 3348 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 20:40:55.0862 3348 Serenum - ok 20:40:55.0893 3348 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 20:40:55.0893 3348 Serial - ok 20:40:55.0893 3348 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:40:55.0893 3348 sermouse - ok 20:40:55.0940 3348 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 20:40:55.0940 3348 SessionEnv - ok 20:40:55.0955 3348 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:40:55.0971 3348 sffdisk - ok 20:40:55.0987 3348 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:40:55.0987 3348 sffp_mmc - ok 20:40:56.0018 3348 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:40:56.0018 3348 sffp_sd - ok 20:40:56.0033 3348 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:40:56.0033 3348 sfloppy - ok 20:40:56.0065 3348 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:40:56.0065 3348 SharedAccess - ok 20:40:56.0111 3348 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:40:56.0111 3348 ShellHWDetection - ok 20:40:56.0127 3348 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 20:40:56.0143 3348 sisagp - ok 20:40:56.0158 3348 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 20:40:56.0158 3348 SiSRaid2 - ok 20:40:56.0174 3348 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:40:56.0174 3348 SiSRaid4 - ok 20:40:56.0267 3348 [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 20:40:56.0299 3348 Skype C2C Service - ok 20:40:56.0361 3348 [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 20:40:56.0377 3348 SkypeUpdate - ok 20:40:56.0439 3348 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 20:40:56.0455 3348 slsvc - ok 20:40:56.0486 3348 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 20:40:56.0486 3348 SLUINotify - ok 20:40:56.0517 3348 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:40:56.0517 3348 Smb - ok 20:40:56.0533 3348 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:40:56.0533 3348 SNMPTRAP - ok 20:40:56.0548 3348 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 20:40:56.0564 3348 spldr - ok 20:40:56.0564 3348 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 20:40:56.0579 3348 Spooler - ok 20:40:56.0595 3348 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:40:56.0595 3348 srv - ok 20:40:56.0611 3348 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:40:56.0611 3348 srv2 - ok 20:40:56.0626 3348 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:40:56.0626 3348 srvnet - ok 20:40:56.0673 3348 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:40:56.0673 3348 SSDPSRV - ok 20:40:56.0689 3348 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:40:56.0689 3348 SstpSvc - ok 20:40:56.0720 3348 [ D2C02234E3E87EA5FE420F045068099B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 20:40:56.0720 3348 ssudmdm - ok 20:40:56.0751 3348 [ E97F09A7EC9C45B7060FE45BC620766C ] ssudserd C:\Windows\system32\DRIVERS\ssudserd.sys 20:40:56.0767 3348 ssudserd - ok 20:40:56.0782 3348 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 20:40:56.0798 3348 stisvc - ok 20:40:56.0813 3348 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:40:56.0813 3348 swenum - ok 20:40:56.0845 3348 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 20:40:56.0845 3348 swprv - ok 20:40:56.0860 3348 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 20:40:56.0876 3348 Symc8xx - ok 20:40:56.0876 3348 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 20:40:56.0876 3348 Sym_hi - ok 20:40:56.0907 3348 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 20:40:56.0907 3348 Sym_u3 - ok 20:40:56.0954 3348 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 20:40:56.0954 3348 SysMain - ok 20:40:56.0969 3348 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:40:56.0969 3348 TabletInputService - ok 20:40:57.0016 3348 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:40:57.0016 3348 TapiSrv - ok 20:40:57.0032 3348 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 20:40:57.0032 3348 TBS - ok 20:40:57.0110 3348 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:40:57.0110 3348 Tcpip - ok 20:40:57.0157 3348 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 20:40:57.0157 3348 Tcpip6 - ok 20:40:57.0172 3348 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:40:57.0188 3348 tcpipreg - ok 20:40:57.0188 3348 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:40:57.0203 3348 TDPIPE - ok 20:40:57.0203 3348 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:40:57.0203 3348 TDTCP - ok 20:40:57.0235 3348 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:40:57.0235 3348 tdx - ok 20:40:57.0235 3348 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:40:57.0235 3348 TermDD - ok 20:40:57.0266 3348 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 20:40:57.0266 3348 TermService - ok 20:40:57.0297 3348 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 20:40:57.0313 3348 Themes - ok 20:40:57.0313 3348 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 20:40:57.0313 3348 THREADORDER - ok 20:40:57.0328 3348 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 20:40:57.0344 3348 TrkWks - ok 20:40:57.0375 3348 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:40:57.0375 3348 TrustedInstaller - ok 20:40:57.0375 3348 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:40:57.0391 3348 tssecsrv - ok 20:40:57.0391 3348 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 20:40:57.0391 3348 tunmp - ok 20:40:57.0406 3348 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:40:57.0406 3348 tunnel - ok 