dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
4166
share rss forum feed


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5
reply to Michele

Re: [Trojan] Trojan.Agent Trouble

The RogueKiller log is fine.

In TDSSKiller, was it still just one suspicious item found? Please re-run TDSSKiller again, and this time instead of Skip select Cure. It's still detecting the TDSS File System.

Please post the new TDSSKiller log.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Michele

@comcast.net
Okay - I ran TDSSKiller again and I have two questions. After I ran the program, it found 1 suspicious object, medium risk, and the choices are only: Skip, Copy to Quarantine and Delete. Which one of those should I choose? Also the last thing I ran yesterday was the Roguekiller and copied the log here, but when I was closing it, it asked me did I really want to close without deleting. Did I want to delete? Because I wasn't sure, so I didn't. Thanks for hanging in there with me.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5
said by Michele :

Okay - I ran TDSSKiller again and I have two questions. After I ran the program, it found 1 suspicious object, medium risk, and the choices are only: Skip, Copy to Quarantine and Delete.

Rerun TDSSKiller, and on the detection chose Copy to Quarantine.
Please post the new TDSSKiller log and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Michele

@comcast.net
TDSSKiller report part 1

21:21:25.0098 3900 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:21:25.0488 3900 ============================================================
21:21:25.0488 3900 Current date / time: 2013/02/17 21:21:25.0488
21:21:25.0488 3900 SystemInfo:
21:21:25.0488 3900
21:21:25.0488 3900 OS Version: 6.1.7601 ServicePack: 1.0
21:21:25.0488 3900 Product type: Workstation
21:21:25.0488 3900 ComputerName: JOSH-HP
21:21:25.0488 3900 UserName: Josh
21:21:25.0488 3900 Windows directory: C:\Windows
21:21:25.0488 3900 System windows directory: C:\Windows
21:21:25.0488 3900 Running under WOW64
21:21:25.0488 3900 Processor architecture: Intel x64
21:21:25.0488 3900 Number of processors: 4
21:21:25.0488 3900 Page size: 0x1000
21:21:25.0488 3900 Boot type: Normal boot
21:21:25.0488 3900 ============================================================
21:21:25.0924 3900 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:21:26.0377 3900 ============================================================
21:21:26.0377 3900 \Device\Harddisk0\DR0:
21:21:26.0392 3900 MBR partitions:
21:21:26.0392 3900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:21:26.0392 3900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55840800
21:21:26.0392 3900 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x558A4800, BlocksNum 0x1C6E000
21:21:26.0392 3900 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
21:21:26.0392 3900 ============================================================
21:21:26.0408 3900 C: \Device\Harddisk0\DR0\Partition2
21:21:26.0455 3900 D: \Device\Harddisk0\DR0\Partition3
21:21:26.0470 3900 F: \Device\Harddisk0\DR0\Partition4
21:21:26.0470 3900 ============================================================
21:21:26.0470 3900 Initialize success
21:21:26.0470 3900 ============================================================
21:21:39.0418 3012 ============================================================
21:21:39.0418 3012 Scan started
21:21:39.0418 3012 Mode: Manual; TDLFS;
21:21:39.0418 3012 ============================================================
21:21:39.0964 3012 ================ Scan system memory ========================
21:21:39.0964 3012 System memory - ok
21:21:39.0964 3012 ================ Scan services =============================
21:21:40.0152 3012 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:21:40.0152 3012 1394ohci - ok
21:21:40.0183 3012 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
21:21:40.0183 3012 Accelerometer - ok
21:21:40.0230 3012 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:21:40.0230 3012 ACPI - ok
21:21:40.0261 3012 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:21:40.0261 3012 AcpiPmi - ok
21:21:40.0370 3012 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:21:40.0386 3012 AdobeARMservice - ok
21:21:40.0432 3012 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:21:40.0448 3012 adp94xx - ok
21:21:40.0495 3012 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:21:40.0495 3012 adpahci - ok
21:21:40.0510 3012 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:21:40.0510 3012 adpu320 - ok
21:21:40.0542 3012 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:21:40.0542 3012 AeLookupSvc - ok
21:21:40.0635 3012 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
21:21:40.0635 3012 AESTFilters - ok
21:21:40.0682 3012 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:21:40.0682 3012 AFD - ok
21:21:40.0729 3012 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:21:40.0729 3012 agp440 - ok
21:21:40.0760 3012 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:21:40.0760 3012 ALG - ok
21:21:40.0807 3012 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:21:40.0807 3012 aliide - ok
21:21:40.0822 3012 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:21:40.0822 3012 amdide - ok
21:21:40.0854 3012 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:21:40.0854 3012 AmdK8 - ok
21:21:40.0869 3012 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:21:40.0869 3012 AmdPPM - ok
21:21:40.0900 3012 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:21:40.0916 3012 amdsata - ok
21:21:40.0932 3012 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:21:40.0932 3012 amdsbs - ok
21:21:40.0963 3012 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:21:40.0963 3012 amdxata - ok
21:21:41.0056 3012 [ 1E7B61301E75B734BC2D60DB0E15183B ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
21:21:41.0056 3012 Amsp - ok
21:21:41.0103 3012 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:21:41.0119 3012 AppID - ok
21:21:41.0134 3012 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:21:41.0134 3012 AppIDSvc - ok
21:21:41.0150 3012 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:21:41.0150 3012 Appinfo - ok
21:21:41.0166 3012 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:21:41.0166 3012 arc - ok
21:21:41.0197 3012 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:21:41.0197 3012 arcsas - ok
21:21:41.0228 3012 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:21:41.0228 3012 AsyncMac - ok
21:21:41.0228 3012 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:21:41.0228 3012 atapi - ok
21:21:41.0275 3012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:21:41.0275 3012 AudioEndpointBuilder - ok
21:21:41.0290 3012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:21:41.0290 3012 AudioSrv - ok
21:21:41.0322 3012 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:21:41.0322 3012 AxInstSV - ok
21:21:41.0353 3012 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:21:41.0353 3012 b06bdrv - ok
21:21:41.0384 3012 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:21:41.0384 3012 b57nd60a - ok
21:21:41.0493 3012 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
21:21:41.0493 3012 BBSvc - ok
21:21:41.0524 3012 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
21:21:41.0524 3012 BBUpdate - ok
21:21:41.0618 3012 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:21:41.0634 3012 BCM43XX - ok
21:21:41.0680 3012 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:21:41.0680 3012 BDESVC - ok
21:21:41.0712 3012 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:21:41.0712 3012 Beep - ok
21:21:41.0758 3012 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:21:41.0758 3012 BFE - ok
21:21:41.0805 3012 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:21:41.0821 3012 BITS - ok
21:21:41.0852 3012 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:21:41.0852 3012 blbdrive - ok
21:21:41.0883 3012 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:21:41.0883 3012 bowser - ok
21:21:41.0914 3012 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:21:41.0914 3012 BrFiltLo - ok
21:21:41.0946 3012 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:21:41.0946 3012 BrFiltUp - ok
21:21:41.0977 3012 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:21:41.0977 3012 Browser - ok
21:21:41.0992 3012 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:21:41.0992 3012 Brserid - ok
21:21:42.0008 3012 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:21:42.0008 3012 BrSerWdm - ok
21:21:42.0039 3012 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:21:42.0039 3012 BrUsbMdm - ok
21:21:42.0070 3012 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:21:42.0070 3012 BrUsbSer - ok
21:21:42.0070 3012 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:21:42.0070 3012 BTHMODEM - ok
21:21:42.0117 3012 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:21:42.0117 3012 bthserv - ok
21:21:42.0164 3012 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:21:42.0164 3012 cdfs - ok
21:21:42.0211 3012 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:21:42.0211 3012 cdrom - ok
21:21:42.0242 3012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:21:42.0242 3012 CertPropSvc - ok
21:21:42.0273 3012 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:21:42.0273 3012 circlass - ok
21:21:42.0289 3012 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:21:42.0289 3012 CLFS - ok
21:21:42.0351 3012 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
21:21:42.0351 3012 CLKMSVC10_38F51D56 - ok
21:21:42.0445 3012 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:21:42.0445 3012 clr_optimization_v2.0.50727_32 - ok
21:21:42.0492 3012 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:21:42.0492 3012 clr_optimization_v2.0.50727_64 - ok
21:21:42.0570 3012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:21:42.0570 3012 clr_optimization_v4.0.30319_32 - ok
21:21:42.0616 3012 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:21:42.0616 3012 clr_optimization_v4.0.30319_64 - ok
21:21:42.0632 3012 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
21:21:42.0632 3012 clwvd - ok
21:21:42.0679 3012 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:21:42.0679 3012 CmBatt - ok
21:21:42.0694 3012 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:21:42.0694 3012 cmdide - ok
21:21:42.0757 3012 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
21:21:42.0757 3012 CNG - ok
21:21:42.0788 3012 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:21:42.0788 3012 Compbatt - ok
21:21:42.0819 3012 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:21:42.0819 3012 CompositeBus - ok
21:21:42.0835 3012 COMSysApp - ok
21:21:42.0835 3012 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:21:42.0835 3012 crcdisk - ok
21:21:42.0882 3012 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:21:42.0882 3012 CryptSvc - ok
21:21:42.0913 3012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:21:42.0928 3012 DcomLaunch - ok
21:21:42.0944 3012 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:21:42.0944 3012 defragsvc - ok
21:21:42.0991 3012 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:21:42.0991 3012 DfsC - ok
21:21:43.0022 3012 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:21:43.0022 3012 Dhcp - ok
21:21:43.0038 3012 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:21:43.0038 3012 discache - ok
21:21:43.0069 3012 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:21:43.0069 3012 Disk - ok
21:21:43.0116 3012 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:21:43.0116 3012 Dnscache - ok
21:21:43.0131 3012 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:21:43.0131 3012 dot3svc - ok
21:21:43.0147 3012 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:21:43.0147 3012 DPS - ok
21:21:43.0178 3012 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:21:43.0178 3012 drmkaud - ok
21:21:43.0225 3012 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:21:43.0225 3012 DXGKrnl - ok
21:21:43.0272 3012 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:21:43.0272 3012 EapHost - ok
21:21:43.0381 3012 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:21:43.0396 3012 ebdrv - ok
21:21:43.0428 3012 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:21:43.0443 3012 EFS - ok
21:21:43.0490 3012 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:21:43.0490 3012 ehRecvr - ok
21:21:43.0506 3012 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:21:43.0506 3012 ehSched - ok
21:21:43.0552 3012 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:21:43.0552 3012 elxstor - ok
21:21:43.0568 3012 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:21:43.0568 3012 ErrDev - ok
21:21:43.0615 3012 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:21:43.0615 3012 EventSystem - ok
21:21:43.0646 3012 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:21:43.0646 3012 exfat - ok
21:21:43.0662 3012 ezSharedSvc - ok
21:21:43.0677 3012 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:21:43.0677 3012 fastfat - ok
21:21:43.0724 3012 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:21:43.0724 3012 Fax - ok
21:21:43.0755 3012 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:21:43.0755 3012 fdc - ok
21:21:43.0771 3012 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:21:43.0771 3012 fdPHost - ok
21:21:43.0786 3012 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:21:43.0786 3012 FDResPub - ok
21:21:43.0802 3012 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:21:43.0802 3012 FileInfo - ok
21:21:43.0818 3012 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:21:43.0833 3012 Filetrace - ok
21:21:43.0849 3012 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:21:43.0849 3012 flpydisk - ok
21:21:43.0880 3012 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:21:43.0880 3012 FltMgr - ok
21:21:43.0911 3012 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:21:43.0927 3012 FontCache - ok
21:21:43.0989 3012 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:21:43.0989 3012 FontCache3.0.0.0 - ok
21:21:44.0052 3012 [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
21:21:44.0052 3012 FPLService - ok
21:21:44.0067 3012 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:21:44.0067 3012 FsDepends - ok
21:21:44.0098 3012 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:21:44.0098 3012 Fs_Rec - ok
21:21:44.0114 3012 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:21:44.0130 3012 fvevol - ok
21:21:44.0161 3012 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:21:44.0161 3012 gagp30kx - ok
21:21:44.0254 3012 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:21:44.0254 3012 GamesAppService - ok
21:21:44.0301 3012 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:21:44.0301 3012 gpsvc - ok
21:21:44.0379 3012 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:21:44.0379 3012 gupdate - ok
21:21:44.0379 3012 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:21:44.0379 3012 gupdatem - ok
21:21:44.0426 3012 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:21:44.0426 3012 gusvc - ok
21:21:44.0442 3012 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:21:44.0442 3012 hcw85cir - ok
21:21:44.0488 3012 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:21:44.0488 3012 HdAudAddService - ok
21:21:44.0520 3012 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:21:44.0520 3012 HDAudBus - ok
21:21:44.0535 3012 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:21:44.0535 3012 HidBatt - ok
21:21:44.0551 3012 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:21:44.0551 3012 HidBth - ok
21:21:44.0566 3012 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:21:44.0566 3012 HidIr - ok
21:21:44.0598 3012 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:21:44.0598 3012 hidserv - ok
21:21:44.0613 3012 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:21:44.0613 3012 HidUsb - ok
21:21:44.0629 3012 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:21:44.0629 3012 hkmsvc - ok
21:21:44.0660 3012 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:21:44.0660 3012 HomeGroupListener - ok
21:21:44.0691 3012 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:21:44.0691 3012 HomeGroupProvider - ok
21:21:44.0769 3012 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:21:44.0769 3012 HP Support Assistant Service - ok
21:21:44.0800 3012 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:21:44.0816 3012 HPClientSvc - ok
21:21:44.0878 3012 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
21:21:44.0894 3012 hpCMSrv - ok
21:21:44.0972 3012 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:21:44.0972 3012 HPDrvMntSvc.exe - ok
21:21:45.0003 3012 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
21:21:45.0003 3012 hpdskflt - ok
21:21:45.0050 3012 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:21:45.0066 3012 hpqwmiex - ok
21:21:45.0081 3012 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:21:45.0081 3012 HpSAMD - ok
21:21:45.0112 3012 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
21:21:45.0112 3012 hpsrv - ok
21:21:45.0175 3012 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
21:21:45.0175 3012 HPWMISVC - ok
21:21:45.0222 3012 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:21:45.0222 3012 HTTP - ok
21:21:45.0237 3012 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:21:45.0237 3012 hwpolicy - ok
21:21:45.0284 3012 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:21:45.0284 3012 i8042prt - ok
21:21:45.0315 3012 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:21:45.0315 3012 iaStor - ok
21:21:45.0409 3012 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:21:45.0409 3012 IAStorDataMgrSvc - ok
21:21:45.0424 3012 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:21:45.0440 3012 iaStorV - ok
21:21:45.0518 3012 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
21:21:45.0534 3012 IconMan_R - ok
21:21:45.0580 3012 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe


