IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> TDSS killer Backups, how to restore quarantined items?
Juisterr1
post 29.12.2011 21:26
Post #1


Newbie
*

Group: Members
Posts: 2
Joined: 29.12.2011




Hello All,

We, Maxstar, Evelinegirl, Eric/Juisterr from http://hijackthis.nl/forum/index.php
have a question. We like to know how to restore items from the TDSS killer backups back to the Windows system.
http://www.nucia.eu/forum/showthread.php?t=66195 for example.

We found a little topic here http://forum.kaspersky.com/index.php?showtopic=190472 but this is closed and the is no solution.

Kind regards
Eric/Juisterr
Maxstar
Evelinegirl

This post has been edited by Juisterr1: 29.12.2011 21:35


--------------------
Lid van Alliance of Security analysis Professionals en Unite Against Malware
Go to the top of the page
 
+Quote Post
eVerest
post 31.12.2011 09:50
Post #2


Advanced Member I
***

Group: Members
Posts: 70
Joined: 6.05.2009




QUOTE(Juisterr1 @ 29.12.2011 19:26) *
Hello All,

We, Maxstar, Evelinegirl, Eric/Juisterr from http://hijackthis.nl/forum/index.php
have a question. We like to know how to restore items from the TDSS killer backups back to the Windows system.
http://www.nucia.eu/forum/showthread.php?t=66195 for example.

We found a little topic here http://forum.kaspersky.com/index.php?showtopic=190472 but this is closed and the is no solution.

Kind regards
Eric/Juisterr
Maxstar
Evelinegirl

.ini file has information about quarantined item original path. Just look at the pair of tsk*.ini tsk*.dta(for example: tsk0000.ini holds information about original path and filename, tsk0000.dta - it's just renamed quarantine file) and do restore of previously quarantined items.

This post has been edited by eVerest: 31.12.2011 09:51


--------------------

http://virusinfo.info/
--------------------------------------------
Nerimash at VirusInfo.Info
Go to the top of the page
 
+Quote Post
Juisterr1
post 31.12.2011 16:16
Post #3


Newbie
*

Group: Members
Posts: 2
Joined: 29.12.2011




Hello eVerest,

Thanks for your reply, our developers are currently working on a tool to restore items from backup to the original place on Windows.

When this tool is ready we shall share this information with this forum.

Regards
Eric/Juisterr, Maxstar, Evelinegirl, Daniel.


--------------------
Lid van Alliance of Security analysis Professionals en Unite Against Malware
Go to the top of the page
 
+Quote Post
DanielX
post 9.01.2012 14:12
Post #4


Newbie
*

Group: Members
Posts: 1
Joined: 9.01.2012




Hello,

Thanks for your reply, eVerest.
I didn't test it, but does TDSSKiller also delete the services from the registry or does it only takes care of the file?

If we want to dequarantine an object, do we also have to restore the registry?


Daniel
Go to the top of the page
 
+Quote Post
Yury.Parshin
post 10.01.2012 16:28
Post #5


Virus Analyst
******

Group: KL Russia
Posts: 744
Joined: 21.10.2008




Hello.

Rollback functionality will be implemented in one of future versions of utility.
Go to the top of the page
 
+Quote Post
Maxstar1
post 20.01.2012 14:46
Post #6


Newbie
*

Group: Members
Posts: 2
Joined: 20.01.2012




Hi,

Together with 'Security Colleagues' from www.hijackthis.nl we have made ​​this simple little tool 'TDDS Qlook'.

This tool is designed to provide the helper with an easy method of obtaining information of the quarantined files of TDSSkiller.

There are two options.
A Scan
B Fix



Option A (Scan)
With this option the tool will produce a log called TDSSQ.txt at the location where TDSS Qlook is started . With this scan it will read the *.ini files in de created quarantine folders of TDSSkiller.

Example LOG:
QUOTE
TDSSKiller Quarantine Information log
Version 1.0.0.0
***** START SCAN Sat 12/31/2011 12:45:49.24 *****

---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\30.12.2011_12.42.12
C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000
C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000
C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\object.ini
C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000\object.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\object.ini ===

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000\object.ini ===

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: \SystemRoot\System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000\tsk0000.ini ===

[InfectedFile]
Type: Raw image
Src: C:\Windows\System32\Drivers\sptd.sys
md5: f42efefb765235f24b24e1d2b6f99f46


***** END SCAN Sat 12/31/2011 12:45:52.40 *****
- EOF -


The section 'DIR list' will enumerate the contents (files and folders) of each directory in the quarantined folder of TDSSkiller.
The section 'INI files' will show al the information about the quarantined files you have need to restore these files.
TDSSkiller renamed quarantined files as a *.DTA (tsk0000.dta), in the same susp00**\..\ folder with one *.INI (tsk0000.ini) an two (object.ini files). These *.ini files containing the information of each seperate file.

If C:\TDSSKiller_Quarantine is not present it will show the next log.
QUOTE
TDSSKiller Quarantine Information log
Version 1.0.0.0
***** START SCAN Sat 12/31/2011 12:56:28.09 *****

---------- Warning! ----------
TDSSKiller Quarantine folder not found

***** END SCAN Sat 12/31/2011 12:56:28.11 *****
- EOF -



Option B (Fix)
With this option the tool will open a blank Notepad Window, in this Window you can put 'batch scripts'. When you close this window with the filesaving option it will automatically run the insert batch script.

Example:
CODE
REN "C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000\tsk0000.dta" sptd.sys
COPY "C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000\sptd.sys" C:\Windows\System32\Drivers\


Example logs

QUOTE
TDSSKiller Quarantine Information log
Version 1.0.0.0
***** START SCAN za 31-12-2011 13:34:11,11 *****

---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\31.12.2011_13.21.44
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\object.ini
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0001.dta
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0001.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\object.ini ===

[InfectedObject]
Verdict: Rootkit.Win32.ZAccess.g


=== C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\object.ini ===

[InfectedObject]
Type: Service
Name: vmhgfs
Type: File system driver (0x2)
Start: System (0x1)
ImagePath: System32\DRIVERS\vmhgfs.sys
Suspicious states: Forged file;


=== C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0000.ini ===

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\vmhgfs.sys
md5: 7f2beb67c7714f701362cc3abac34d40


=== C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0001.ini ===

[InfectedFile]
Type: Api image
Src: C:\WINDOWS\system32\DRIVERS\vmhgfs.sys
md5: 3b831598ff888319eb49de1800afd6bb


***** END SCAN za 31-12-2011 13:34:14,47 *****
- EOF -


QUOTE
TDSSKiller Quarantine Information log
Version 1.0.0.0
***** START SCAN za 31-12-2011 14:15:01,45 *****

---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\31.12.2011_14.14.21
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\object.ini
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0001.dta
C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0001.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\object.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0009.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0008.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\object.ini ===

[InfectedObject]
Verdict: Rootkit.Win32.ZAccess.g


=== C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\object.ini ===

[InfectedObject]
Type: Service
Name: vmhgfs
Type: File system driver (0x2)
Start: System (0x1)
ImagePath: System32\DRIVERS\vmhgfs.sys
Suspicious states: Forged file;


=== C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0000.ini ===

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\vmhgfs.sys
md5: 7f2beb67c7714f701362cc3abac34d40


=== C:\TDSSKiller_Quarantine\31.12.2011_13.21.44\rtkt0000\svc0000\tsk0001.ini ===

[InfectedFile]
Type: Api image
Src: C:\WINDOWS\system32\DRIVERS\vmhgfs.sys
md5: 3b831598ff888319eb49de1800afd6bb


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\object.ini ===

[InfectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0000.ini ===

[InfectedFile]
Name: cfg.ini
Size: 556
File time: 2011/09/21 10:06:04.0421


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0001.ini ===

[InfectedFile]
Name: mbr
Size: 512
File time: 2011/09/21 10:06:04.0453


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0002.ini ===

[InfectedFile]
Name: bckfg.tmp
Size: 840
File time: 2011/09/21 10:06:04.0453


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0003.ini ===

[InfectedFile]
Name: cmd.dll
Size: 36864
File time: 2011/09/21 10:06:04.0468


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0004.ini ===

[InfectedFile]
Name: ldr16
Size: 1319
File time: 2011/09/21 10:06:04.0750


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0005.ini ===

[InfectedFile]
Name: ldr32
Size: 3666
File time: 2011/09/21 10:06:04.0765


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0006.ini ===

[InfectedFile]
Name: ldr64
Size: 4192
File time: 2011/09/21 10:06:04.0765


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0007.ini ===

[InfectedFile]
Name: drv64
Size: 24576
File time: 2011/09/21 10:06:04.0796


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0008.ini ===

[InfectedFile]
Name: cmd64.dll
Size: 20992
File time: 2011/09/21 10:06:04.0968


=== C:\TDSSKiller_Quarantine\31.12.2011_14.14.21\tdlfs0000\tsk0009.ini ===

[InfectedFile]
Name: drv32
Size: 36352
File time: 2011/09/21 10:06:05.0109


***** END SCAN za 31-12-2011 14:15:04,64 *****
- EOF -


This post has been edited by Maxstar1: 20.01.2012 14:48
Go to the top of the page
 