20:40:57.0422 3348 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:40:57.0422 3348 uagp35 - ok 20:40:57.0453 3348 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:40:57.0453 3348 udfs - ok 20:40:57.0469 3348 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:40:57.0484 3348 UI0Detect - ok 20:40:57.0484 3348 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:40:57.0500 3348 uliagpkx - ok 20:40:57.0515 3348 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 20:40:57.0515 3348 uliahci - ok 20:40:57.0531 3348 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 20:40:57.0531 3348 UlSata - ok 20:40:57.0547 3348 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 20:40:57.0547 3348 ulsata2 - ok 20:40:57.0547 3348 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:40:57.0547 3348 umbus - ok 20:40:57.0578 3348 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 20:40:57.0578 3348 upnphost - ok 20:40:57.0609 3348 [ 1114579556DB85E9FAF9590DBC64CD62 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:40:57.0609 3348 usbaudio - ok 20:40:57.0640 3348 [ AAB0B5F72D2D726FBFDC895A2902DE1D ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:40:57.0640 3348 usbccgp - ok 20:40:57.0656 3348 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:40:57.0656 3348 usbcir - ok 20:40:57.0656 3348 [ 153E8515CB86F8BB5D1A8B478EBF4BB2 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:40:57.0656 3348 usbehci - ok 20:40:57.0671 3348 [ 2AE6BCEBD85D31317E433733DAF25888 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:40:57.0671 3348 usbhub - ok 20:40:57.0687 3348 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:40:57.0687 3348 usbohci - ok 20:40:57.0718 3348 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:40:57.0718 3348 usbprint - ok 20:40:57.0749 3348 [ 1D714B8497CD68307806D5D3F60A5169 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:40:57.0765 3348 usbscan - ok 20:40:57.0781 3348 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:40:57.0796 3348 USBSTOR - ok 20:40:57.0796 3348 [ 44056325428A8E4C755830426E29878F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:40:57.0796 3348 usbuhci - ok 20:40:57.0812 3348 [ 73FF24E21B690625A58109637DDA0DF7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 20:40:57.0812 3348 usbvideo - ok 20:40:57.0874 3348 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys 20:40:57.0874 3348 usb_rndisx - ok 20:40:57.0890 3348 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 20:40:57.0890 3348 UxSms - ok 20:40:57.0921 3348 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 20:40:57.0921 3348 vds - ok 20:40:57.0937 3348 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:40:58.0046 3348 vga - ok 20:40:58.0077 3348 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 20:40:58.0077 3348 VgaSave - ok 20:40:58.0108 3348 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 20:40:58.0124 3348 viaagp - ok 20:40:58.0155 3348 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 20:40:58.0155 3348 ViaC7 - ok 20:40:58.0171 3348 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 20:40:58.0171 3348 viaide - ok 20:40:58.0171 3348 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:40:58.0186 3348 volmgr - ok 20:40:58.0202 3348 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:40:58.0202 3348 volmgrx - ok 20:40:58.0233 3348 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:40:58.0249 3348 volsnap - ok 20:40:58.0264 3348 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:40:58.0264 3348 vsmraid - ok 20:40:58.0295 3348 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 20:40:58.0311 3348 VSS - ok 20:40:58.0327 3348 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 20:40:58.0342 3348 W32Time - ok 20:40:58.0342 3348 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:40:58.0358 3348 WacomPen - ok 20:40:58.0358 3348 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 20:40:58.0358 3348 Wanarp - ok 20:40:58.0358 3348 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:40:58.0373 3348 Wanarpv6 - ok 20:40:58.0389 3348 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:40:58.0389 3348 wcncsvc - ok 20:40:58.0420 3348 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:40:58.0420 3348 WcsPlugInService - ok 20:40:58.0436 3348 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 20:40:58.0436 3348 Wd - ok 20:40:58.0467 3348 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:40:58.0483 3348 Wdf01000 - ok 20:40:58.0483 3348 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:40:58.0498 3348 WdiServiceHost - ok 20:40:58.0498 3348 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:40:58.0498 3348 WdiSystemHost - ok 20:40:58.0529 3348 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 20:40:58.0529 3348 WebClient - ok 20:40:58.0545 3348 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:40:58.0545 3348 Wecsvc - ok 20:40:58.0576 3348 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:40:58.0576 3348 wercplsupport - ok 20:40:58.0607 3348 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 20:40:58.0607 3348 WerSvc - ok 20:40:58.0639 3348 [ B9188CC0868C72F43261128E5BA7266D ] WinAgentsTftpService4 C:\Program Files\Common Files\WinAgents\TftpService.exe 20:40:58.0639 3348 WinAgentsTftpService4 - ok 20:40:58.0670 3348 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 20:40:58.0670 3348 WinDefend - ok 20:40:58.0685 3348 WinHttpAutoProxySvc - ok 20:40:58.0732 3348 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:40:58.0732 3348 Winmgmt - ok 20:40:58.0763 3348 