Michele

@comcast.net
reply to TheJoker
TDSSKiller report part 2

21:21:45.0580 3012 idsvc - ok
21:21:45.0861 3012 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:21:45.0924 3012 igfx - ok
21:21:45.0955 3012 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:21:45.0955 3012 iirsp - ok
21:21:45.0986 3012 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:21:45.0986 3012 IKEEXT - ok
21:21:46.0033 3012 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:21:46.0033 3012 IntcDAud - ok
21:21:46.0064 3012 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:21:46.0064 3012 intelide - ok
21:21:46.0080 3012 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:21:46.0080 3012 intelppm - ok
21:21:46.0111 3012 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:21:46.0111 3012 IPBusEnum - ok
21:21:46.0158 3012 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:21:46.0158 3012 IpFilterDriver - ok
21:21:46.0204 3012 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:21:46.0204 3012 iphlpsvc - ok
21:21:46.0236 3012 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:21:46.0236 3012 IPMIDRV - ok
21:21:46.0251 3012 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:21:46.0251 3012 IPNAT - ok
21:21:46.0282 3012 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:21:46.0282 3012 IRENUM - ok
21:21:46.0298 3012 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:21:46.0298 3012 isapnp - ok
21:21:46.0329 3012 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:21:46.0329 3012 iScsiPrt - ok
21:21:46.0345 3012 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:21:46.0345 3012 kbdclass - ok
21:21:46.0376 3012 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:21:46.0376 3012 kbdhid - ok
21:21:46.0376 3012 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:21:46.0376 3012 KeyIso - ok
21:21:46.0423 3012 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:21:46.0423 3012 KSecDD - ok
21:21:46.0438 3012 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:21:46.0438 3012 KSecPkg - ok
21:21:46.0485 3012 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:21:46.0485 3012 ksthunk - ok
21:21:46.0516 3012 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:21:46.0516 3012 KtmRm - ok
21:21:46.0563 3012 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:21:46.0563 3012 LanmanServer - ok
21:21:46.0579 3012 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:21:46.0579 3012 LanmanWorkstation - ok
21:21:46.0610 3012 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:21:46.0610 3012 lltdio - ok
21:21:46.0641 3012 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:21:46.0641 3012 lltdsvc - ok
21:21:46.0672 3012 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:21:46.0672 3012 lmhosts - ok
21:21:46.0735 3012 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:21:46.0735 3012 LMS - ok
21:21:46.0750 3012 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:21:46.0750 3012 LSI_FC - ok
21:21:46.0782 3012 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:21:46.0782 3012 LSI_SAS - ok
21:21:46.0797 3012 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:21:46.0797 3012 LSI_SAS2 - ok
21:21:46.0828 3012 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:21:46.0828 3012 LSI_SCSI - ok
21:21:46.0875 3012 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:21:46.0875 3012 luafv - ok
21:21:46.0906 3012 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:21:46.0906 3012 MBAMProtector - ok
21:21:46.0984 3012 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:21:46.0984 3012 MBAMScheduler - ok
21:21:47.0000 3012 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:21:47.0016 3012 MBAMService - ok
21:21:47.0031 3012 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:21:47.0047 3012 Mcx2Svc - ok
21:21:47.0062 3012 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:21:47.0078 3012 megasas - ok
21:21:47.0094 3012 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:21:47.0094 3012 MegaSR - ok
21:21:47.0125 3012 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:21:47.0125 3012 MEIx64 - ok
21:21:47.0156 3012 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:21:47.0156 3012 MMCSS - ok
21:21:47.0172 3012 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:21:47.0172 3012 Modem - ok
21:21:47.0187 3012 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:21:47.0187 3012 monitor - ok
21:21:47.0203 3012 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:21:47.0203 3012 mouclass - ok
21:21:47.0234 3012 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
21:21:47.0234 3012 mouhid - ok
21:21:47.0265 3012 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:21:47.0265 3012 mountmgr - ok
21:21:47.0312 3012 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:21:47.0312 3012 MozillaMaintenance - ok
21:21:47.0328 3012 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:21:47.0343 3012 mpio - ok
21:21:47.0374 3012 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:21:47.0374 3012 mpsdrv - ok
21:21:47.0406 3012 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:21:47.0406 3012 MpsSvc - ok
21:21:47.0421 3012 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:21:47.0421 3012 MRxDAV - ok
21:21:47.0452 3012 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:47.0452 3012 mrxsmb - ok
21:21:47.0468 3012 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:47.0468 3012 mrxsmb10 - ok
21:21:47.0484 3012 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:47.0484 3012 mrxsmb20 - ok
21:21:47.0499 3012 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:21:47.0499 3012 msahci - ok
21:21:47.0515 3012 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:21:47.0515 3012 msdsm - ok
21:21:47.0546 3012 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:21:47.0546 3012 MSDTC - ok
21:21:47.0577 3012 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:21:47.0577 3012 Msfs - ok
21:21:47.0593 3012 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:21:47.0608 3012 mshidkmdf - ok
21:21:47.0608 3012 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:21:47.0608 3012 msisadrv - ok
21:21:47.0640 3012 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:21:47.0640 3012 MSiSCSI - ok
21:21:47.0640 3012 msiserver - ok
21:21:47.0671 3012 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:21:47.0671 3012 MSKSSRV - ok
21:21:47.0702 3012 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:47.0702 3012 MSPCLOCK - ok
21:21:47.0702 3012 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:21:47.0702 3012 MSPQM - ok
21:21:47.0718 3012 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:21:47.0718 3012 MsRPC - ok
21:21:47.0764 3012 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:21:47.0764 3012 mssmbios - ok
21:21:47.0796 3012 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:21:47.0796 3012 MSTEE - ok
21:21:47.0811 3012 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:21:47.0811 3012 MTConfig - ok
21:21:47.0811 3012 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:21:47.0811 3012 Mup - ok
21:21:47.0842 3012 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:21:47.0842 3012 napagent - ok
21:21:47.0905 3012 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:21:47.0905 3012 NativeWifiP - ok
21:21:47.0952 3012 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:21:47.0967 3012 NDIS - ok
21:21:47.0983 3012 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:21:47.0983 3012 NdisCap - ok
21:21:48.0014 3012 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:48.0014 3012 NdisTapi - ok
21:21:48.0030 3012 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:48.0030 3012 Ndisuio - ok
21:21:48.0045 3012 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:48.0045 3012 NdisWan - ok
21:21:48.0061 3012 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:21:48.0061 3012 NDProxy - ok
21:21:48.0092 3012 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:21:48.0092 3012 NetBIOS - ok
21:21:48.0108 3012 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:21:48.0108 3012 NetBT - ok
21:21:48.0123 3012 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:21:48.0123 3012 Netlogon - ok
21:21:48.0170 3012 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:21:48.0170 3012 Netman - ok
21:21:48.0186 3012 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:21:48.0186 3012 netprofm - ok
21:21:48.0217 3012 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:21:48.0217 3012 NetTcpPortSharing - ok
21:21:48.0248 3012 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:21:48.0248 3012 nfrd960 - ok
21:21:48.0295 3012 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:21:48.0295 3012 NlaSvc - ok
21:21:48.0310 3012 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:21:48.0310 3012 Npfs - ok
21:21:48.0342 3012 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:21:48.0342 3012 nsi - ok
21:21:48.0357 3012 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:21:48.0357 3012 nsiproxy - ok
21:21:48.0420 3012 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:21:48.0435 3012 Ntfs - ok
21:21:48.0451 3012 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:21:48.0451 3012 Null - ok
21:21:48.0498 3012 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:21:48.0498 3012 nusb3hub - ok
21:21:48.0529 3012 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:21:48.0544 3012 nusb3xhc - ok
21:21:48.0560 3012 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
21:21:48.0576 3012 NVENETFD - ok
21:21:48.0591 3012 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:21:48.0591 3012 nvraid - ok
21:21:48.0607 3012 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:21:48.0607 3012 nvstor - ok
21:21:48.0622 3012 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:21:48.0622 3012 nv_agp - ok
21:21:48.0654 3012 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:21:48.0654 3012 ohci1394 - ok
21:21:48.0716 3012 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:48.0716 3012 ose - ok
21:21:48.0872 3012 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:21:48.0903 3012 osppsvc - ok
21:21:48.0934 3012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:21:48.0934 3012 p2pimsvc - ok
21:21:48.0950 3012 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:21:48.0950 3012 p2psvc - ok
21:21:48.0966 3012 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:21:48.0966 3012 Parport - ok
21:21:49.0012 3012 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:21:49.0012 3012 partmgr - ok
21:21:49.0028 3012 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:21:49.0028 3012 PcaSvc - ok
21:21:49.0044 3012 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:21:49.0044 3012 pci - ok
21:21:49.0059 3012 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:21:49.0059 3012 pciide - ok
21:21:49.0090 3012 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:21:49.0106 3012 pcmcia - ok
21:21:49.0106 3012 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:21:49.0106 3012 pcw - ok
21:21:49.0137 3012 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:21:49.0137 3012 PEAUTH - ok
21:21:49.0200 3012 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:21:49.0200 3012 PerfHost - ok
21:21:49.0246 3012 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:21:49.0262 3012 pla - ok
21:21:49.0309 3012 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:21:49.0309 3012 PlugPlay - ok
21:21:49.0340 3012 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:21:49.0340 3012 PNRPAutoReg - ok
21:21:49.0356 3012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:21:49.0356 3012 PNRPsvc - ok
21:21:49.0387 3012 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:21:49.0387 3012 PolicyAgent - ok
21:21:49.0434 3012 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:21:49.0434 3012 Power - ok
21:21:49.0465 3012 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:21:49.0465 3012 PptpMiniport - ok
21:21:49.0480 3012 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:21:49.0480 3012 Processor - ok
21:21:49.0512 3012 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:21:49.0512 3012 ProfSvc - ok
21:21:49.0527 3012 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:21:49.0527 3012 ProtectedStorage - ok
21:21:49.0558 3012 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:21:49.0558 3012 Psched - ok
21:21:49.0605 3012 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:21:49.0621 3012 ql2300 - ok
21:21:49.0636 3012 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:21:49.0636 3012 ql40xx - ok
21:21:49.0652 3012 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:21:49.0668 3012 QWAVE - ok
21:21:49.0699 3012 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:21:49.0699 3012 QWAVEdrv - ok
21:21:49.0699 3012 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:21:49.0699 3012 RasAcd - ok
21:21:49.0730 3012 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:21:49.0730 3012 RasAgileVpn - ok
21:21:49.0777 3012 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:21:49.0777 3012 RasAuto - ok
21:21:49.0792 3012 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:49.0792 3012 Rasl2tp - ok
21:21:49.0792 3012 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:21:49.0808 3012 RasMan - ok
21:21:49.0824 3012 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:49.0824 3012 RasPppoe - ok
21:21:49.0839 3012 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:21:49.0839 3012 RasSstp - ok
21:21:49.0855 3012 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:21:49.0855 3012 rdbss - ok
21:21:49.0870 3012 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:21:49.0870 3012 rdpbus - ok
21:21:49.0886 3012 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:49.0886 3012 RDPCDD - ok
21:21:49.0902 3012 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:21:49.0902 3012 RDPENCDD - ok
21:21:49.0902 3012 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:21:49.0902 3012 RDPREFMP - ok
21:21:49.0948 3012 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:21:49.0948 3012 RdpVideoMiniport - ok
21:21:49.0980 3012 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:21:49.0980 3012 RDPWD - ok
21:21:50.0011 3012 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:21:50.0011 3012 rdyboost - ok
21:21:50.0042 3012 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:21:50.0042 3012 RemoteAccess - ok
21:21:50.0073 3012 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:21:50.0073 3012 RemoteRegistry - ok
21:21:50.0120 3012 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
21:21:50.0120 3012 RoxioNow Service - ok
21:21:50.0136 3012 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:21:50.0136 3012 RpcEptMapper - ok
21:21:50.0151 3012 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:21:50.0151 3012 RpcLocator - ok
21:21:50.0182 3012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:21:50.0182 3012 RpcSs - ok
21:21:50.0245 3012 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
21:21:50.0245 3012 RSPCIESTOR - ok
21:21:50.0276 3012 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:21:50.0276 3012 rspndr - ok
21:21:50.0307 3012 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:21:50.0307 3012 RTL8167 - ok
21:21:50.0307 3012 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:21:50.0323 3012 SamSs - ok
21:21:50.0338 3012 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:21:50.0338 3012 sbp2port - ok
21:21:50.0354 3012 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:21:50.0370 3012 SCardSvr - ok
21:21:50.0385 3012 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:21:50.0385 3012 scfilter - ok
21:21:50.0416 3012 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:21:50.0416 3012 Schedule - ok
21:21:50.0448 3012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:21:50.0448 3012 SCPolicySvc - ok
21:21:50.0463 3012 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:21:50.0479 3012 sdbus - ok
21:21:50.0494 3012 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:21:50.0494 3012 SDRSVC - ok
21:21:50.0510 3012 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:21:50.0510 3012 secdrv - ok
21:21:50.0526 3012 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:21:50.0526 3012 seclogon - ok
21:21:50.0557 3012 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:21:50.0557 3012 SENS - ok