+Quote Post
Tamisha
post 9.02.2012 23:02
Post #7


Newbie
*

Group: Members
Posts: 1
Joined: 9.02.2012




Thank you very much!
Go to the top of the page
 
+Quote Post
MerciMe
post 25.04.2012 19:32
Post #8


Member
**

Group: Members
Posts: 11
Joined: 25.04.2012




I ran the TDSS Killer because I thought I had a virus but it turned out to be a hardware issue. I thought I canceled on the option to quarantine but it ran and I now have limited functionality of my computer. I cannot believe this program is so dangerous. There is no option to restore the programs which I am listing below and your customer support in India has tried to help but have been unable to effect a solution. I have read your suggestions above but am not a programmer. Is there something a little more simple I can do? I can see the files you speak of in a folder called TDSSKiller_Quarantine. Here is the list generted when I ran TDSS Killer. Can I pull these off the Windows XP disk and copy them to the directories or did it also affect the registry. Also I have the XP Home cd but they upgraded my computer to XP Pro so would this pose a conflict. Hope someone can help soon,
Detected object count: 23
08:36:35.0171 1608 Actual detected object count: 23
08:39:55.0531 1608 C:\WINDOWS\system32\Drivers\ov550i.sys - copied to quarantine
08:39:55.0531 1608 APL531 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:55.0703 1608 C:\WINDOWS\system32\ati2sgag.exe - copied to quarantine
08:39:55.0703 1608 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:55.0796 1608 C:\WINDOWS\system32\CTsvcCDA.EXE - copied to quarantine
08:39:55.0812 1608 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:55.0937 1608 C:\WINDOWS\system32\drivers\drvmcdb.sys - copied to quarantine
08:39:55.0937 1608 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0000 1608 C:\WINDOWS\system32\drivers\drvnddm.sys - copied to quarantine
08:39:56.0000 1608 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0125 1608 C:\WINDOWS\system32\HPZinw12.dll - copied to quarantine
08:39:56.0125 1608 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0234 1608 C:\WINDOWS\system32\HPZipm12.dll - copied to quarantine
08:39:56.0234 1608 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0328 1608 C:\WINDOWS\system32\Drivers\PxHelp20.sys - copied to quarantine
08:39:56.0328 1608 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0531 1608 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe - copied to quarantine
08:39:56.0531 1608 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0593 1608 C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe - copied to quarantine
08:39:56.0593 1608 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0796 1608 C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe - copied to quarantine
08:39:56.0796 1608 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0890 1608 C:\WINDOWS\system32\drivers\sscdbhk5.sys - copied to quarantine
08:39:56.0890 1608 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0031 1608 C:\WINDOWS\system32\drivers\ssrtln.sys - copied to quarantine
08:39:57.0031 1608 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0125 1608 C:\WINDOWS\system32\dla\tfsnboio.sys - copied to quarantine
08:39:57.0125 1608 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0203 1608 C:\WINDOWS\system32\dla\tfsncofs.sys - copied to quarantine
08:39:57.0203 1608 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0281 1608 C:\WINDOWS\system32\dla\tfsndrct.sys - copied to quarantine
08:39:57.0281 1608 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0421 1608 C:\WINDOWS\system32\dla\tfsndres.sys - copied to quarantine
08:39:57.0421 1608 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0453 1608 C:\WINDOWS\system32\dla\tfsnifs.sys - copied to quarantine
08:39:57.0453 1608 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0546 1608 C:\WINDOWS\system32\dla\tfsnopio.sys - copied to quarantine
08:39:57.0546 1608 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0593 1608 C:\WINDOWS\system32\dla\tfsnpool.sys - copied to quarantine
08:39:57.0593 1608 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0671 1608 C:\WINDOWS\system32\dla\tfsnudf.sys - copied to quarantine
08:39:57.0671 1608 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0734 1608 C:\WINDOWS\system32\dla\tfsnudfa.sys - copied to quarantine
08:39:57.0734 1608 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0843 1608 C:\WINDOWS\system32\MsPMSPSv.exe - copied to quarantine
08:39:57.0843 1608 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:40:26.0687 0624 Deinitialize success
Go to the top of the page
 
+Quote Post
richbuff
post 26.04.2012 00:52
Post #9


Oldtimer
****************

Group: Moderators
Posts: 47448
Joined: 14.06.2007




Welcome. Please attach the log in its entirety.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
MerciMe
post 27.04.2012 00:05
Post #10


Member
**

Group: Members
Posts: 11
Joined: 25.04.2012




QUOTE(richbuff @ 25.04.2012 23:52) *
Welcome. Please attach the log in its entirety.

This is the first of 5 logs...not sure why but think I tried to rerun to see if I could undo. So this first log was probably the one that did all the damage.