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 20:40:58.0779 3348 WinRM - ok 20:40:58.0826 3348 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys 20:40:58.0841 3348 WinUSB - ok 20:40:58.0857 3348 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:40:58.0857 3348 Wlansvc - ok 20:40:58.0873 3348 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:40:58.0873 3348 WmiAcpi - ok 20:40:58.0904 3348 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:40:58.0904 3348 wmiApSrv - ok 20:40:58.0951 3348 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 20:40:58.0951 3348 WMPNetworkSvc - ok 20:40:58.0982 3348 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:40:58.0982 3348 WPCSvc - ok 20:40:59.0013 3348 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:40:59.0013 3348 WPDBusEnum - ok 20:40:59.0044 3348 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 20:40:59.0044 3348 WpdUsb - ok 20:40:59.0122 3348 [ 7CAEC4665452072662496CFCCAB727E2 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:40:59.0122 3348 WPFFontCache_v0400 - ok 20:40:59.0138 3348 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:40:59.0153 3348 ws2ifsl - ok 20:40:59.0185 3348 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 20:40:59.0185 3348 wscsvc - ok 20:40:59.0185 3348 WSearch - ok 20:40:59.0231 3348 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 20:40:59.0247 3348 wuauserv - ok 20:40:59.0278 3348 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:40:59.0278 3348 WudfPf - ok 20:40:59.0294 3348 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:40:59.0294 3348 WUDFRd - ok 20:40:59.0325 3348 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:40:59.0325 3348 wudfsvc - ok 20:40:59.0341 3348 ================ Scan global =============================== 20:40:59.0403 3348 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 20:40:59.0434 3348 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 20:40:59.0434 3348 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 20:40:59.0481 3348 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 20:40:59.0481 3348 [Global] - ok 20:40:59.0481 3348 ================ Scan MBR ================================== 20:40:59.0497 3348 [ A653B30D987352BB248DF094454B1CB6 ] \Device\Harddisk0\DR0 20:40:59.0840 3348 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning 20:40:59.0840 3348 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1) 20:40:59.0840 3348 ================ Scan VBR ================================== 20:40:59.0840 3348 [ 3A1A54D051FC2F4F63AA24417D229D15 ] \Device\Harddisk0\DR0\Partition1 20:40:59.0840 3348 \Device\Harddisk0\DR0\Partition1 - ok 20:40:59.0855 3348 [ 1D202433F64532632F3219D268EF008F ] \Device\Harddisk0\DR0\Partition2 20:40:59.0855 3348 \Device\Harddisk0\DR0\Partition2 - ok 20:40:59.0855 3348 [ A848A3832AFEB869A6853E2CE5241062 ] \Device\Harddisk0\DR0\Partition3 20:40:59.0871 3348 \Device\Harddisk0\DR0\Partition3 - ok 20:40:59.0887 3348 [ B9438ABE204B56248B911B26B5BFEC36 ] \Device\Harddisk0\DR0\Partition4 20:40:59.0887 3348 \Device\Harddisk0\DR0\Partition4 - ok 20:40:59.0887 3348 ============================================================ 20:40:59.0887 3348 Scan finished 20:40:59.0887 3348 ============================================================ 20:40:59.0887 4800 Detected object count: 1 20:40:59.0887 4800 Actual detected object count: 1 20:41:47.0030 4800 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user 20:41:47.0030 4800 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip
-
GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-06 19:47:17 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4B 931.51GB Running: dvllpswz.exe; Driver: C:\Users\John\AppData\Local\Temp\kwtdypog.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x91D173F0] SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ZwClose [0x914F68A0] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x91D156F0] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x91D16190] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x91D18EC0] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x91D18F60] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x91D19330] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x914015D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x91401700] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x91D15FA0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x91401010] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x91D17A20] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x91D17C50] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x91D191E0] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x91D19020] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x91D190C0] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x91D19150] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x91D17300] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x91D16330] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x91D18D80] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x91401300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x914013E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x91401120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x91401210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x914014D0] SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ZwCreateThreadEx [0x914F71E0] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy119.gthr Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber 120 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----