21:21:50.0588 3012 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:21:50.0588 3012 SensrSvc - ok
21:21:50.0619 3012 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:21:50.0619 3012 Serenum - ok
21:21:50.0635 3012 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:21:50.0635 3012 Serial - ok
21:21:50.0666 3012 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:21:50.0666 3012 sermouse - ok
21:21:50.0697 3012 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:21:50.0697 3012 SessionEnv - ok
21:21:50.0728 3012 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:21:50.0728 3012 sffdisk - ok
21:21:50.0744 3012 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:21:50.0744 3012 sffp_mmc - ok
21:21:50.0760 3012 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:21:50.0760 3012 sffp_sd - ok
21:21:50.0775 3012 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:21:50.0775 3012 sfloppy - ok
21:21:50.0806 3012 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:21:50.0822 3012 SharedAccess - ok
21:21:50.0838 3012 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:21:50.0853 3012 ShellHWDetection - ok
21:21:50.0884 3012 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:21:50.0884 3012 SiSRaid2 - ok
21:21:50.0916 3012 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:21:50.0916 3012 SiSRaid4 - ok
21:21:50.0947 3012 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:21:50.0947 3012 Smb - ok
21:21:50.0994 3012 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:21:50.0994 3012 SNMPTRAP - ok
21:21:51.0009 3012 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:21:51.0009 3012 spldr - ok
21:21:51.0056 3012 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:21:51.0056 3012 Spooler - ok
21:21:51.0118 3012 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:21:51.0134 3012 sppsvc - ok
21:21:51.0165 3012 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:21:51.0165 3012 sppuinotify - ok
21:21:51.0196 3012 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:21:51.0196 3012 srv - ok
21:21:51.0212 3012 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:21:51.0212 3012 srv2 - ok
21:21:51.0259 3012 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:21:51.0259 3012 SrvHsfHDA - ok
21:21:51.0290 3012 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:21:51.0290 3012 SrvHsfV92 - ok
21:21:51.0321 3012 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:21:51.0321 3012 SrvHsfWinac - ok
21:21:51.0337 3012 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:21:51.0337 3012 srvnet - ok
21:21:51.0368 3012 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:21:51.0368 3012 SSDPSRV - ok
21:21:51.0384 3012 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:21:51.0384 3012 SstpSvc - ok
21:21:51.0430 3012 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
21:21:51.0430 3012 STacSV - ok
21:21:51.0462 3012 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:21:51.0462 3012 stexstor - ok
21:21:51.0508 3012 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:21:51.0524 3012 STHDA - ok
21:21:51.0555 3012 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:21:51.0571 3012 stisvc - ok
21:21:51.0602 3012 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:21:51.0602 3012 swenum - ok
21:21:51.0618 3012 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:21:51.0618 3012 swprv - ok
21:21:51.0680 3012 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:21:51.0680 3012 SynTP - ok
21:21:51.0727 3012 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:21:51.0727 3012 SysMain - ok
21:21:51.0742 3012 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:21:51.0742 3012 TabletInputService - ok
21:21:51.0758 3012 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:21:51.0758 3012 TapiSrv - ok
21:21:51.0774 3012 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:21:51.0774 3012 TBS - ok
21:21:51.0836 3012 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:21:51.0836 3012 Tcpip - ok
21:21:51.0867 3012 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:21:51.0883 3012 TCPIP6 - ok
21:21:51.0898 3012 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:21:51.0914 3012 tcpipreg - ok
21:21:51.0930 3012 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:21:51.0930 3012 TDPIPE - ok
21:21:51.0961 3012 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:21:51.0961 3012 TDTCP - ok
21:21:51.0976 3012 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:21:51.0976 3012 tdx - ok
21:21:52.0008 3012 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:21:52.0008 3012 TermDD - ok
21:21:52.0039 3012 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:21:52.0054 3012 TermService - ok
21:21:52.0070 3012 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:21:52.0070 3012 Themes - ok
21:21:52.0070 3012 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:21:52.0070 3012 THREADORDER - ok
21:21:52.0117 3012 [ 6642C9F15CCC7859CAEEA159E711EB21 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
21:21:52.0117 3012 tmactmon - ok
21:21:52.0132 3012 [ 0BD205E00C93B8CF828301F43164AA51 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
21:21:52.0132 3012 tmcomm - ok
21:21:52.0148 3012 [ 9D86A57FB83E39A967CD8D3AAE8A170A ] TMEBC C:\Windows\system32\DRIVERS\TMEBC64.sys
21:21:52.0148 3012 TMEBC - ok
21:21:52.0179 3012 [ C27DAE25484C205F3CCF7260E1B045DD ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
21:21:52.0179 3012 tmevtmgr - ok
21:21:52.0226 3012 [ 48951FBFFFCAE52FADFCDFB76ED19749 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
21:21:52.0226 3012 tmtdi - ok
21:21:52.0257 3012 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:21:52.0257 3012 TrkWks - ok
21:21:52.0304 3012 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:21:52.0320 3012 TrustedInstaller - ok
21:21:52.0351 3012 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:52.0351 3012 tssecsrv - ok
21:21:52.0382 3012 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:21:52.0382 3012 TsUsbFlt - ok
21:21:52.0398 3012 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:21:52.0398 3012 TsUsbGD - ok
21:21:52.0444 3012 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:21:52.0444 3012 tunnel - ok
21:21:52.0476 3012 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:21:52.0476 3012 uagp35 - ok
21:21:52.0507 3012 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:21:52.0507 3012 udfs - ok
21:21:52.0538 3012 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:21:52.0538 3012 UI0Detect - ok
21:21:52.0554 3012 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:21:52.0554 3012 uliagpkx - ok
21:21:52.0585 3012 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:21:52.0585 3012 umbus - ok
21:21:52.0616 3012 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:21:52.0616 3012 UmPass - ok
21:21:52.0725 3012 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:21:52.0725 3012 UNS - ok
21:21:52.0756 3012 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:21:52.0756 3012 upnphost - ok
21:21:52.0788 3012 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:52.0788 3012 usbccgp - ok
21:21:52.0834 3012 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:21:52.0834 3012 usbcir - ok
21:21:52.0850 3012 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:21:52.0850 3012 usbehci - ok
21:21:52.0866 3012 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:21:52.0866 3012 usbhub - ok
21:21:52.0881 3012 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:21:52.0881 3012 usbohci - ok
21:21:52.0897 3012 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:21:52.0897 3012 usbprint - ok
21:21:52.0912 3012 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
21:21:52.0912 3012 USBSTOR - ok
21:21:52.0928 3012 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:21:52.0928 3012 usbuhci - ok
21:21:52.0975 3012 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:21:52.0975 3012 usbvideo - ok
21:21:53.0006 3012 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:21:53.0006 3012 UxSms - ok
21:21:53.0022 3012 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:21:53.0022 3012 VaultSvc - ok
21:21:53.0037 3012 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:21:53.0037 3012 vdrvroot - ok
21:21:53.0068 3012 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:21:53.0068 3012 vds - ok
21:21:53.0084 3012 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:53.0084 3012 vga - ok
21:21:53.0084 3012 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:21:53.0084 3012 VgaSave - ok
21:21:53.0115 3012 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:21:53.0115 3012 vhdmp - ok
21:21:53.0131 3012 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:21:53.0131 3012 viaide - ok
21:21:53.0146 3012 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:21:53.0146 3012 volmgr - ok
21:21:53.0162 3012 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:21:53.0162 3012 volmgrx - ok
21:21:53.0209 3012 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:21:53.0209 3012 volsnap - ok
21:21:53.0224 3012 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:21:53.0224 3012 vsmraid - ok
21:21:53.0271 3012 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:21:53.0287 3012 VSS - ok
21:21:53.0318 3012 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:21:53.0318 3012 vwifibus - ok
21:21:53.0349 3012 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:21:53.0349 3012 vwififlt - ok
21:21:53.0365 3012 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:21:53.0365 3012 vwifimp - ok
21:21:53.0396 3012 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:21:53.0396 3012 W32Time - ok
21:21:53.0427 3012 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:21:53.0427 3012 WacomPen - ok
21:21:53.0458 3012 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:21:53.0458 3012 WANARP - ok
21:21:53.0474 3012 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:21:53.0474 3012 Wanarpv6 - ok
21:21:53.0536 3012 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:21:53.0536 3012 WatAdminSvc - ok
21:21:53.0583 3012 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:21:53.0599 3012 wbengine - ok
21:21:53.0614 3012 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:21:53.0614 3012 WbioSrvc - ok
21:21:53.0630 3012 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:21:53.0630 3012 wcncsvc - ok
21:21:53.0661 3012 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:21:53.0661 3012 WcsPlugInService - ok
21:21:53.0692 3012 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:21:53.0692 3012 Wd - ok
21:21:53.0724 3012 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:21:53.0739 3012 Wdf01000 - ok
21:21:53.0755 3012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:21:53.0755 3012 WdiServiceHost - ok
21:21:53.0755 3012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:21:53.0755 3012 WdiSystemHost - ok
21:21:53.0770 3012 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:21:53.0770 3012 WebClient - ok
21:21:53.0786 3012 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:21:53.0786 3012 Wecsvc - ok
21:21:53.0802 3012 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:21:53.0802 3012 wercplsupport - ok
21:21:53.0833 3012 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:21:53.0833 3012 WerSvc - ok
21:21:53.0864 3012 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:21:53.0864 3012 WfpLwf - ok
21:21:53.0880 3012 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:21:53.0880 3012 WIMMount - ok
21:21:53.0895 3012 WinDefend - ok
21:21:53.0895 3012 WinHttpAutoProxySvc - ok
21:21:53.0942 3012 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:21:53.0942 3012 Winmgmt - ok
21:21:54.0004 3012 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:21:54.0020 3012 WinRM - ok
21:21:54.0067 3012 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
21:21:54.0067 3012 WinUsb - ok
21:21:54.0098 3012 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:21:54.0114 3012 Wlansvc - ok
21:21:54.0145 3012 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:21:54.0145 3012 wlcrasvc - ok
21:21:54.0238 3012 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:21:54.0254 3012 wlidsvc - ok
21:21:54.0270 3012 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:21:54.0270 3012 WmiAcpi - ok
21:21:54.0301 3012 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:21:54.0301 3012 wmiApSrv - ok
21:21:54.0332 3012 WMPNetworkSvc - ok
21:21:54.0348 3012 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:21:54.0348 3012 WPCSvc - ok
21:21:54.0363 3012 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:21:54.0363 3012 WPDBusEnum - ok
21:21:54.0379 3012 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:21:54.0394 3012 ws2ifsl - ok
21:21:54.0394 3012 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:21:54.0394 3012 wscsvc - ok
21:21:54.0426 3012 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:21:54.0426 3012 WSDPrintDevice - ok
21:21:54.0426 3012 WSearch - ok
21:21:54.0488 3012 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:21:54.0504 3012 wuauserv - ok
21:21:54.0535 3012 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:21:54.0535 3012 WudfPf - ok
21:21:54.0550 3012 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:54.0550 3012 WUDFRd - ok
21:21:54.0566 3012 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:21:54.0566 3012 wudfsvc - ok
21:21:54.0582 3012 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:21:54.0597 3012 WwanSvc - ok
21:21:54.0613 3012 ================ Scan global ===============================
21:21:54.0628 3012 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:21:54.0660 3012 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:21:54.0675 3012 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:21:54.0706 3012 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:21:54.0738 3012 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:21:54.0738 3012 [Global] - ok
21:21:54.0738 3012 ================ Scan MBR ==================================
21:21:54.0753 3012 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:21:55.0658 3012 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:21:55.0658 3012 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:21:55.0658 3012 ================ Scan VBR ==================================
21:21:55.0689 3012 [ A0C0CBB37A0DF7A0835AEC3B7F9EA1A2 ] \Device\Harddisk0\DR0\Partition1
21:21:55.0689 3012 \Device\Harddisk0\DR0\Partition1 - ok
21:21:55.0705 3012 [ 82A069933D0D1048A8329F59749FF3A7 ] \Device\Harddisk0\DR0\Partition2
21:21:55.0705 3012 \Device\Harddisk0\DR0\Partition2 - ok
21:21:55.0736 3012 [ E6F8FAE94618C1B50D06E655DC7D3612 ] \Device\Harddisk0\DR0\Partition3
21:21:55.0736 3012 \Device\Harddisk0\DR0\Partition3 - ok
21:21:55.0752 3012 [ 38F36BC6900AC0CE4F4BF57A69F404A4 ] \Device\Harddisk0\DR0\Partition4
21:21:55.0752 3012 \Device\Harddisk0\DR0\Partition4 - ok
21:21:55.0752 3012 ============================================================
21:21:55.0752 3012 Scan finished
21:21:55.0752 3012 ============================================================
21:21:55.0752 4220 Detected object count: 1
21:21:55.0752 4220 Actual detected object count: 1
21:22:04.0456 4220 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:22:11.0866 4220 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:22:19.0089 4220 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:22:26.0546 4220 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:22:34.0689 4220 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:22:43.0113 4220 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:22:50.0929 4220 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:22:50.0944 4220 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:22:50.0944 4220 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:22:50.0944 4220 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:22:58.0136 4220 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:23:05.0468 4220 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:23:05.0484 4220 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:23:05.0484 4220 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:23:05.0499 4220 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:23:12.0800 4220 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