08:33:56.0046 0876 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
08:33:56.0562 0876 ============================================================
08:33:56.0562 0876 Current date / time: 2012/04/10 08:33:56.0562
08:33:56.0562 0876 SystemInfo:
08:33:56.0562 0876
08:33:56.0562 0876 OS Version: 5.1.2600 ServicePack: 3.0
08:33:56.0562 0876 Product type: Workstation
08:33:56.0562 0876 ComputerName: PMASHOME-DELL
08:33:56.0562 0876 UserName: Evonne
08:33:56.0562 0876 Windows directory: C:\WINDOWS
08:33:56.0562 0876 System windows directory: C:\WINDOWS
08:33:56.0562 0876 Processor architecture: Intel x86
08:33:56.0562 0876 Number of processors: 2
08:33:56.0562 0876 Page size: 0x1000
08:33:56.0562 0876 Boot type: Safe boot with network
08:33:56.0562 0876 ============================================================
08:33:58.0421 0876 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:33:58.0421 0876 Drive \Device\Harddisk1\DR2 - Size: 0x3CF40000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:33:58.0453 0876 \Device\Harddisk0\DR0:
08:33:58.0453 0876 MBR used
08:33:58.0453 0876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
08:33:58.0453 0876 \Device\Harddisk1\DR2:
08:33:58.0453 0876 MBR used
08:33:58.0453 0876 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0xF7, BlocksNum 0x1E7909
08:33:58.0484 0876 Initialize success
08:33:58.0484 0876 ============================================================
08:34:08.0859 0560 ============================================================
08:34:08.0859 0560 Scan started
08:34:08.0859 0560 Mode: Manual;
08:34:08.0859 0560 ============================================================
08:34:14.0156 0560 0118341334031737mcinstcleanup - ok
08:34:14.0203 0560 Abiosdsk - ok
08:34:14.0234 0560 abp480n5 - ok
08:34:14.0375 0560 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:34:14.0375 0560 ACDaemon - ok
08:34:14.0453 0560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:34:14.0453 0560 ACPI - ok
08:34:14.0500 0560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:34:14.0500 0560 ACPIEC - ok
08:34:14.0546 0560 adpu160m - ok
08:34:14.0640 0560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:34:14.0640 0560 aec - ok
08:34:14.0671 0560 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
08:34:14.0687 0560 Afc - ok
08:34:14.0750 0560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:34:14.0750 0560 AFD - ok
08:34:14.0765 0560 Aha154x - ok
08:34:14.0812 0560 aic78u2 - ok
08:34:14.0843 0560 aic78xx - ok
08:34:14.0906 0560 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:34:14.0906 0560 Alerter - ok
08:34:14.0937 0560 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:34:14.0953 0560 ALG - ok
08:34:14.0984 0560 AliIde - ok
08:34:15.0015 0560 amsint - ok
08:34:15.0140 0560 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
08:34:15.0156 0560 AOL ACS - ok
08:34:15.0250 0560 AOL Computer Checkup (21cad6f7ded13688e6a1a525f048a2b7) C:\Program Files\AOL Computer Checkup\SDCService.exe
08:34:15.0312 0560 AOL Computer Checkup - ok
08:34:15.0390 0560 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys
08:34:15.0390 0560 APL531 - ok
08:34:15.0453 0560 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:34:15.0468 0560 Apple Mobile Device - ok
08:34:15.0531 0560 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:34:15.0531 0560 AppMgmt - ok
08:34:15.0562 0560 asc - ok
08:34:15.0593 0560 asc3350p - ok
08:34:15.0640 0560 asc3550 - ok
08:34:15.0750 0560 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:34:15.0750 0560 aspnet_state - ok
08:34:15.0828 0560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:34:15.0828 0560 AsyncMac - ok
08:34:15.0906 0560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:34:15.0906 0560 atapi - ok
08:34:15.0937 0560 Atdisk - ok
08:34:16.0015 0560 Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed) C:\WINDOWS\system32\Ati2evxx.exe
08:34:16.0015 0560 Ati HotKey Poller - ok
08:34:16.0109 0560 ATI Smart (d41eb535e2b2d8872463e5f59f215d4e) C:\WINDOWS\system32\ati2sgag.exe
08:34:16.0109 0560 ATI Smart - ok
08:34:16.0281 0560 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:34:16.0296 0560 ati2mtag - ok
08:34:16.0343 0560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:34:16.0343 0560 Atmarpc - ok
08:34:16.0390 0560 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:34:16.0390 0560 AudioSrv - ok
08:34:16.0437 0560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:34:16.0437 0560 audstub - ok
08:34:16.0468 0560 b57w2k (8c0403aa21029804f31d869e6b0adedf) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:34:16.0468 0560 b57w2k - ok
08:34:16.0515 0560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:34:16.0515 0560 Beep - ok
08:34:16.0562 0560 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:34:16.0562 0560 BITS - ok
08:34:16.0687 0560 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:34:16.0703 0560 Bonjour Service - ok
08:34:16.0734 0560 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:34:16.0750 0560 Browser - ok
08:34:16.0750 0560 bvrp_pci - ok
08:34:16.0796 0560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:34:16.0796 0560 cbidf2k - ok
08:34:16.0828 0560 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:34:16.0828 0560 CCDECODE - ok
08:34:16.0843 0560 cd20xrnt - ok
08:34:16.0875 0560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:34:16.0875 0560 Cdaudio - ok
08:34:16.0921 0560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:34:16.0921 0560 Cdfs - ok
08:34:16.0968 0560 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:34:16.0968 0560 Cdrom - ok
08:34:17.0015 0560 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
08:34:17.0015 0560 cfwids - ok
08:34:17.0031 0560 Changer - ok
08:34:17.0062 0560 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:34:17.0078 0560 CiSvc - ok
08:34:17.0109 0560 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:34:17.0109 0560 ClipSrv - ok
08:34:17.0156 0560 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:34:17.0171 0560 clr_optimization_v2.0.50727_32 - ok
08:34:17.0250 0560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:34:17.0250 0560 clr_optimization_v4.0.30319_32 - ok
08:34:17.0265 0560 CmdIde - ok
08:34:17.0296 0560 COMSysApp - ok
08:34:17.0343 0560 Cpqarray - ok
08:34:17.0406 0560 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
08:34:17.0406 0560 Creative Service for CDROM Access - ok
08:34:17.0421 0560 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:34:17.0421 0560 CryptSvc - ok
08:34:17.0484 0560 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
08:34:17.0484 0560 ctsfm2k - ok
08:34:17.0500 0560 dac2w2k - ok
08:34:17.0515 0560 dac960nt - ok
08:34:17.0578 0560 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:34:17.0593 0560 DcomLaunch - ok
08:34:17.0640 0560 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:34:17.0640 0560 Dhcp - ok
08:34:17.0687 0560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:34:17.0687 0560 Disk - ok
08:34:17.0703 0560 dmadmin - ok
08:34:17.0765 0560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:34:17.0765 0560 dmboot - ok
08:34:17.0781 0560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:34:17.0796 0560 dmio - ok
08:34:17.0812 0560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:34:17.0812 0560 dmload - ok
08:34:17.0843 0560 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:34:17.0859 0560 dmserver - ok
08:34:17.0906 0560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:34:17.0906 0560 DMusic - ok
08:34:17.0937 0560 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:34:17.0937 0560 Dnscache - ok
08:34:17.0984 0560 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:34:17.0984 0560 Dot3svc - ok
08:34:18.0000 0560 dpti2o - ok
08:34:18.0015 0560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:34:18.0015 0560 drmkaud - ok
08:34:18.0062 0560 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
08:34:18.0062 0560 drvmcdb - ok
08:34:18.0093 0560 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
08:34:18.0093 0560 drvnddm - ok
08:34:18.0140 0560 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:34:18.0140 0560 EapHost - ok
08:34:18.0171 0560 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:34:18.0171 0560 ERSvc - ok
08:34:18.0218 0560 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:34:18.0234 0560 Eventlog - ok
08:34:18.0281 0560 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\Es.dll
08:34:18.0281 0560 EventSystem - ok
08:34:18.0328 0560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:34:18.0328 0560 Fastfat - ok
08:34:18.0390 0560 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:34:18.0390 0560 FastUserSwitchingCompatibility - ok
08:34:18.0437 0560 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
08:34:18.0437 0560 Fax - ok
08:34:18.0468 0560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:34:18.0468 0560 Fdc - ok
08:34:18.0515 0560 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
08:34:18.0515 0560 FilterService - ok
08:34:18.0546 0560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:34:18.0546 0560 Fips - ok
08:34:18.0562 0560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:34:18.0578 0560 Flpydisk - ok
08:34:18.0609 0560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:34:18.0609 0560 FltMgr - ok
08:34:18.0750 0560 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:34:18.0750 0560 FontCache3.0.0.0 - ok
08:34:18.0765 0560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:34:18.0765 0560 Fs_Rec - ok
08:34:18.0781 0560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:34:18.0796 0560 Ftdisk - ok
08:34:18.0828 0560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:34:18.0828 0560 GEARAspiWDM - ok
08:34:18.0875 0560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:34:18.0875 0560 Gpc - ok
08:34:18.0906 0560 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:34:18.0906 0560 helpsvc - ok
08:34:18.0937 0560 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:34:18.0937 0560 HidServ - ok
08:34:18.0984 0560 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:34:18.0984 0560 hidusb - ok
08:34:19.0031 0560 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:34:19.0031 0560 hkmsvc - ok
08:34:19.0062 0560 hpn - ok
08:34:19.0140 0560 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
08:34:19.0140 0560 HSFHWBS2 - ok
08:34:19.0203 0560 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
08:34:19.0218 0560 HSF_DP - ok
08:34:19.0281 0560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:34:19.0281 0560 HTTP - ok
08:34:19.0312 0560 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:34:19.0312 0560 HTTPFilter - ok
08:34:19.0328 0560 i2omgmt - ok
08:34:19.0359 0560 i2omp - ok
08:34:19.0421 0560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:34:19.0421 0560 i8042prt - ok
08:34:19.0500 0560 iastor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:34:19.0500 0560 iastor - ok
08:34:19.0671 0560 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:34:19.0703 0560 idsvc - ok
08:34:19.0750 0560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:34:19.0750 0560 Imapi - ok
08:34:19.0796 0560 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:34:19.0812 0560 ImapiService - ok
08:34:19.0828 0560 ini910u - ok
08:34:19.0859 0560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:34:19.0875 0560 IntelIde - ok
08:34:19.0921 0560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:34:19.0921 0560 intelppm - ok
08:34:20.0062 0560 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
08:34:20.0062 0560 IntuitUpdateService - ok
08:34:20.0140 0560 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:34:20.0156 0560 IntuitUpdateServiceV4 - ok
08:34:20.0187 0560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:34:20.0187 0560 Ip6Fw - ok
08:34:20.0218 0560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:34:20.0218 0560 IpFilterDriver - ok
08:34:20.0250 0560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:34:20.0250 0560 IpInIp - ok
08:34:20.0296 0560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:34:20.0296 0560 IpNat - ok
08:34:20.0390 0560 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
08:34:20.0437 0560 iPod Service - ok
08:34:20.0453 0560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:34:20.0453 0560 IPSec - ok
08:34:20.0484 0560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:34:20.0484 0560 IRENUM - ok
08:34:20.0546 0560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:34:20.0546 0560 isapnp - ok
08:34:20.0562 0560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:34:20.0562 0560 Kbdclass - ok
08:34:20.0578 0560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:34:20.0578 0560 kbdhid - ok
08:34:20.0640 0560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:34:20.0640 0560 kmixer - ok
08:34:20.0703 0560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:34:20.0703 0560 KSecDD - ok
08:34:20.0750 0560 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:34:20.0750 0560 lanmanserver - ok
08:34:20.0781 0560 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:34:20.0781 0560 lanmanworkstation - ok
08:34:20.0968 0560 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
08:34:21.0046 0560 Lavasoft Ad-Aware Service - ok
08:34:21.0109 0560 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
08:34:21.0109 0560 Lavasoft Kernexplorer - ok
08:34:21.0140 0560 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
08:34:21.0140 0560 Lbd - ok
08:34:21.0171 0560 lbrtfdc - ok
08:34:21.0234 0560 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:34:21.0234 0560 LmHosts - ok
08:34:21.0343 0560 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
08:34:21.0359 0560 LVcKap - ok
08:34:21.0453 0560 LVCOMSer (9e41266c68c11d7101a2d18cd1f7553e) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
08:34:21.0453 0560 LVCOMSer - ok
08:34:21.0562 0560 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
08:34:21.0578 0560 LVMVDrv - ok
08:34:21.0687 0560 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
08:34:21.0703 0560 lvpopflt - ok
08:34:21.0734 0560 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
08:34:21.0734 0560 LVPr2Mon - ok
08:34:21.0765 0560 LVPrcSrv (85c2e84bc1224c75a20b5560d5a15db9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
08:34:21.0765 0560 LVPrcSrv - ok
08:34:21.0796 0560 LVSrvLauncher (656180e9c0c5199520972426c44bc2f0) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
08:34:21.0796 0560 LVSrvLauncher - ok
08:34:21.0828 0560 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
08:34:21.0828 0560 LVUSBSta - ok
08:34:21.0968 0560 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
08:34:22.0000 0560 LVUVC - ok
08:34:22.0062 0560 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:34:22.0062 0560 McMPFSvc - ok
08:34:22.0093 0560 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:34:22.0093 0560 mcmscsvc - ok
08:34:22.0109 0560 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:34:22.0125 0560 McNaiAnn - ok
08:34:22.0140 0560 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:34:22.0140 0560 McNASvc - ok
08:34:22.0265 0560 McODS (e8c5aae17e8332f5f4f57935238cd5eb) C:\Program Files\McAfee\VirusScan\mcods.exe
08:34:22.0265 0560 McODS - ok
08:34:22.0281 0560 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:34:22.0281 0560 McProxy - ok
08:34:22.0359 0560 McShield (151f3ca25b739b9cb0066abd1523f064) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
08:34:22.0359 0560 McShield - ok
08:34:22.0437 0560 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:34:22.0453 0560 mdmxsdk - ok
08:34:22.0500 0560 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:34:22.0500 0560 Messenger - ok
08:34:22.0562 0560 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
08:34:22.0562 0560 mfeapfk - ok
08:34:22.0609 0560 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
08:34:22.0625 0560 mfeavfk - ok
08:34:22.0671 0560 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
08:34:22.0671 0560 mfebopk - ok
08:34:22.0796 0560 mfefire (26ba2eebcff16f611ce1118fa0850810) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:34:22.0796 0560 mfefire - ok
08:34:22.0859 0560 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
08:34:22.0859 0560 mfefirek - ok
08:34:22.0921 0560 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
08:34:22.0921 0560 mfehidk - ok
08:34:22.0953 0560 mfehidk01 - ok
08:34:22.0984 0560 mfehidk02 - ok
08:34:23.0015 0560 mfehidk03 - ok
08:34:23.0078 0560 mfehidk04 - ok
08:34:23.0140 0560 mfehidk05 - ok
08:34:23.0203 0560 mfehidk06 - ok
08:34:23.0250 0560 mfehidk07 - ok
08:34:23.0312 0560 mfehidk08 - ok
08:34:23.0375 0560 mfehidk09 - ok
08:34:23.0421 0560 mfehidk10 - ok
08:34:23.0484 0560 mfehidk11 - ok
08:34:23.0546 0560 mfehidk12 - ok
08:34:23.0609 0560 mfehidk13 - ok
08:34:23.0671 0560 mfehidk14 - ok
08:34:23.0687 0560 mfehidk15 - ok
08:34:23.0718 0560 mfehidk16 - ok
08:34:23.0750 0560 mfehidk17 - ok
08:34:23.0765 0560 mfehidk18 - ok
08:34:23.0796 0560 mfehidk19 - ok
08:34:23.0828 0560 mfehidk20 - ok
08:34:23.0859 0560 mfehidk21 - ok
08:34:23.0875 0560 mfehidk22 - ok
08:34:23.0906 0560 mfehidk23 - ok
08:34:23.0937 0560 mfehidk24 - ok
08:34:23.0968 0560 mfehidk25 - ok
08:34:24.0000 0560 mfehidk26 - ok
08:34:24.0015 0560 mfehidk27 - ok
08:34:24.0046 0560 mfehidk28 - ok
08:34:24.0078 0560 mfehidk29 - ok
08:34:24.0109 0560 mfehidk30 - ok
08:34:24.0140 0560 mfehidk31 - ok
08:34:24.0187 0560 mfehidk32 - ok
08:34:24.0218 0560 mfehidk33 - ok
08:34:24.0234 0560 mfehidk34 - ok
08:34:24.0281 0560 mfehidk35 - ok
08:34:24.0312 0560 mfehidk36 - ok
08:34:24.0328 0560 mfehidk37 - ok
08:34:24.0359 0560 mfehidk38 - ok
08:34:24.0390 0560 mfehidk39 - ok
08:34:24.0421 0560 mfehidk40 - ok
08:34:24.0437 0560 mfehidk41 - ok
08:34:24.0468 0560 mfehidk42 - ok
08:34:24.0500 0560 mfehidk43 - ok
08:34:24.0640 0560 mfehidk44 - ok
08:34:24.0671 0560 mfehidk45 - ok
08:34:24.0718 0560 mfehidk46 - ok
08:34:24.0765 0560 mfehidk47 - ok
08:34:24.0796 0560 mfehidk48 - ok
08:34:24.0843 0560 mfehidk49 - ok
08:34:24.0890 0560 mfehidk50 - ok
08:34:24.0921 0560 mfehidk51 - ok
08:34:24.0968 0560 mfehidk52 - ok
08:34:25.0015 0560 mfehidk53 - ok
08:34:25.0078 0560 mfehidk54 - ok
08:34:25.0140 0560 mfehidk55 - ok
08:34:25.0203 0560 mfehidk56 - ok
08:34:25.0250 0560 mfehidk57 - ok
08:34:25.0312 0560 mfehidk58 - ok
08:34:25.0375 0560 mfehidk59 - ok
08:34:25.0421 0560 mfehidk60 - ok
08:34:25.0484 0560 mfehidk61 - ok
08:34:25.0546 0560 mfehidk62 - ok
08:34:25.0609 0560 mfehidk63 - ok
08:34:25.0656 0560 mfehidk64 - ok
08:34:25.0703 0560 mfehidk65 - ok
08:34:25.0750 0560 mfehidk66 - ok
08:34:25.0781 0560 mfehidk67 - ok
08:34:25.0828 0560 mfehidk68 - ok
08:34:25.0859 0560 mfehidk69 - ok
08:34:25.0906 0560 mfehidk70 - ok
08:34:25.0953 0560 mfehidk71 - ok
08:34:25.0984 0560 mfehidk72 - ok
08:34:26.0031 0560 mfehidk73 - ok
08:34:26.0078 0560 mfehidk74 - ok
08:34:26.0125 0560 mfehidk75 - ok
08:34:26.0187 0560 mfehidk76 - ok
08:34:26.0250 0560 mfehidk77 - ok
08:34:26.0296 0560 mfehidk78 - ok
08:34:26.0359 0560 mfehidk79 - ok
08:34:26.0421 0560 mfehidk80 - ok
08:34:26.0468 0560 mfehidk81 - ok
08:34:26.0500 0560 mfehidk82 - ok
08:34:26.0546 0560 mfehidk83 - ok
08:34:26.0593 0560 mfehidk84 - ok