Excellent. Now that that's been quarantined first, I'd like you to run TDDSKiller one more time and this time if it's still detected select Delete, and post the new log.

Download the Sophos Virus Removal Tool and save it to your desktop:
»www.sophos.com/en-us/products/fr···ool.aspx

- Be sure to view the 3 short How-to videos on that page.
- Double-click Sophos Virus Removal Tool.exe. The installation files will extract and the installer will automatically run.
- Follow the prompts to accept the license agreement, and accept the default location.
- A message will appear "InstallShield Wizard Completed".
- Click 'Finish' to start the program.
- After it updates and a "Start Scanning" button appears in the lower right:
--- Disconnect from the Internet or physically unplug you Internet cable connection.
--- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
--- Temporarily disable your anti-virus and real-time anti-spyware protection.
- Click the "Start Scanning" button in the lower right to start the scan.
- After starting the scan, do not use the computer until the scan has completed.
- When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
- When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
- A log will be in the following location:
--- Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
--for 64-bit C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
--- 2000/XP/Server 2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
- Please post the log in your next reply.

Please post the new log from TDSSKiller, the log from Sophos Virus Removal Tool, note any errors encountered, and lte me know how is the sytem running now.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Michele

@comcast.net
Here is the new log (part 1) from TDSSKiller after I selected delete:

10:27:00.0812 7200 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:27:00.0812 7200 ============================================================
10:27:00.0812 7200 Current date / time: 2013/02/18 10:27:00.0812
10:27:00.0812 7200 SystemInfo:
10:27:00.0812 7200
10:27:00.0812 7200 OS Version: 6.1.7601 ServicePack: 1.0
10:27:00.0812 7200 Product type: Workstation
10:27:00.0812 7200 ComputerName: JOSH-HP
10:27:00.0812 7200 UserName: Josh
10:27:00.0812 7200 Windows directory: C:\Windows
10:27:00.0812 7200 System windows directory: C:\Windows
10:27:00.0812 7200 Running under WOW64
10:27:00.0812 7200 Processor architecture: Intel x64
10:27:00.0812 7200 Number of processors: 4
10:27:00.0812 7200 Page size: 0x1000
10:27:00.0812 7200 Boot type: Normal boot
10:27:00.0812 7200 ============================================================
10:27:01.0140 7200 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:27:01.0140 7200 ============================================================
10:27:01.0140 7200 \Device\Harddisk0\DR0:
10:27:01.0140 7200 MBR partitions:
10:27:01.0140 7200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:27:01.0140 7200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55840800
10:27:01.0140 7200 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x558A4800, BlocksNum 0x1C6E000
10:27:01.0140 7200 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
10:27:01.0140 7200 ============================================================
10:27:01.0156 7200 C: \Device\Harddisk0\DR0\Partition2
10:27:01.0202 7200 D: \Device\Harddisk0\DR0\Partition3
10:27:01.0218 7200 F: \Device\Harddisk0\DR0\Partition4
10:27:01.0218 7200 ============================================================
10:27:01.0218 7200 Initialize success
10:27:01.0218 7200 ============================================================
10:27:10.0984 7824 ============================================================
10:27:10.0984 7824 Scan started
10:27:10.0984 7824 Mode: Manual; TDLFS;
10:27:10.0984 7824 ============================================================
10:27:11.0904 7824 ================ Scan system memory ========================
10:27:11.0904 7824 System memory - ok
10:27:11.0904 7824 ================ Scan services =============================
10:27:12.0091 7824 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:27:12.0091 7824 1394ohci - ok
10:27:12.0122 7824 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:27:12.0122 7824 Accelerometer - ok
10:27:12.0169 7824 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:27:12.0169 7824 ACPI - ok
10:27:12.0200 7824 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:27:12.0200 7824 AcpiPmi - ok
10:27:12.0310 7824 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:27:12.0310 7824 AdobeARMservice - ok
10:27:12.0372 7824 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:27:12.0372 7824 adp94xx - ok
10:27:12.0403 7824 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:27:12.0403 7824 adpahci - ok
10:27:12.0434 7824 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:27:12.0434 7824 adpu320 - ok
10:27:12.0466 7824 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:27:12.0466 7824 AeLookupSvc - ok
10:27:12.0559 7824 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
10:27:12.0559 7824 AESTFilters - ok
10:27:12.0606 7824 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:27:12.0622 7824 AFD - ok
10:27:12.0653 7824 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:27:12.0653 7824 agp440 - ok
10:27:12.0668 7824 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:27:12.0668 7824 ALG - ok
10:27:12.0715 7824 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:27:12.0715 7824 aliide - ok
10:27:12.0731 7824 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:27:12.0731 7824 amdide - ok
10:27:12.0762 7824 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:27:12.0762 7824 AmdK8 - ok
10:27:12.0778 7824 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:27:12.0778 7824 AmdPPM - ok
10:27:12.0809 7824 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:27:12.0809 7824 amdsata - ok
10:27:12.0840 7824 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:27:12.0840 7824 amdsbs - ok
10:27:12.0856 7824 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:27:12.0856 7824 amdxata - ok
10:27:12.0949 7824 [ 1E7B61301E75B734BC2D60DB0E15183B ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
10:27:12.0949 7824 Amsp - ok
10:27:12.0996 7824 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:27:12.0996 7824 AppID - ok
10:27:13.0027 7824 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:27:13.0027 7824 AppIDSvc - ok
10:27:13.0043 7824 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:27:13.0043 7824 Appinfo - ok
10:27:13.0090 7824 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:27:13.0090 7824 arc - ok
10:27:13.0105 7824 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:27:13.0105 7824 arcsas - ok
10:27:13.0136 7824 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:13.0136 7824 AsyncMac - ok
10:27:13.0136 7824 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:27:13.0136 7824 atapi - ok
10:27:13.0183 7824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:27:13.0183 7824 AudioEndpointBuilder - ok
10:27:13.0199 7824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:27:13.0199 7824 AudioSrv - ok
10:27:13.0246 7824 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:27:13.0246 7824 AxInstSV - ok
10:27:13.0277 7824 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:27:13.0277 7824 b06bdrv - ok
10:27:13.0308 7824 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:27:13.0308 7824 b57nd60a - ok
10:27:13.0402 7824 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
10:27:13.0417 7824 BBSvc - ok
10:27:13.0433 7824 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
10:27:13.0433 7824 BBUpdate - ok
10:27:13.0526 7824 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
10:27:13.0542 7824 BCM43XX - ok
10:27:13.0589 7824 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:27:13.0589 7824 BDESVC - ok
10:27:13.0636 7824 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:27:13.0636 7824 Beep - ok
10:27:13.0667 7824 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:27:13.0667 7824 BFE - ok
10:27:13.0745 7824 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:27:13.0745 7824 BITS - ok
10:27:13.0792 7824 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:27:13.0792 7824 blbdrive - ok
10:27:13.0823 7824 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:27:13.0823 7824 bowser - ok
10:27:13.0854 7824 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:27:13.0854 7824 BrFiltLo - ok
10:27:13.0870 7824 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:27:13.0870 7824 BrFiltUp - ok
10:27:13.0916 7824 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:27:13.0916 7824 Browser - ok
10:27:13.0932 7824 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:27:13.0932 7824 Brserid - ok
10:27:13.0948 7824 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:27:13.0948 7824 BrSerWdm - ok
10:27:13.0994 7824 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:27:13.0994 7824 BrUsbMdm - ok
10:27:14.0010 7824 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:27:14.0010 7824 BrUsbSer - ok
10:27:14.0026 7824 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:27:14.0026 7824 BTHMODEM - ok
10:27:14.0057 7824 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:27:14.0057 7824 bthserv - ok
10:27:14.0104 7824 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:27:14.0104 7824 cdfs - ok
10:27:14.0150 7824 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:27:14.0150 7824 cdrom - ok
10:27:14.0182 7824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:27:14.0182 7824 CertPropSvc - ok
10:27:14.0213 7824 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:27:14.0213 7824 circlass - ok
10:27:14.0228 7824 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:27:14.0228 7824 CLFS - ok
10:27:14.0306 7824 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
10:27:14.0306 7824 CLKMSVC10_38F51D56 - ok
10:27:14.0384 7824 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:14.0384 7824 clr_optimization_v2.0.50727_32 - ok
10:27:14.0431 7824 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:27:14.0431 7824 clr_optimization_v2.0.50727_64 - ok
10:27:14.0494 7824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:27:14.0494 7824 clr_optimization_v4.0.30319_32 - ok
10:27:14.0525 7824 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:27:14.0525 7824 clr_optimization_v4.0.30319_64 - ok
10:27:14.0572 7824 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
10:27:14.0572 7824 clwvd - ok
10:27:14.0603 7824 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:27:14.0603 7824 CmBatt - ok
10:27:14.0603 7824 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:27:14.0603 7824 cmdide - ok
10:27:14.0650 7824 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:27:14.0650 7824 CNG - ok
10:27:14.0681 7824 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:27:14.0681 7824 Compbatt - ok
10:27:14.0712 7824 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:27:14.0712 7824 CompositeBus - ok
10:27:14.0728 7824 COMSysApp - ok
10:27:14.0743 7824 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:27:14.0743 7824 crcdisk - ok
10:27:14.0774 7824 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:27:14.0774 7824 CryptSvc - ok
10:27:14.0806 7824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:27:14.0821 7824 DcomLaunch - ok
10:27:14.0868 7824 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:27:14.0868 7824 defragsvc - ok
10:27:14.0899 7824 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:27:14.0899 7824 DfsC - ok
10:27:14.0930 7824 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:27:14.0930 7824 Dhcp - ok
10:27:14.0946 7824 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:27:14.0946 7824 discache - ok
10:27:14.0977 7824 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:27:14.0977 7824 Disk - ok
10:27:15.0008 7824 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:27:15.0008 7824 Dnscache - ok
10:27:15.0040 7824 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:27:15.0040 7824 dot3svc - ok
10:27:15.0055 7824 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:27:15.0055 7824 DPS - ok
10:27:15.0086 7824 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:27:15.0086 7824 drmkaud - ok
10:27:15.0118 7824 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:27:15.0118 7824 DXGKrnl - ok
10:27:15.0149 7824 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:27:15.0149 7824 EapHost - ok
10:27:15.0227 7824 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:27:15.0242 7824 ebdrv - ok
10:27:15.0274 7824 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:27:15.0274 7824 EFS - ok
10:27:15.0336 7824 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:27:15.0336 7824 ehRecvr - ok
10:27:15.0352 7824 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:27:15.0352 7824 ehSched - ok
10:27:15.0398 7824 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:27:15.0398 7824 elxstor - ok
10:27:15.0414 7824 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:27:15.0414 7824 ErrDev - ok
10:27:15.0476 7824 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:27:15.0476 7824 EventSystem - ok
10:27:15.0492 7824 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:27:15.0508 7824 exfat - ok
10:27:15.0523 7824 ezSharedSvc - ok
10:27:15.0539 7824 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:27:15.0539 7824 fastfat - ok
10:27:15.0586 7824 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:27:15.0586 7824 Fax - ok
10:27:15.0601 7824 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:27:15.0601 7824 fdc - ok
10:27:15.0632 7824 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:27:15.0632 7824 fdPHost - ok
10:27:15.0648 7824 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:27:15.0648 7824 FDResPub - ok
10:27:15.0664 7824 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:27:15.0664 7824 FileInfo - ok
10:27:15.0679 7824 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:27:15.0679 7824 Filetrace - ok
10:27:15.0695 7824 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:27:15.0695 7824 flpydisk - ok
10:27:15.0726 7824 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:27:15.0726 7824 FltMgr - ok