08:34:26.0640 0560 mfehidk85 - ok
08:34:26.0671 0560 mfehidk86 - ok
08:34:26.0718 0560 mfehidk87 - ok
08:34:26.0765 0560 mfehidk88 - ok
08:34:26.0796 0560 mfehidk89 - ok
08:34:26.0843 0560 mfehidk90 - ok
08:34:26.0890 0560 mfehidk91 - ok
08:34:26.0921 0560 mfehidk92 - ok
08:34:26.0968 0560 mfehidk93 - ok
08:34:27.0015 0560 mfehidk94 - ok
08:34:27.0078 0560 mfehidk95 - ok
08:34:27.0140 0560 mfehidk96 - ok
08:34:27.0203 0560 mfehidk97 - ok
08:34:27.0265 0560 mfehidk98 - ok
08:34:27.0328 0560 mfehidk99 - ok
08:34:27.0421 0560 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
08:34:27.0421 0560 mfendisk - ok
08:34:27.0421 0560 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
08:34:27.0437 0560 mfendiskmp - ok
08:34:27.0500 0560 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
08:34:27.0500 0560 mferkdet - ok
08:34:27.0578 0560 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
08:34:27.0578 0560 mfetdi2k - ok
08:34:27.0656 0560 mfevtp (e91c36e76e6395f233b3ae2ebc17251e) C:\WINDOWS\system32\mfevtps.exe
08:34:27.0671 0560 mfevtp - ok
08:34:27.0734 0560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:34:27.0734 0560 mnmdd - ok
08:34:27.0796 0560 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:34:27.0796 0560 mnmsrvc - ok
08:34:27.0906 0560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:34:27.0906 0560 Modem - ok
08:34:27.0984 0560 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:34:27.0984 0560 MODEMCSA - ok
08:34:28.0031 0560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:34:28.0046 0560 Mouclass - ok
08:34:28.0125 0560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:34:28.0125 0560 mouhid - ok
08:34:28.0203 0560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:34:28.0203 0560 MountMgr - ok
08:34:28.0250 0560 mraid35x - ok
08:34:28.0312 0560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:34:28.0328 0560 MRxDAV - ok
08:34:28.0421 0560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:34:28.0421 0560 MRxSmb - ok
08:34:28.0515 0560 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:34:28.0515 0560 MSDTC - ok
08:34:28.0593 0560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:34:28.0593 0560 Msfs - ok
08:34:28.0640 0560 MSIServer - ok
08:34:28.0718 0560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:34:28.0718 0560 MSKSSRV - ok
08:34:28.0765 0560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:34:28.0765 0560 MSPCLOCK - ok
08:34:28.0828 0560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:34:28.0828 0560 MSPQM - ok
08:34:28.0906 0560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:34:28.0906 0560 mssmbios - ok
08:34:29.0000 0560 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:34:29.0000 0560 MSTEE - ok
08:34:29.0078 0560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:34:29.0078 0560 Mup - ok
08:34:29.0140 0560 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:34:29.0140 0560 NABTSFEC - ok
08:34:29.0234 0560 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:34:29.0234 0560 napagent - ok
08:34:29.0328 0560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:34:29.0328 0560 NDIS - ok
08:34:29.0390 0560 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:34:29.0390 0560 NdisIP - ok
08:34:29.0468 0560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:34:29.0468 0560 NdisTapi - ok
08:34:29.0500 0560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:34:29.0500 0560 Ndisuio - ok
08:34:29.0562 0560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:34:29.0562 0560 NdisWan - ok
08:34:29.0656 0560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:34:29.0656 0560 NDProxy - ok
08:34:29.0750 0560 Net Driver HPZ12 (9eac175ba34898308620c1984c881845) C:\WINDOWS\system32\HPZinw12.dll
08:34:29.0750 0560 Net Driver HPZ12 - ok
08:34:29.0843 0560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:34:29.0843 0560 NetBIOS - ok
08:34:29.0921 0560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:34:29.0921 0560 NetBT - ok
08:34:30.0000 0560 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:34:30.0000 0560 NetDDE - ok
08:34:30.0015 0560 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:34:30.0015 0560 NetDDEdsdm - ok
08:34:30.0125 0560 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:30.0125 0560 Netlogon - ok
08:34:30.0171 0560 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:34:30.0171 0560 Netman - ok
08:34:30.0296 0560 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:34:30.0296 0560 NetTcpPortSharing - ok
08:34:30.0375 0560 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:34:30.0375 0560 Nla - ok
08:34:30.0437 0560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:34:30.0437 0560 Npfs - ok
08:34:30.0484 0560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:34:30.0500 0560 Ntfs - ok
08:34:30.0562 0560 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:30.0562 0560 NtLmSsp - ok
08:34:30.0640 0560 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:34:30.0640 0560 NtmsSvc - ok
08:34:30.0718 0560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:34:30.0734 0560 Null - ok
08:34:30.0781 0560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:34:30.0781 0560 NwlnkFlt - ok
08:34:30.0828 0560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:34:30.0828 0560 NwlnkFwd - ok
08:34:30.0859 0560 OMCI - ok
08:34:30.0953 0560 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:34:30.0953 0560 ose - ok
08:34:31.0234 0560 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:34:31.0390 0560 osppsvc - ok
08:34:31.0453 0560 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
08:34:31.0453 0560 ossrv - ok
08:34:31.0531 0560 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
08:34:31.0531 0560 P17 - ok
08:34:31.0609 0560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:34:31.0609 0560 Parport - ok
08:34:31.0656 0560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:34:31.0656 0560 PartMgr - ok
08:34:31.0718 0560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:34:31.0718 0560 ParVdm - ok
08:34:31.0781 0560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:34:31.0781 0560 PCI - ok
08:34:31.0828 0560 PCIDump - ok
08:34:31.0875 0560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:34:31.0875 0560 PCIIde - ok
08:34:31.0921 0560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:34:31.0921 0560 Pcmcia - ok
08:34:31.0968 0560 PDCOMP - ok
08:34:32.0000 0560 PDFRAME - ok
08:34:32.0031 0560 PDRELI - ok
08:34:32.0140 0560 PDRFRAME - ok
08:34:32.0187 0560 perc2 - ok
08:34:32.0265 0560 perc2hib - ok
08:34:32.0390 0560 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:34:32.0390 0560 PlugPlay - ok
08:34:32.0453 0560 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\WINDOWS\system32\HPZipm12.dll
08:34:32.0453 0560 Pml Driver HPZ12 - ok
08:34:32.0484 0560 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:32.0484 0560 PolicyAgent - ok
08:34:32.0531 0560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:34:32.0531 0560 PptpMiniport - ok
08:34:32.0562 0560 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:32.0562 0560 ProtectedStorage - ok
08:34:32.0578 0560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:34:32.0593 0560 PSched - ok
08:34:32.0656 0560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:34:32.0656 0560 Ptilink - ok
08:34:32.0703 0560 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:34:32.0703 0560 PxHelp20 - ok
08:34:32.0859 0560 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
08:34:32.0859 0560 QBCFMonitorService - ok
08:34:32.0906 0560 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
08:34:32.0906 0560 QBFCService - ok
08:34:33.0031 0560 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
08:34:33.0078 0560 QBVSS - ok
08:34:33.0140 0560 ql1080 - ok
08:34:33.0171 0560 Ql10wnt - ok
08:34:33.0187 0560 ql12160 - ok
08:34:33.0218 0560 ql1240 - ok
08:34:33.0250 0560 ql1280 - ok
08:34:33.0296 0560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:34:33.0296 0560 RasAcd - ok
08:34:33.0343 0560 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:34:33.0359 0560 RasAuto - ok
08:34:33.0421 0560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:34:33.0421 0560 Rasl2tp - ok
08:34:33.0468 0560 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:34:33.0468 0560 RasMan - ok
08:34:33.0500 0560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:34:33.0500 0560 RasPppoe - ok
08:34:33.0531 0560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:34:33.0531 0560 Raspti - ok
08:34:33.0562 0560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:34:33.0562 0560 Rdbss - ok
08:34:33.0578 0560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:34:33.0578 0560 RDPCDD - ok
08:34:33.0625 0560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:34:33.0640 0560 rdpdr - ok
08:34:33.0703 0560 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:34:33.0703 0560 RDPWD - ok
08:34:33.0734 0560 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:34:33.0734 0560 RDSessMgr - ok
08:34:33.0765 0560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:34:33.0765 0560 redbook - ok
08:34:33.0812 0560 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:34:33.0812 0560 RemoteAccess - ok
08:34:33.0859 0560 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:34:33.0875 0560 RemoteRegistry - ok
08:34:33.0890 0560 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:34:33.0890 0560 RpcLocator - ok
08:34:33.0968 0560 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:34:33.0968 0560 RpcSs - ok
08:34:34.0015 0560 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:34:34.0015 0560 RSVP - ok
08:34:34.0109 0560 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:34.0109 0560 SamSs - ok
08:34:34.0140 0560 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:34:34.0156 0560 SCardSvr - ok
08:34:34.0187 0560 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:34:34.0187 0560 Schedule - ok
08:34:34.0281 0560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:34:34.0281 0560 Secdrv - ok
08:34:34.0328 0560 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:34:34.0328 0560 seclogon - ok
08:34:34.0343 0560 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:34:34.0359 0560 SENS - ok
08:34:34.0406 0560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:34:34.0406 0560 serenum - ok
08:34:34.0421 0560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:34:34.0421 0560 Serial - ok
08:34:34.0531 0560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:34:34.0531 0560 Sfloppy - ok
08:34:34.0609 0560 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:34:34.0609 0560 SharedAccess - ok
08:34:34.0671 0560 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:34:34.0671 0560 ShellHWDetection - ok
08:34:34.0703 0560 Simbad - ok
08:34:34.0750 0560 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:34:34.0750 0560 SLIP - ok
08:34:34.0796 0560 Sparrow - ok
08:34:34.0843 0560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:34:34.0843 0560 splitter - ok
08:34:34.0906 0560 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:34:34.0906 0560 Spooler - ok
08:34:34.0984 0560 sprtlisten - ok
08:34:35.0031 0560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:34:35.0031 0560 sr - ok
08:34:35.0109 0560 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:34:35.0109 0560 srservice - ok
08:34:35.0140 0560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:34:35.0156 0560 Srv - ok
08:34:35.0187 0560 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
08:34:35.0187 0560 sscdbhk5 - ok
08:34:35.0234 0560 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:34:35.0250 0560 SSDPSRV - ok
08:34:35.0281 0560 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
08:34:35.0281 0560 ssrtln - ok
08:34:35.0328 0560 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
08:34:35.0328 0560 StillCam - ok
08:34:35.0375 0560 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:34:35.0375 0560 stisvc - ok
08:34:35.0421 0560 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:34:35.0421 0560 streamip - ok
08:34:35.0515 0560 SupportSoft RemoteAssist (2e5586392cdfbd1d73badb20e9ed6386) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
08:34:35.0531 0560 SupportSoft RemoteAssist - ok
08:34:35.0593 0560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:34:35.0593 0560 swenum - ok
08:34:35.0640 0560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:34:35.0640 0560 swmidi - ok
08:34:35.0671 0560 SwPrv - ok
08:34:35.0718 0560 symc810 - ok
08:34:35.0750 0560 symc8xx - ok
08:34:35.0765 0560 sym_hi - ok
08:34:35.0796 0560 sym_u3 - ok
08:34:35.0828 0560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:34:35.0828 0560 sysaudio - ok
08:34:35.0875 0560 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:34:35.0890 0560 SysmonLog - ok
08:34:35.0921 0560 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:34:35.0921 0560 TapiSrv - ok
08:34:35.0984 0560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:34:35.0984 0560 Tcpip - ok
08:34:36.0031 0560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:34:36.0031 0560 TDPIPE - ok
08:34:36.0062 0560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:34:36.0062 0560 TDTCP - ok
08:34:36.0109 0560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:34:36.0109 0560 TermDD - ok
08:34:36.0171 0560 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:34:36.0171 0560 TermService - ok
08:34:36.0234 0560 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
08:34:36.0234 0560 tfsnboio - ok
08:34:36.0250 0560 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
08:34:36.0250 0560 tfsncofs - ok
08:34:36.0296 0560 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
08:34:36.0296 0560 tfsndrct - ok
08:34:36.0343 0560 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
08:34:36.0343 0560 tfsndres - ok
08:34:36.0375 0560 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
08:34:36.0375 0560 tfsnifs - ok
08:34:36.0406 0560 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
08:34:36.0406 0560 tfsnopio - ok
08:34:36.0437 0560 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
08:34:36.0437 0560 tfsnpool - ok
08:34:36.0468 0560 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
08:34:36.0468 0560 tfsnudf - ok
08:34:36.0500 0560 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
08:34:36.0500 0560 tfsnudfa - ok
08:34:36.0562 0560 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:34:36.0562 0560 Themes - ok
08:34:36.0609 0560 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:34:36.0625 0560 TlntSvr - ok
08:34:36.0640 0560 TosIde - ok
08:34:36.0703 0560 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:34:36.0703 0560 TrkWks - ok
08:34:36.0765 0560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:34:36.0765 0560 Udfs - ok
08:34:36.0781 0560 ultra - ok
08:34:36.0859 0560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:34:36.0859 0560 Update - ok
08:34:36.0906 0560 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:34:36.0906 0560 upnphost - ok
08:34:36.0953 0560 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:34:36.0953 0560 UPS - ok
08:34:37.0000 0560 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:34:37.0000 0560 USBAAPL - ok
08:34:37.0062 0560 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:34:37.0062 0560 usbaudio - ok
08:34:37.0093 0560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:34:37.0093 0560 usbccgp - ok
08:34:37.0156 0560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:34:37.0156 0560 usbehci - ok
08:34:37.0203 0560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:34:37.0203 0560 usbhub - ok
08:34:37.0265 0560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:34:37.0265 0560 usbprint - ok
08:34:37.0296 0560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:34:37.0296 0560 usbscan - ok
08:34:37.0343 0560 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:34:37.0343 0560 usbstor - ok
08:34:37.0406 0560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:34:37.0406 0560 usbuhci - ok
08:34:37.0437 0560 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:34:37.0437 0560 usbvideo - ok
08:34:37.0468 0560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:34:37.0468 0560 VgaSave - ok
08:34:37.0484 0560 ViaIde - ok
08:34:37.0531 0560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:34:37.0531 0560 VolSnap - ok
08:34:37.0593 0560 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:34:37.0609 0560 VSS - ok
08:34:37.0640 0560 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:34:37.0656 0560 W32Time - ok
08:34:37.0687 0560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:34:37.0687 0560 Wanarp - ok
08:34:37.0750 0560 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
08:34:37.0750 0560 wanatw - ok
08:34:37.0765 0560 WDICA - ok
08:34:37.0843 0560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:34:37.0843 0560 wdmaud - ok
08:34:37.0875 0560 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:34:37.0875 0560 WebClient - ok
08:34:37.0953 0560 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:34:37.0953 0560 winachsf - ok
08:34:38.0031 0560 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:34:38.0031 0560 winmgmt - ok
08:34:38.0109 0560 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
08:34:38.0125 0560 WMDM PMSP Service - ok
08:34:38.0171 0560 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
08:34:38.0171 0560 WmdmPmSN - ok
08:34:38.0234 0560 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:34:38.0250 0560 Wmi - ok
08:34:38.0281 0560 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:34:38.0296 0560 WmiApSrv - ok
08:34:38.0453 0560 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:34:38.0484 0560 WPFFontCache_v0400 - ok
08:34:38.0546 0560 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:34:38.0546 0560 wscsvc - ok
08:34:38.0609 0560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:34:38.0609 0560 WSTCODEC - ok
08:34:38.0625 0560 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:34:38.0640 0560 wuauserv - ok
08:34:38.0703 0560 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:34:38.0703 0560 WZCSVC - ok
08:34:38.0750 0560 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:34:38.0750 0560 xmlprov - ok
08:34:38.0796 0560 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:34:38.0921 0560 \Device\Harddisk0\DR0 - ok
08:34:38.0937 0560 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
08:34:39.0015 0560 \Device\Harddisk1\DR2 - ok
08:34:39.0015 0560 Boot (0x1200) (a06a8228af67a4b512400ed7f1c27886) \Device\Harddisk0\DR0\Partition0
08:34:39.0015 0560 \Device\Harddisk0\DR0\Partition0 - ok
08:34:39.0046 0560 Boot (0x1200) (92e31a9a6d42112075793bee0a5a87bc) \Device\Harddisk1\DR2\Partition0
08:34:39.0046 0560 \Device\Harddisk1\DR2\Partition0 - ok
08:34:39.0062 0560 ============================================================
08:34:39.0062 0560 Scan finished
08:34:39.0062 0560 ============================================================
08:34:39.0109 0928 Detected object count: 0
08:34:39.0109 0928 Actual detected object count: 0
08:35:29.0250 1868 ============================================================
08:35:29.0250 1868 Scan started