10:27:15.0773 7824 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:27:15.0773 7824 FontCache - ok
10:27:15.0820 7824 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:27:15.0820 7824 FontCache3.0.0.0 - ok
10:27:15.0882 7824 [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
10:27:15.0882 7824 FPLService - ok
10:27:15.0913 7824 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:27:15.0913 7824 FsDepends - ok
10:27:15.0944 7824 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:27:15.0944 7824 Fs_Rec - ok
10:27:15.0960 7824 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:27:15.0960 7824 fvevol - ok
10:27:15.0991 7824 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:27:15.0991 7824 gagp30kx - ok
10:27:16.0054 7824 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:27:16.0054 7824 GamesAppService - ok
10:27:16.0100 7824 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:27:16.0100 7824 gpsvc - ok
10:27:16.0178 7824 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:27:16.0194 7824 gupdate - ok
10:27:16.0194 7824 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:27:16.0194 7824 gupdatem - ok
10:27:16.0241 7824 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:27:16.0241 7824 gusvc - ok
10:27:16.0256 7824 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:27:16.0256 7824 hcw85cir - ok
10:27:16.0319 7824 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:27:16.0319 7824 HdAudAddService - ok
10:27:16.0334 7824 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:27:16.0350 7824 HDAudBus - ok
10:27:16.0350 7824 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:27:16.0350 7824 HidBatt - ok
10:27:16.0381 7824 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:27:16.0381 7824 HidBth - ok
10:27:16.0397 7824 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:27:16.0397 7824 HidIr - ok
10:27:16.0428 7824 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:27:16.0428 7824 hidserv - ok
10:27:16.0459 7824 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:27:16.0459 7824 HidUsb - ok
10:27:16.0475 7824 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:27:16.0475 7824 hkmsvc - ok
10:27:16.0506 7824 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:27:16.0506 7824 HomeGroupListener - ok
10:27:16.0522 7824 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:27:16.0537 7824 HomeGroupProvider - ok
10:27:16.0615 7824 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:27:16.0615 7824 HP Support Assistant Service - ok
10:27:16.0646 7824 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:27:16.0646 7824 HPClientSvc - ok
10:27:16.0709 7824 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
10:27:16.0724 7824 hpCMSrv - ok
10:27:16.0787 7824 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:27:16.0802 7824 HPDrvMntSvc.exe - ok
10:27:16.0834 7824 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:27:16.0834 7824 hpdskflt - ok
10:27:16.0880 7824 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:27:16.0896 7824 hpqwmiex - ok
10:27:16.0912 7824 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:27:16.0912 7824 HpSAMD - ok
10:27:16.0943 7824 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
10:27:16.0943 7824 hpsrv - ok
10:27:16.0990 7824 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:27:16.0990 7824 HPWMISVC - ok
10:27:17.0052 7824 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:27:17.0052 7824 HTTP - ok
10:27:17.0068 7824 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:27:17.0068 7824 hwpolicy - ok
10:27:17.0099 7824 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:27:17.0099 7824 i8042prt - ok
10:27:17.0130 7824 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:27:17.0130 7824 iaStor - ok
10:27:17.0208 7824 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:27:17.0208 7824 IAStorDataMgrSvc - ok
10:27:17.0239 7824 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:27:17.0239 7824 iaStorV - ok
10:27:17.0333 7824 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
10:27:17.0348 7824 IconMan_R - ok
10:27:17.0395 7824 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:27:17.0411 7824 idsvc - ok
10:27:17.0645 7824 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:27:17.0692 7824 igfx - ok
10:27:17.0723 7824 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:27:17.0723 7824 iirsp - ok
10:27:17.0754 7824 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:27:17.0754 7824 IKEEXT - ok
10:27:17.0801 7824 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:27:17.0801 7824 IntcDAud - ok
10:27:17.0832 7824 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:27:17.0832 7824 intelide - ok
10:27:17.0848 7824 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:27:17.0848 7824 intelppm - ok
10:27:17.0879 7824 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:27:17.0879 7824 IPBusEnum - ok
10:27:17.0910 7824 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:17.0910 7824 IpFilterDriver - ok
10:27:17.0972 7824 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:27:17.0972 7824 iphlpsvc - ok
10:27:17.0988 7824 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:27:17.0988 7824 IPMIDRV - ok
10:27:18.0019 7824 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:27:18.0019 7824 IPNAT - ok
10:27:18.0035 7824 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:27:18.0035 7824 IRENUM - ok
10:27:18.0050 7824 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:27:18.0050 7824 isapnp - ok
10:27:18.0066 7824 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:27:18.0082 7824 iScsiPrt - ok
10:27:18.0097 7824 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:27:18.0097 7824 kbdclass - ok
10:27:18.0128 7824 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:27:18.0128 7824 kbdhid - ok
10:27:18.0128 7824 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:27:18.0128 7824 KeyIso - ok
10:27:18.0160 7824 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:27:18.0160 7824 KSecDD - ok
10:27:18.0191 7824 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:27:18.0191 7824 KSecPkg - ok
10:27:18.0238 7824 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:27:18.0238 7824 ksthunk - ok
10:27:18.0269 7824 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:27:18.0269 7824 KtmRm - ok
10:27:18.0331 7824 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:27:18.0331 7824 LanmanServer - ok
10:27:18.0347 7824 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:27:18.0347 7824 LanmanWorkstation - ok
10:27:18.0378 7824 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:27:18.0378 7824 lltdio - ok
10:27:18.0409 7824 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:27:18.0409 7824 lltdsvc - ok
10:27:18.0425 7824 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:27:18.0440 7824 lmhosts - ok
10:27:18.0503 7824 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:27:18.0503 7824 LMS - ok
10:27:18.0550 7824 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:27:18.0550 7824 LSI_FC - ok
10:27:18.0581 7824 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:27:18.0581 7824 LSI_SAS - ok
10:27:18.0596 7824 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:27:18.0596 7824 LSI_SAS2 - ok
10:27:18.0628 7824 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:27:18.0628 7824 LSI_SCSI - ok
10:27:18.0643 7824 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:27:18.0643 7824 luafv - ok
10:27:18.0674 7824 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:27:18.0674 7824 MBAMProtector - ok
10:27:18.0752 7824 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:27:18.0752 7824 MBAMScheduler - ok
10:27:18.0815 7824 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:27:18.0815 7824 MBAMService - ok
10:27:18.0846 7824 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:27:18.0846 7824 Mcx2Svc - ok
10:27:18.0877 7824 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:27:18.0877 7824 megasas - ok
10:27:18.0893 7824 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:27:18.0893 7824 MegaSR - ok
10:27:18.0924 7824 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:27:18.0924 7824 MEIx64 - ok
10:27:18.0955 7824 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:27:18.0955 7824 MMCSS - ok
10:27:18.0986 7824 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:27:18.0986 7824 Modem - ok
10:27:19.0002 7824 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:27:19.0002 7824 monitor - ok
10:27:19.0033 7824 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:27:19.0033 7824 mouclass - ok
10:27:19.0049 7824 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
10:27:19.0049 7824 mouhid - ok
10:27:19.0080 7824 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:27:19.0080 7824 mountmgr - ok
10:27:19.0127 7824 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:27:19.0127 7824 MozillaMaintenance - ok
10:27:19.0158 7824 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:27:19.0158 7824 mpio - ok
10:27:19.0189 7824 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:27:19.0189 7824 mpsdrv - ok
10:27:19.0220 7824 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:27:19.0220 7824 MpsSvc - ok
10:27:19.0236 7824 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:27:19.0236 7824 MRxDAV - ok
10:27:19.0267 7824 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:19.0267 7824 mrxsmb - ok
10:27:19.0283 7824 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:19.0283 7824 mrxsmb10 - ok
10:27:19.0298 7824 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:19.0298 7824 mrxsmb20 - ok
10:27:19.0314 7824 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:27:19.0314 7824 msahci - ok
10:27:19.0345 7824 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:27:19.0345 7824 msdsm - ok
10:27:19.0376 7824 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:27:19.0376 7824 MSDTC - ok
10:27:19.0408 7824 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:27:19.0408 7824 Msfs - ok
10:27:19.0423 7824 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:27:19.0423 7824 mshidkmdf - ok
10:27:19.0439 7824 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:27:19.0439 7824 msisadrv - ok
10:27:19.0470 7824 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:27:19.0470 7824 MSiSCSI - ok
10:27:19.0470 7824 msiserver - ok
10:27:19.0501 7824 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:27:19.0501 7824 MSKSSRV - ok
10:27:19.0517 7824 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:19.0517 7824 MSPCLOCK - ok
10:27:19.0517 7824 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:27:19.0517 7824 MSPQM - ok
10:27:19.0532 7824 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:27:19.0548 7824 MsRPC - ok
10:27:19.0579 7824 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:27:19.0579 7824 mssmbios - ok
10:27:19.0610 7824 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:27:19.0610 7824 MSTEE - ok
10:27:19.0626 7824 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:27:19.0626 7824 MTConfig - ok
10:27:19.0642 7824 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:27:19.0642 7824 Mup - ok
10:27:19.0657 7824 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:27:19.0673 7824 napagent - ok
10:27:19.0720 7824 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:27:19.0720 7824 NativeWifiP - ok
10:27:19.0766 7824 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:27:19.0766 7824 NDIS - ok
10:27:19.0798 7824 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:27:19.0798 7824 NdisCap - ok
10:27:19.0813 7824 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:19.0813 7824 NdisTapi - ok
10:27:19.0829 7824 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:19.0829 7824 Ndisuio - ok
10:27:19.0844 7824 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:19.0844 7824 NdisWan - ok
10:27:19.0860 7824 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:27:19.0860 7824 NDProxy - ok
10:27:19.0907 7824 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:27:19.0907 7824 NetBIOS - ok
10:27:19.0922 7824 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:27:19.0922 7824 NetBT - ok
10:27:19.0938 7824 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:27:19.0938 7824 Netlogon - ok
10:27:19.0985 7824 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:27:19.0985 7824 Netman - ok
10:27:20.0000 7824 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:27:20.0016 7824 netprofm - ok
10:27:20.0032 7824 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe


Michele

@comcast.net
reply to TheJoker
Part 2 of TDSSKiller log:

10:27:20.0032 7824 NetTcpPortSharing - ok
10:27:20.0063 7824 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:27:20.0063 7824 nfrd960 - ok
10:27:20.0110 7824 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:27:20.0110 7824 NlaSvc - ok
10:27:20.0125 7824 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:27:20.0125 7824 Npfs - ok
10:27:20.0141 7824 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:27:20.0156 7824 nsi - ok
10:27:20.0156 7824 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:27:20.0156 7824 nsiproxy - ok
10:27:20.0250 7824 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:27:20.0250 7824 Ntfs - ok
10:27:20.0281 7824 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:27:20.0281 7824 Null - ok
10:27:20.0328 7824 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:27:20.0328 7824 nusb3hub - ok
10:27:20.0359 7824 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:27:20.0359 7824 nusb3xhc - ok
10:27:20.0375 7824 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
10:27:20.0375 7824 NVENETFD - ok
10:27:20.0406 7824 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:27:20.0406 7824 nvraid - ok
10:27:20.0406 7824 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:27:20.0422 7824 nvstor - ok
10:27:20.0437 7824 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:27:20.0437 7824 nv_agp - ok
10:27:20.0468 7824 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:27:20.0468 7824 ohci1394 - ok
10:27:20.0531 7824 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:27:20.0531 7824 ose - ok
10:27:20.0687 7824 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:27:20.0718 7824 osppsvc - ok
10:27:20.0749 7824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:27:20.0749 7824 p2pimsvc - ok
10:27:20.0765 7824 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:27:20.0765 7824 p2psvc - ok
10:27:20.0796 7824 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:27:20.0796 7824 Parport - ok
10:27:20.0827 7824 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:27:20.0827 7824 partmgr - ok
10:27:20.0843 7824 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:27:20.0843 7824 PcaSvc - ok
10:27:20.0874 7824 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:27:20.0874 7824 pci - ok
10:27:20.0874 7824 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:27:20.0874 7824 pciide - ok
10:27:20.0905 7824 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:27:20.0905 7824 pcmcia - ok
10:27:20.0936 7824 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:27:20.0936 7824 pcw - ok
10:27:20.0968 7824 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:27:20.0968 7824 PEAUTH - ok
10:27:21.0014 7824 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:27:21.0030 7824 PerfHost - ok
10:27:21.0077 7824 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:27:21.0077 7824 pla - ok
10:27:21.0124 7824 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:27:21.0124 7824 PlugPlay - ok
10:27:21.0155 7824 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:27:21.0155 7824 PNRPAutoReg - ok
10:27:21.0170 7824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:27:21.0170 7824 PNRPsvc - ok
10:27:21.0202 7824 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:27:21.0202 7824 PolicyAgent - ok
10:27:21.0233 7824 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:27:21.0233 7824 Power - ok
10:27:21.0264 7824 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:27:21.0264 7824 PptpMiniport - ok
10:27:21.0295 7824 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:27:21.0295 7824 Processor - ok
10:27:21.0326 7824 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:27:21.0326 7824 ProfSvc - ok
10:27:21.0342 7824 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:27:21.0342 7824 ProtectedStorage - ok
10:27:21.0373 7824 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:27:21.0373 7824 Psched - ok
10:27:21.0420 7824 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:27:21.0436 7824 ql2300 - ok
10:27:21.0451 7824 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:27:21.0451 7824 ql40xx - ok
10:27:21.0482 7824 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:27:21.0482 7824 QWAVE - ok
10:27:21.0498 7824 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:27:21.0498 7824 QWAVEdrv - ok
10:27:21.0498 7824 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:27:21.0498 7824 RasAcd - ok
10:27:21.0545 7824 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:27:21.0545 7824 RasAgileVpn - ok
10:27:21.0560 7824 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:27:21.0560 7824 RasAuto - ok
10:27:21.0576 7824 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:27:21.0576 7824 Rasl2tp - ok
10:27:21.0607 7824 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:27:21.0607 7824 RasMan - ok
10:27:21.0623 7824 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:27:21.0623 7824 RasPppoe - ok
10:27:21.0654 7824 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:27:21.0654 7824 RasSstp - ok
10:27:21.0670 7824 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:27:21.0670 7824 rdbss - ok
10:27:21.0685 7824 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
10:27:21.0685 7824 rdpbus - ok
10:27:21.0701 7824 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:27:21.0701 7824 RDPCDD - ok
10:27:21.0716 7824 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:27:21.0716 7824 RDPENCDD - ok
10:27:21.0716 7824 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:27:21.0732 7824 RDPREFMP - ok
10:27:21.0779 7824 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:27:21.0779 7824 RdpVideoMiniport - ok
10:27:21.0794 7824 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:27:21.0810 7824 RDPWD - ok
10:27:21.0841 7824 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:27:21.0841 7824 rdyboost - ok
10:27:21.0872 7824 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:27:21.0872 7824 RemoteAccess - ok
10:27:21.0904 7824 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:27:21.0904 7824 RemoteRegistry - ok
10:27:21.0966 7824 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
10:27:21.0966 7824 RoxioNow Service - ok
10:27:22.0013 7824 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:27:22.0013 7824 RpcEptMapper - ok
10:27:22.0028 7824 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:27:22.0028 7824 RpcLocator - ok
10:27:22.0044 7824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:27:22.0044 7824 RpcSs - ok
10:27:22.0091 7824 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
10:27:22.0091 7824 RSPCIESTOR - ok
10:27:22.0106 7824 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:27:22.0106 7824 rspndr - ok
10:27:22.0138 7824 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:27:22.0138 7824 RTL8167 - ok
10:27:22.0153 7824 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:27:22.0153 7824 SamSs - ok
10:27:22.0169 7824 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:27:22.0184 7824 sbp2port - ok
10:27:22.0216 7824 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:27:22.0216 7824 SCardSvr - ok
10:27:22.0231 7824 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:27:22.0231 7824 scfilter - ok
10:27:22.0262 7824 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:27:22.0262 7824 Schedule - ok
10:27:22.0294 7824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:27:22.0294 7824 SCPolicySvc - ok
10:27:22.0309 7824 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:27:22.0309 7824 sdbus - ok
10:27:22.0325 7824 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:27:22.0325 7824 SDRSVC - ok
10:27:22.0372 7824 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:27:22.0372 7824 secdrv - ok
10:27:22.0372 7824 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:27:22.0372 7824 seclogon - ok
10:27:22.0403 7824 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:27:22.0403 7824 SENS - ok
10:27:22.0434 7824 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:27:22.0434 7824 SensrSvc - ok
10:27:22.0434 7824 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
10:27:22.0434 7824 Serenum - ok
10:27:22.0465 7824 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
10:27:22.0465 7824 Serial - ok
10:27:22.0496 7824 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:27:22.0496 7824 sermouse - ok
10:27:22.0512 7824 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:27:22.0528 7824 SessionEnv - ok
10:27:22.0543 7824 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:27:22.0543 7824 sffdisk - ok
10:27:22.0559 7824 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:27:22.0559 7824 sffp_mmc - ok
10:27:22.0574 7824 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:27:22.0574 7824 sffp_sd - ok
10:27:22.0590 7824 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:27:22.0590 7824 sfloppy - ok
10:27:22.0637 7824 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:27:22.0637 7824 SharedAccess - ok
10:27:22.0668 7824 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:27:22.0668 7824 ShellHWDetection - ok
10:27:22.0715 7824 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:27:22.0715 7824 SiSRaid2 - ok
10:27:22.0730 7824 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:27:22.0730 7824 SiSRaid4 - ok
10:27:22.0762 7824 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:27:22.0762 7824 Smb - ok
10:27:22.0808 7824 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:27:22.0808 7824 SNMPTRAP - ok
10:27:22.0824 7824 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:27:22.0824 7824 spldr - ok
10:27:22.0855 7824 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:27:22.0871 7824 Spooler - ok
10:27:22.0918 7824 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:27:22.0933 7824 sppsvc - ok
10:27:22.0964 7824 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:27:22.0964 7824 sppuinotify - ok
10:27:22.0996 7824 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:27:22.0996 7824 srv - ok
10:27:23.0027 7824 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:27:23.0027 7824 srv2 - ok
10:27:23.0058 7824 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:27:23.0058 7824 SrvHsfHDA - ok
10:27:23.0089 7824 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:27:23.0105 7824 SrvHsfV92 - ok
10:27:23.0120 7824 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:27:23.0120 7824 SrvHsfWinac - ok
10:27:23.0152 7824 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:27:23.0152 7824 srvnet - ok
10:27:23.0183 7824 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:27:23.0183 7824 SSDPSRV - ok
10:27:23.0183 7824 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:27:23.0198 7824 SstpSvc - ok
10:27:23.0245 7824 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
10:27:23.0261 7824 STacSV - ok
10:27:23.0292 7824 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:27:23.0292 7824 stexstor - ok
10:27:23.0339 7824 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
10:27:23.0339 7824 STHDA - ok
10:27:23.0386 7824 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:27:23.0386 7824 stisvc - ok
10:27:23.0417 7824 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:27:23.0417 7824 swenum - ok
10:27:23.0432 7824 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:27:23.0432 7824 swprv - ok
10:27:23.0495 7824 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:27:23.0495 7824 SynTP - ok
10:27:23.0542 7824 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:27:23.0542 7824 SysMain - ok
10:27:23.0557 7824 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:27:23.0573 7824 TabletInputService - ok
10:27:23.0573 7824 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:27:23.0588 7824 TapiSrv - ok
10:27:23.0588 7824 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:27:23.0588 7824 TBS - ok
10:27:23.0651 7824 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:27:23.0666 7824 Tcpip - ok
10:27:23.0682 7824 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:27:23.0698 7824 TCPIP6 - ok
10:27:23.0729 7824 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:27:23.0729 7824 tcpipreg - ok
10:27:23.0744 7824 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:27:23.0744 7824 TDPIPE - ok
10:27:23.0776 7824 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:27:23.0776 7824 TDTCP - ok
10:27:23.0807 7824 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:27:23.0807 7824 tdx - ok
10:27:23.0822 7824 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:27:23.0822 7824 TermDD - ok
10:27:23.0854 7824 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:27:23.0869 7824 TermService - ok
10:27:23.0885 7824 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:27:23.0885 7824 Themes - ok
10:27:23.0900 7824 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:27:23.0900 7824 THREADORDER - ok
10:27:23.0932 7824 [ 6642C9F15CCC7859CAEEA159E711EB21 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
10:27:23.0932 7824 tmactmon - ok
10:27:23.0947 7824 [ 0BD205E00C93B8CF828301F43164AA51 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
10:27:23.0947 7824 tmcomm - ok
10:27:23.0963 7824 [ 9D86A57FB83E39A967CD8D3AAE8A170A ] TMEBC C:\Windows\system32\DRIVERS\TMEBC64.sys
10:27:23.0978 7824 TMEBC - ok
10:27:23.0978 7824 [ C27DAE25484C205F3CCF7260E1B045DD ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
10:27:23.0978 7824 tmevtmgr - ok
10:27:24.0025 7824 [ 48951FBFFFCAE52FADFCDFB76ED19749 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
10:27:24.0025 7824 tmtdi - ok
10:27:24.0056 7824 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:27:24.0056 7824 TrkWks - ok
10:27:24.0119 7824 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:27:24.0119 7824 TrustedInstaller - ok
10:27:24.0134 7824 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:27:24.0134 7824 tssecsrv - ok
10:27:24.0166 7824 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:27:24.0181 7824 TsUsbFlt - ok
10:27:24.0212 7824 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:27:24.0212 7824 TsUsbGD - ok
10:27:24.0244 7824 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:27:24.0244 7824 tunnel - ok
10:27:24.0275 7824 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:27:24.0275 7824 uagp35 - ok
10:27:24.0290 7824 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:27:24.0290 7824 udfs - ok
10:27:24.0337 7824 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:27:24.0337 7824 UI0Detect - ok
10:27:24.0368 7824 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:27:24.0368 7824 uliagpkx - ok
10:27:24.0400 7824 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:27:24.0400 7824 umbus - ok
10:27:24.0431 7824 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:27:24.0431 7824 UmPass - ok
10:27:24.0540 7824 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:27:24.0540 7824 UNS - ok
10:27:24.0571 7824 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:27:24.0571 7824 upnphost - ok
10:27:24.0602 7824 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:27:24.0602 7824 usbccgp - ok
10:27:24.0649 7824 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:27:24.0649 7824 usbcir - ok
10:27:24.0665 7824 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:27:24.0665 7824 usbehci - ok
10:27:24.0680 7824 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:27:24.0680 7824 usbhub - ok
10:27:24.0696 7824 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:27:24.0696 7824 usbohci - ok
10:27:24.0712 7824 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:27:24.0712 7824 usbprint - ok
10:27:24.0727 7824 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
10:27:24.0727 7824 USBSTOR - ok
10:27:24.0743 7824 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:27:24.0743 7824 usbuhci - ok
10:27:24.0790 7824 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:27:24.0790 7824 usbvideo - ok
10:27:24.0821 7824 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:27:24.0821 7824 UxSms - ok
10:27:24.0836 7824 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:27:24.0836 7824 VaultSvc - ok
10:27:24.0868 7824 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:27:24.0868 7824 vdrvroot - ok
10:27:24.0899 7824 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:27:24.0899 7824 vds - ok
10:27:24.0914 7824 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:27:24.0914 7824 vga - ok
10:27:24.0914 7824 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:27:24.0914 7824 VgaSave - ok
10:27:24.0946 7824 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:27:24.0946 7824 vhdmp - ok
10:27:24.0961 7824 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:27:24.0961 7824 viaide - ok
10:27:24.0977 7824 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:27:24.0977 7824 volmgr - ok
10:27:24.0992 7824 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:27:24.0992 7824 volmgrx - ok
10:27:25.0024 7824 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:27:25.0039 7824 volsnap - ok
10:27:25.0055 7824 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:27:25.0055 7824 vsmraid - ok
10:27:25.0102 7824 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:27:25.0117 7824 VSS - ok
10:27:25.0133 7824 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:27:25.0133 7824 vwifibus - ok
10:27:25.0164 7824 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:27:25.0164 7824 vwififlt - ok
10:27:25.0180 7824 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:27:25.0180 7824 vwifimp - ok
10:27:25.0211 7824 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:27:25.0211 7824 W32Time - ok
10:27:25.0226 7824 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:27:25.0226 7824 WacomPen - ok
10:27:25.0273 7824 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:27:25.0273 7824 WANARP - ok
10:27:25.0273 7824 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:27:25.0273 7824 Wanarpv6 - ok
10:27:25.0351 7824 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:27:25.0351 7824 WatAdminSvc - ok
10:27:25.0429 7824 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:27:25.0429 7824 wbengine - ok
10:27:25.0445 7824 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:27:25.0445 7824 WbioSrvc - ok
10:27:25.0460 7824 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:27:25.0476 7824 wcncsvc - ok
10:27:25.0507 7824 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:27:25.0507 7824 WcsPlugInService - ok
10:27:25.0538 7824 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:27:25.0538 7824 Wd - ok
10:27:25.0585 7824 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:27:25.0585 7824 Wdf01000 - ok
10:27:25.0616 7824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:27:25.0632 7824 WdiServiceHost - ok
10:27:25.0632 7824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:27:25.0632 7824 WdiSystemHost - ok
10:27:25.0648 7824 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:27:25.0648 7824 WebClient - ok
10:27:25.0663 7824 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:27:25.0663 7824 Wecsvc - ok
10:27:25.0679 7824 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:27:25.0679 7824 wercplsupport - ok
10:27:25.0710 7824 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:27:25.0710 7824 WerSvc - ok
10:27:25.0757 7824 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:27:25.0757 7824 WfpLwf - ok
10:27:25.0757 7824 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:27:25.0757 7824 WIMMount - ok
10:27:25.0772 7824 WinDefend - ok
10:27:25.0772 7824 WinHttpAutoProxySvc - ok
10:27:25.0835 7824 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:27:25.0835 7824 Winmgmt - ok
10:27:25.0882 7824 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:27:25.0897 7824 WinRM - ok
10:27:25.0928 7824 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
10:27:25.0928 7824 WinUsb - ok
10:27:25.0960 7824 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:27:25.0975 7824 Wlansvc - ok
10:27:26.0006 7824 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:27:26.0006 7824 wlcrasvc - ok
10:27:26.0084 7824 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:27:26.0100 7824 wlidsvc - ok
10:27:26.0116 7824 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:27:26.0131 7824 WmiAcpi - ok
10:27:26.0162 7824 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:27:26.0162 7824 wmiApSrv - ok
10:27:26.0178 7824 WMPNetworkSvc - ok
10:27:26.0209 7824 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:27:26.0209 7824 WPCSvc - ok
10:27:26.0225 7824 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:27:26.0225 7824 WPDBusEnum - ok
10:27:26.0256 7824 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:27:26.0256 7824 ws2ifsl - ok
10:27:26.0272 7824 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:27:26.0272 7824 wscsvc - ok
10:27:26.0303 7824 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:27:26.0303 7824 WSDPrintDevice - ok
10:27:26.0303 7824 WSearch - ok
10:27:26.0365 7824 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:27:26.0381 7824 wuauserv - ok
10:27:26.0412 7824 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:27:26.0412 7824 WudfPf - ok
10:27:26.0428 7824 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:27:26.0428 7824 WUDFRd - ok
10:27:26.0443 7824 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:27:26.0443 7824 wudfsvc - ok
10:27:26.0459 7824 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:27:26.0459 7824 WwanSvc - ok
10:27:26.0506 7824 ================ Scan global ===============================
10:27:26.0521 7824 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:27:26.0552 7824 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:27:26.0568 7824 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:27:26.0599 7824 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:27:26.0630 7824 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:27:26.0630 7824 [Global] - ok
10:27:26.0630 7824 ================ Scan MBR ==================================
10:27:26.0646 7824 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:27:27.0598 7824 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:27:27.0598 7824 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:27:27.0598 7824 ================ Scan VBR ==================================
10:27:27.0629 7824 [ A0C0CBB37A0DF7A0835AEC3B7F9EA1A2 ] \Device\Harddisk0\DR0\Partition1
10:27:27.0629 7824 \Device\Harddisk0\DR0\Partition1 - ok
10:27:27.0644 7824 [ 82A069933D0D1048A8329F59749FF3A7 ] \Device\Harddisk0\DR0\Partition2
10:27:27.0644 7824 \Device\Harddisk0\DR0\Partition2 - ok
10:27:27.0676 7824 [ E6F8FAE94618C1B50D06E655DC7D3612 ] \Device\Harddisk0\DR0\Partition3
10:27:27.0676 7824 \Device\Harddisk0\DR0\Partition3 - ok
10:27:27.0691 7824 [ 38F36BC6900AC0CE4F4BF57A69F404A4 ] \Device\Harddisk0\DR0\Partition4
10:27:27.0691 7824 \Device\Harddisk0\DR0\Partition4 - ok
10:27:27.0691 7824 ============================================================
10:27:27.0691 7824 Scan finished
10:27:27.0691 7824 ============================================================
10:27:27.0691 5112 Detected object count: 1
10:27:27.0691 5112 Actual detected object count: 1
10:27:42.0153 5112 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:27:49.0188 5112 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:27:56.0271 5112 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:28:03.0447 5112 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:28:10.0482 5112 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:28:17.0471 5112 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:28:24.0444 5112 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:28:24.0460 5112 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:28:24.0460 5112 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:28:24.0460 5112 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:28:31.0480 5112 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:28:38.0547 5112 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:28:38.0547 5112 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:28:38.0547 5112 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:28:38.0609 5112 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:28:45.0660 5112 \Device\Harddisk0\DR0\TDLFS - deleted
10:28:45.0660 5112 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5
reply to Michele
Excellent!