08:35:29.0250 1868 Mode: Manual; SigCheck; TDLFS;
08:35:29.0250 1868 ============================================================
08:35:29.0937 1868 0118341334031737mcinstcleanup - ok
08:35:30.0015 1868 Abiosdsk - ok
08:35:30.0078 1868 abp480n5 - ok
08:35:30.0218 1868 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:35:30.0406 1868 ACDaemon - ok
08:35:30.0484 1868 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:35:31.0031 1868 ACPI - ok
08:35:31.0093 1868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:35:31.0281 1868 ACPIEC - ok
08:35:31.0312 1868 adpu160m - ok
08:35:31.0406 1868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:35:31.0578 1868 aec - ok
08:35:31.0656 1868 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
08:35:31.0671 1868 Afc - ok
08:35:31.0734 1868 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:35:31.0765 1868 AFD - ok
08:35:31.0796 1868 Aha154x - ok
08:35:31.0828 1868 aic78u2 - ok
08:35:31.0875 1868 aic78xx - ok
08:35:31.0937 1868 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:35:32.0125 1868 Alerter - ok
08:35:32.0156 1868 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:35:32.0265 1868 ALG - ok
08:35:32.0296 1868 AliIde - ok
08:35:32.0328 1868 amsint - ok
08:35:32.0437 1868 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
08:35:32.0453 1868 AOL ACS - ok
08:35:32.0562 1868 AOL Computer Checkup (21cad6f7ded13688e6a1a525f048a2b7) C:\Program Files\AOL Computer Checkup\SDCService.exe
08:35:32.0625 1868 AOL Computer Checkup - ok
08:35:32.0718 1868 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys
08:35:32.0765 1868 APL531 ( UnsignedFile.Multi.Generic ) - warning
08:35:32.0765 1868 APL531 - detected UnsignedFile.Multi.Generic (1)
08:35:32.0843 1868 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:35:32.0859 1868 Apple Mobile Device - ok
08:35:32.0937 1868 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:35:33.0062 1868 AppMgmt - ok
08:35:33.0093 1868 asc - ok
08:35:33.0140 1868 asc3350p - ok
08:35:33.0171 1868 asc3550 - ok
08:35:33.0281 1868 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:35:33.0296 1868 aspnet_state - ok
08:35:33.0375 1868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:35:33.0546 1868 AsyncMac - ok
08:35:33.0609 1868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:35:33.0812 1868 atapi - ok
08:35:33.0843 1868 Atdisk - ok
08:35:33.0906 1868 Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed) C:\WINDOWS\system32\Ati2evxx.exe
08:35:33.0984 1868 Ati HotKey Poller - ok
08:35:34.0062 1868 ATI Smart (d41eb535e2b2d8872463e5f59f215d4e) C:\WINDOWS\system32\ati2sgag.exe
08:35:34.0093 1868 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
08:35:34.0093 1868 ATI Smart - detected UnsignedFile.Multi.Generic (1)
08:35:34.0187 1868 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:35:34.0312 1868 ati2mtag - ok
08:35:34.0406 1868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:35:34.0593 1868 Atmarpc - ok
08:35:34.0671 1868 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:35:34.0859 1868 AudioSrv - ok
08:35:34.0937 1868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:35:35.0109 1868 audstub - ok
08:35:35.0156 1868 b57w2k (8c0403aa21029804f31d869e6b0adedf) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:35:35.0203 1868 b57w2k - ok
08:35:35.0296 1868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:35:35.0468 1868 Beep - ok
08:35:35.0546 1868 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:35:35.0781 1868 BITS - ok
08:35:35.0890 1868 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:35:35.0921 1868 Bonjour Service - ok
08:35:35.0984 1868 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:35:36.0171 1868 Browser - ok
08:35:36.0203 1868 bvrp_pci - ok
08:35:36.0281 1868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:35:36.0468 1868 cbidf2k - ok
08:35:36.0531 1868 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:35:36.0718 1868 CCDECODE - ok
08:35:36.0750 1868 cd20xrnt - ok
08:35:36.0828 1868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:35:37.0000 1868 Cdaudio - ok
08:35:37.0078 1868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:35:37.0265 1868 Cdfs - ok
08:35:37.0343 1868 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:35:37.0359 1868 Cdrom - ok
08:35:37.0421 1868 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
08:35:37.0437 1868 cfwids - ok
08:35:37.0468 1868 Changer - ok
08:35:37.0531 1868 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:35:37.0703 1868 CiSvc - ok
08:35:37.0750 1868 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:35:37.0953 1868 ClipSrv - ok
08:35:38.0015 1868 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:35:38.0046 1868 clr_optimization_v2.0.50727_32 - ok
08:35:38.0125 1868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:35:38.0140 1868 clr_optimization_v4.0.30319_32 - ok
08:35:38.0171 1868 CmdIde - ok
08:35:38.0203 1868 COMSysApp - ok
08:35:38.0265 1868 Cpqarray - ok
08:35:38.0343 1868 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
08:35:38.0343 1868 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
08:35:38.0343 1868 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
08:35:38.0390 1868 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:35:38.0593 1868 CryptSvc - ok
08:35:38.0687 1868 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
08:35:38.0718 1868 ctsfm2k - ok
08:35:38.0765 1868 dac2w2k - ok
08:35:38.0828 1868 dac960nt - ok
08:35:38.0890 1868 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:35:38.0937 1868 DcomLaunch - ok
08:35:39.0031 1868 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:35:39.0234 1868 Dhcp - ok
08:35:39.0312 1868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:35:39.0500 1868 Disk - ok
08:35:39.0546 1868 dmadmin - ok
08:35:39.0609 1868 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:35:39.0812 1868 dmboot - ok
08:35:39.0859 1868 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:35:40.0046 1868 dmio - ok
08:35:40.0093 1868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:35:40.0281 1868 dmload - ok
08:35:40.0359 1868 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:35:40.0546 1868 dmserver - ok
08:35:40.0609 1868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:35:40.0812 1868 DMusic - ok
08:35:40.0875 1868 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:35:40.0906 1868 Dnscache - ok
08:35:40.0968 1868 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:35:41.0140 1868 Dot3svc - ok
08:35:41.0187 1868 dpti2o - ok
08:35:41.0218 1868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:35:41.0421 1868 drmkaud - ok
08:35:41.0500 1868 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
08:35:41.0515 1868 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
08:35:41.0515 1868 drvmcdb - detected UnsignedFile.Multi.Generic (1)
08:35:41.0546 1868 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
08:35:41.0562 1868 drvnddm ( UnsignedFile.Multi.Generic ) - warning
08:35:41.0562 1868 drvnddm - detected UnsignedFile.Multi.Generic (1)
08:35:41.0593 1868 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:35:41.0765 1868 EapHost - ok
08:35:41.0828 1868 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:35:42.0015 1868 ERSvc - ok
08:35:42.0093 1868 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:35:42.0125 1868 Eventlog - ok
08:35:42.0203 1868 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\Es.dll
08:35:42.0234 1868 EventSystem - ok
08:35:42.0312 1868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:35:42.0500 1868 Fastfat - ok
08:35:42.0578 1868 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:35:42.0609 1868 FastUserSwitchingCompatibility - ok
08:35:42.0687 1868 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
08:35:42.0890 1868 Fax - ok
08:35:42.0937 1868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:35:43.0125 1868 Fdc - ok
08:35:43.0187 1868 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
08:35:43.0203 1868 FilterService - ok
08:35:43.0250 1868 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:35:43.0453 1868 Fips - ok
08:35:43.0484 1868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:35:43.0671 1868 Flpydisk - ok
08:35:43.0734 1868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:35:43.0937 1868 FltMgr - ok
08:35:44.0078 1868 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:35:44.0093 1868 FontCache3.0.0.0 - ok
08:35:44.0140 1868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:35:44.0328 1868 Fs_Rec - ok
08:35:44.0390 1868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:35:44.0656 1868 Ftdisk - ok
08:35:44.0718 1868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:35:44.0734 1868 GEARAspiWDM - ok
08:35:44.0796 1868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:35:44.0968 1868 Gpc - ok
08:35:45.0031 1868 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:35:45.0203 1868 helpsvc - ok
08:35:45.0281 1868 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:35:45.0468 1868 HidServ - ok
08:35:45.0515 1868 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:35:45.0703 1868 hidusb - ok
08:35:45.0765 1868 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:35:45.0953 1868 hkmsvc - ok
08:35:45.0984 1868 hpn - ok
08:35:46.0062 1868 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
08:35:46.0109 1868 HSFHWBS2 - ok
08:35:46.0171 1868 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
08:35:46.0265 1868 HSF_DP - ok
08:35:46.0359 1868 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:35:46.0375 1868 HTTP - ok