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
»www.bleepingcomputer.com/combofi···combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key
that has been marked for deletion", please restart your computer.**

Please include the log at C:\ComboFix.txt in your next reply and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Michele

@comcast.net
I ran Sophos and it concluded "clean" but I've look for the log as you instructed and couldn't find one. I ran combofix next. Here is the log from that:

ComboFix 13-02-18.02 - Josh 02/18/2013 14:12:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4485 [GMT -6:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
.
.
2013-02-18 20:16 . 2013-02-18 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-18 16:54 . 2013-02-18 16:54 -------- d-----w- c:\programdata\Sophos
2013-02-18 16:54 . 2013-02-18 16:54 73728 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-18 16:54 . 2013-02-18 16:54 73728 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-18 16:54 . 2013-02-18 16:54 73728 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-02-18 16:54 . 2013-02-18 16:54 -------- d-----w- c:\program files (x86)\Sophos
2013-02-16 16:30 . 2013-02-18 19:21 -------- d-----r- c:\users\Josh\Dropbox
2013-02-16 16:25 . 2013-02-18 19:21 -------- d-----w- c:\users\Josh\AppData\Roaming\Dropbox
2013-02-16 15:49 . 2013-02-18 16:27 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-13 19:20 . 2013-02-13 19:20 -------- d-----w- c:\program files (x86)\ESET
2013-02-13 19:12 . 2013-02-13 19:12 -------- d-----w- c:\users\Josh\AppData\Local\Mozilla
2013-02-13 19:12 . 2013-02-13 19:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-02-13 15:41 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:41 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:39 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 15:39 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 15:39 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 15:39 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 15:39 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 15:39 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 15:39 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 15:39 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 15:39 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 15:39 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 15:38 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 15:38 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 02:38 . 2013-02-13 02:38 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2013-02-13 02:38 . 2013-02-13 02:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-13 02:38 . 2013-02-13 02:38 -------- d-----w- c:\programdata\Malwarebytes
2013-02-13 02:38 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-13 02:35 . 2013-02-13 02:35 -------- d-----w- c:\users\Josh\AppData\Local\Programs
2013-02-12 17:41 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-12 17:41 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-12 17:41 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-12 17:41 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-12 17:41 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-12 17:41 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-12 17:41 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-12 17:18 . 2013-02-12 17:18 -------- d-----w- c:\program files (x86)\GUME704.tmp
2013-02-12 17:16 . 2013-02-12 17:16 -------- d-----w- c:\program files\Google
2013-02-12 17:16 . 2013-02-12 17:18 -------- d-----w- c:\users\Josh\AppData\Local\Google
2013-02-12 17:16 . 2013-02-12 17:16 -------- d-----w- c:\program files (x86)\GUMD058.tmp
2013-02-12 17:16 . 2013-02-12 17:16 -------- d-----w- c:\program files (x86)\Google
2013-02-11 23:29 . 2013-02-18 19:22 234544 ----a-w- c:\windows\RegBootClean64.exe
2013-02-11 23:15 . 2013-02-11 23:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-11 23:14 . 2013-02-11 23:14 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-11 23:14 . 2013-02-11 23:14 -------- d-----w- c:\program files (x86)\Java
2013-02-11 23:12 . 2013-02-11 23:12 -------- d-----w- c:\programdata\McAfee
2013-02-11 23:03 . 2013-02-11 23:03 -------- d--h--w- c:\windows\system32\CanonMF Uninstaller Information
2013-02-11 23:03 . 2013-02-11 23:03 -------- d-----w- c:\program files\Canon
2013-02-11 23:02 . 2007-04-18 23:13 66048 ----a-w- c:\windows\system32\CNAS0MMK.DLL
2013-02-11 22:29 . 2013-02-11 22:29 -------- d-----w- C:\TMRescueDisk
2013-02-11 22:26 . 2013-02-11 22:26 -------- d-----w- c:\users\Josh\AppData\Local\Trend Micro
2013-02-11 22:25 . 2012-05-02 19:27 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2013-02-11 22:24 . 2012-08-24 13:07 46392 ----a-w- c:\windows\system32\drivers\TMEBC64.sys
2013-02-11 22:24 . 2012-07-12 10:29 106000 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2013-02-11 22:24 . 2012-07-12 10:29 76672 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2013-02-11 22:24 . 2012-07-12 10:29 173504 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-02-11 22:23 . 2013-02-11 22:23 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2013-02-11 22:22 . 2013-02-11 22:23 -------- d-----w- c:\program files\Trend Micro
2013-02-11 22:22 . 2013-02-18 18:39 -------- d-----w- c:\programdata\Trend Micro
2013-02-11 22:16 . 2013-02-18 18:39 -------- d-----w- c:\program files (x86)\Trend Micro
2013-02-11 22:13 . 2013-02-11 22:13 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-11 22:13 . 2013-02-11 22:13 -------- d-----w- c:\windows\system32\Macromed
2013-02-09 20:37 . 2013-01-18 18:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A4BFB2D-6D90-48AB-BC88-0C7120801D40}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 15:45 . 2012-01-18 02:09 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-11 23:14 . 2011-06-21 19:44 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-11 22:13 . 2012-01-16 22:38 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 07:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 15:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-31 21:54 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-31 21:54 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-31 21:54 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-31 21:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-15 22:47 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-15 22:47 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-15 22:47 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-15 22:47 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-15 22:47 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-15 22:47 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-15 22:47 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-15 22:47 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-15 22:47 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-15 22:47 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-15 22:47 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-15 22:47 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-15 22:47 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-15 22:47 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-15 22:47 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-15 22:47 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-15 22:47 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-15 22:47 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-15 22:47 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-15 22:47 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-15 22:47 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-15 22:47 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-15 22:47 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-15 22:47 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-15 22:47 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-15 22:47 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-15 22:47 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-15 22:47 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-15 22:47 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-15 22:47 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-15 22:47 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-15 22:47 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-15 22:47 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-15 22:47 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-15 22:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-15 22:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-15 22:47 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-15 22:47 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-15 22:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-15 22:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-15 22:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-15 22:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-02-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-03-01 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-03-01 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-2-14 29428904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/01 10:53;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys [2012-08-24 46392]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-07-12 76672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-01 89600]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-01 2413056]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-03-01 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-03-01 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-01 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-12 17:16]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-12 17:16]
.
2013-02-11 c:\windows\Tasks\HPCeeScheduleForJosh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-01 1128448]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 213856]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DCERegBootClean64"="c:\windows\RegBootClean64.exe" [2013-02-18 234544]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\p4uzfvdd.default\
FF - ExtSQL: 2013-02-11 16:37; tmbepff-7.5@trendmicro.com; c:\program files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\firefoxextension
FF - ExtSQL: 2013-02-11 16:37; {22181a4d-af90-4ca3-a569-faed9118d6bc}; c:\program files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF - ExtSQL: 2013-02-13 10:54; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run- - (no file)
SafeBoot-42803227.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:56,e6,84,97,80,8d,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-18 14:18:07
ComboFix-quarantined-files.txt 2013-02-18 20:18
.
Pre-Run: 677,639,483,392 bytes free
Post-Run: 677,622,665,216 bytes free
.
- - End Of File - - 59A080CBB36669D9ED19481DBF381BA2

The only thing out of the ordinary that I encountered was when I re-enabled my AV after running Sophos, TrendMicro indicated that it had detected and removed threats. That was before I ran combofix. The files listed as threats are related to TDSS Killer Quarantine.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5
quote:
The only thing out of the ordinary that I encountered was when I re-enabled my AV after running Sophos, TrendMicro indicated that it had detected and removed threats. That was before I ran combofix. The files listed as threats are related to TDSS Killer Quarantine.
Now that it wasn't installed as part of a running rootkit, Trend Micro Internet Security found it in the quarantine folder.

How is the system running now? It's there is no continuing program, we will start some final cleanup.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Michele

@comcast.net
As far as I can tell, everything seems to be running as it should. I've used Word and IE and they both work as expected. It looks like on one of the reboots Windows installed the updates that it had been having trouble with as well. I think we're ready for the final cleanup.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

Your version of Adobe Acrobat Reader is outdated and vulnerable. Go to Start > Control Panel > Add or Remove Programs and remove the following program:
Adobe Reader
Then go to to »www.adobe.com and download and install the current version, When you download it, be careful to UNcheck any optional toolbar installation unless you really want the toolbar.

Your Java is outdated and vulnerable.
Updating Java:

- Download the latest version of Java Runtime Environment (JRE) 7:
- In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
- In the Window that opens, click the "Accept License Agreement" button.
- Download the file for Windows x86 Offline (jre-7u13-windows-i586.exe) and jre-7u13-windows-x64.exe (you need both x86 and 64-bit versions) and save to your Desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
-- Java(TM) 6 Update 39
-- Any other version listed
- Then from your Desktop double-click on the new versions you downloaded and install them.
- Even better with all the recent Java vulnerabilities would be to not reinstall if you don't have any requirement for Java.
- If you do reinstall it, I recommend you go to Control Panel > Java, and when the Java Control Panel opens, click the Security tab and uncheck the box for :Enable Java content in the browser".

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points.

You can now delete the tools that you downloaded, and any logs they created:
OTL
Security Check
AdwCleaner
TDSSKiller
RogueKiller


Aldo delete the following folder if still there:
C:\TDSSKiller_Quarantine

To help keep malware off your system:
- Keep Windows updated at Windows Update or Microsoft Update.
- Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
- Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
- Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
- Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
- Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
- Don't click on links received in instant message programs.
- In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
- A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002/hosts.htm
- A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com/products.html
- I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »Security Cleanup FAQ »How do I prevent Browser Hijacks and Spyware?

Does your problem appear resolved?
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Michele

@comcast.net
Thank you very much for all your help. I have updated the Adobe and Java programs to the latest version. I uninstalled Combofix and the other programs you named. You didn't specifically mention the ESET or Sophos programs. Should I delete those also?
A couple of final questions: 1) Is there anything I should be watching for in the next few days that would indicate there is still a problem? 2) Is there any reason to worry about other computers on our home network (they have all been running an AV program and don't have any visible symptoms of trouble).

Thank you again for all your time and help!


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

said by Michele :

You didn't specifically mention the ESET or Sophos programs. Should I delete those also?

A web based scanner is always a good second check on a system. I would use ESET's online scanner for that, but if there' an entry for it in Control Panel's Programs and Features, there's no real advantage to keeping it installed. It can be run at any time just by going to the link for the online scanner, and it will install and update before scanning. I would uninstall Sophos, there is an entry for it in Programs and Features to uninstall it from.

quote:
A couple of final questions: 1) Is there anything I should be watching for in the next few days that would indicate there is still a problem?
Any redirects or strange results from search pages would be a reason to check, or unexplained sudden slowdown in the system.

quote:
2) Is there any reason to worry about other computers on our home network (they have all been running an AV program and don't have any visible symptoms of trouble).
Some malware can spread across a network, but it would be more likely to be installed if a compromised site was visited, or a link was clicked on in e-mail or an instant messaging program.

One thing to check would be to go to Comcast and see if there are reports of malware activity from your network. There were, as you had the notification from Xfinity, but I don't know how their site works, for example, does it still show the previous suspect activity, but with previous dates, and a way to show no current activity? If it does show current activity, such as today, I would open a topic for each of the other systems at home.

»amibotted.comcast.net/

Just an update, scroll up and see the previous instructions for updating Java. If you installed Java 7 Update 13, you need to update it again, it was just updated to Java 7 Update 15 today. It's important to update that, there were security fixes in the update.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010