08:35:46.0406 1868 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:35:46.0593 1868 HTTPFilter - ok
08:35:46.0640 1868 i2omgmt - ok
08:35:46.0671 1868 i2omp - ok
08:35:46.0734 1868 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:35:46.0906 1868 i8042prt - ok
08:35:47.0000 1868 iastor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:35:47.0078 1868 iastor - ok
08:35:47.0234 1868 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:35:47.0281 1868 idsvc - ok
08:35:47.0359 1868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:35:47.0546 1868 Imapi - ok
08:35:47.0609 1868 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:35:47.0812 1868 ImapiService - ok
08:35:47.0859 1868 ini910u - ok
08:35:47.0906 1868 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:35:48.0093 1868 IntelIde - ok
08:35:48.0156 1868 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:35:48.0328 1868 intelppm - ok
08:35:48.0453 1868 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
08:35:48.0468 1868 IntuitUpdateService - ok
08:35:48.0546 1868 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:35:48.0562 1868 IntuitUpdateServiceV4 - ok
08:35:48.0609 1868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:35:48.0796 1868 Ip6Fw - ok
08:35:48.0843 1868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:35:49.0031 1868 IpFilterDriver - ok
08:35:49.0093 1868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:35:49.0281 1868 IpInIp - ok
08:35:49.0343 1868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:35:49.0531 1868 IpNat - ok
08:35:49.0625 1868 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
08:35:49.0656 1868 iPod Service - ok
08:35:49.0703 1868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:35:49.0890 1868 IPSec - ok
08:35:49.0937 1868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:35:50.0046 1868 IRENUM - ok
08:35:50.0125 1868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:35:50.0312 1868 isapnp - ok
08:35:50.0390 1868 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:35:50.0593 1868 Kbdclass - ok
08:35:50.0625 1868 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:35:50.0812 1868 kbdhid - ok
08:35:50.0890 1868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:35:51.0078 1868 kmixer - ok
08:35:51.0140 1868 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:35:51.0171 1868 KSecDD - ok
08:35:51.0234 1868 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:35:51.0281 1868 lanmanserver - ok
08:35:51.0343 1868 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:35:51.0390 1868 lanmanworkstation - ok
08:35:51.0609 1868 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
08:35:51.0703 1868 Lavasoft Ad-Aware Service - ok
08:35:51.0734 1868 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
08:35:51.0750 1868 Lavasoft Kernexplorer - ok
08:35:51.0828 1868 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
08:35:51.0843 1868 Lbd - ok
08:35:51.0875 1868 lbrtfdc - ok
08:35:51.0953 1868 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:35:52.0140 1868 LmHosts - ok
08:35:52.0265 1868 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
08:35:52.0359 1868 LVcKap - ok
08:35:52.0453 1868 LVCOMSer (9e41266c68c11d7101a2d18cd1f7553e) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
08:35:52.0484 1868 LVCOMSer - ok
08:35:52.0593 1868 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
08:35:52.0703 1868 LVMVDrv - ok
08:35:52.0828 1868 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
08:35:52.0906 1868 lvpopflt - ok
08:35:52.0953 1868 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
08:35:52.0968 1868 LVPr2Mon - ok
08:35:53.0031 1868 LVPrcSrv (85c2e84bc1224c75a20b5560d5a15db9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
08:35:53.0062 1868 LVPrcSrv - ok
08:35:53.0093 1868 LVSrvLauncher (656180e9c0c5199520972426c44bc2f0) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
08:35:53.0109 1868 LVSrvLauncher - ok
08:35:53.0187 1868 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
08:35:53.0203 1868 LVUSBSta - ok
08:35:53.0375 1868 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
08:35:53.0531 1868 LVUVC - ok
08:35:53.0656 1868 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:35:53.0687 1868 McMPFSvc - ok
08:35:53.0703 1868 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:35:53.0734 1868 mcmscsvc - ok
08:35:53.0750 1868 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:35:53.0781 1868 McNaiAnn - ok
08:35:53.0796 1868 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:35:53.0828 1868 McNASvc - ok
08:35:53.0937 1868 McODS (e8c5aae17e8332f5f4f57935238cd5eb) C:\Program Files\McAfee\VirusScan\mcods.exe
08:35:53.0968 1868 McODS - ok
08:35:53.0984 1868 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:35:54.0000 1868 McProxy - ok
08:35:54.0062 1868 McShield (151f3ca25b739b9cb0066abd1523f064) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
08:35:54.0078 1868 McShield - ok
08:35:54.0171 1868 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:35:54.0203 1868 mdmxsdk - ok
08:35:54.0250 1868 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:35:54.0453 1868 Messenger - ok
08:35:54.0515 1868 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
08:35:54.0546 1868 mfeapfk - ok
08:35:54.0593 1868 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
08:35:54.0609 1868 mfeavfk - ok
08:35:54.0671 1868 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
08:35:54.0687 1868 mfebopk - ok
08:35:54.0812 1868 mfefire (26ba2eebcff16f611ce1118fa0850810) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:35:54.0828 1868 mfefire - ok
08:35:54.0890 1868 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
08:35:54.0906 1868 mfefirek - ok
08:35:54.0968 1868 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
08:35:55.0015 1868 mfehidk - ok
08:35:55.0046 1868 mfehidk01 - ok
08:35:55.0078 1868 mfehidk02 - ok
08:35:55.0109 1868 mfehidk03 - ok
08:35:55.0156 1868 mfehidk04 - ok
08:35:55.0187 1868 mfehidk05 - ok
08:35:55.0218 1868 mfehidk06 - ok
08:35:55.0265 1868 mfehidk07 - ok
08:35:55.0296 1868 mfehidk08 - ok
08:35:55.0328 1868 mfehidk09 - ok
08:35:55.0359 1868 mfehidk10 - ok
08:35:55.0406 1868 mfehidk11 - ok
08:35:55.0437 1868 mfehidk12 - ok
08:35:55.0468 1868 mfehidk13 - ok
08:35:55.0500 1868 mfehidk14 - ok
08:35:55.0531 1868 mfehidk15 - ok
08:35:55.0578 1868 mfehidk16 - ok
08:35:55.0609 1868 mfehidk17 - ok
08:35:55.0656 1868 mfehidk18 - ok
08:35:55.0687 1868 mfehidk19 - ok
08:35:55.0718 1868 mfehidk20 - ok
08:35:55.0765 1868 mfehidk21 - ok
08:35:55.0796 1868 mfehidk22 - ok
08:35:55.0828 1868 mfehidk23 - ok
08:35:55.0859 1868 mfehidk24 - ok
08:35:55.0906 1868 mfehidk25 - ok
08:35:55.0937 1868 mfehidk26 - ok
08:35:55.0968 1868 mfehidk27 - ok
08:35:56.0015 1868 mfehidk28 - ok
08:35:56.0078 1868 mfehidk29 - ok
08:35:56.0125 1868 mfehidk30 - ok
08:35:56.0140 1868 mfehidk31 - ok
08:35:56.0187 1868 mfehidk32 - ok
08:35:56.0203 1868 mfehidk33 - ok
08:35:56.0265 1868 mfehidk34 - ok
08:35:56.0312 1868 mfehidk35 - ok
08:35:56.0375 1868 mfehidk36 - ok
08:35:56.0421 1868 mfehidk37 - ok
08:35:56.0453 1868 mfehidk38 - ok
08:35:56.0484 1868 mfehidk39 - ok
08:35:56.0531 1868 mfehidk40 - ok
08:35:56.0578 1868 mfehidk41 - ok
08:35:56.0609 1868 mfehidk42 - ok
08:35:56.0656 1868 mfehidk43 - ok
08:35:56.0687 1868 mfehidk44 - ok
08:35:56.0734 1868 mfehidk45 - ok
08:35:56.0781 1868 mfehidk46 - ok
08:35:56.0828 1868 mfehidk47 - ok
08:35:56.0859 1868 mfehidk48 - ok
08:35:56.0906 1868 mfehidk49 - ok
08:35:56.0937 1868 mfehidk50 - ok
08:35:56.0968 1868 mfehidk51 - ok
08:35:57.0015 1868 mfehidk52 - ok
08:35:57.0046 1868 mfehidk53 - ok
08:35:57.0093 1868 mfehidk54 - ok
08:35:57.0140 1868 mfehidk55 - ok
08:35:57.0171 1868 mfehidk56 - ok
08:35:57.0218 1868 mfehidk57 - ok
08:35:57.0265 1868 mfehidk58 - ok
08:35:57.0328 1868 mfehidk59 - ok
08:35:57.0375 1868 mfehidk60 - ok
08:35:57.0421 1868 mfehidk61 - ok
08:35:57.0453 1868 mfehidk62 - ok
08:35:57.0500 1868 mfehidk63 - ok
08:35:57.0546 1868 mfehidk64 - ok
08:35:57.0578 1868 mfehidk65 - ok
08:35:57.0625 1868 mfehidk66 - ok
08:35:57.0656 1868 mfehidk67 - ok
08:35:57.0703 1868 mfehidk68 - ok
08:35:57.0734 1868 mfehidk69 - ok
08:35:57.0781 1868 mfehidk70 - ok
08:35:57.0828 1868 mfehidk71 - ok
08:35:57.0859 1868 mfehidk72 - ok
08:35:57.0906 1868 mfehidk73 - ok
08:35:57.0937 1868 mfehidk74 - ok
08:35:57.0968 1868 mfehidk75 - ok
08:35:58.0015 1868 mfehidk76 - ok
08:35:58.0046 1868 mfehidk77 - ok
08:35:58.0093 1868 mfehidk78 - ok
08:35:58.0140 1868 mfehidk79 - ok
08:35:58.0171 1868 mfehidk80 - ok
08:35:58.0218 1868 mfehidk81 - ok
08:35:58.0265 1868 mfehidk82 - ok
08:35:58.0312 1868 mfehidk83 - ok
08:35:58.0343 1868 mfehidk84 - ok
08:35:58.0390 1868 mfehidk85 - ok
08:35:58.0421 1868 mfehidk86 - ok
08:35:58.0468 1868 mfehidk87 - ok
08:35:58.0515 1868 mfehidk88 - ok
08:35:58.0546 1868 mfehidk89 - ok
08:35:58.0593 1868 mfehidk90 - ok
08:35:58.0640 1868 mfehidk91 - ok
08:35:58.0671 1868 mfehidk92 - ok
08:35:58.0718 1868 mfehidk93 - ok
08:35:58.0765 1868 mfehidk94 - ok
08:35:58.0796 1868 mfehidk95 - ok
08:35:58.0843 1868 mfehidk96 - ok
08:35:58.0890 1868 mfehidk97 - ok
08:35:58.0921 1868 mfehidk98 - ok
08:35:58.0968 1868 mfehidk99 - ok
08:35:59.0031 1868 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
08:35:59.0046 1868 mfendisk - ok
08:35:59.0062 1868 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
08:35:59.0093 1868 mfendiskmp - ok
08:35:59.0140 1868 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
08:35:59.0156 1868 mferkdet - ok
08:35:59.0218 1868 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
08:35:59.0234 1868 mfetdi2k - ok
08:35:59.0296 1868 mfevtp (e91c36e76e6395f233b3ae2ebc17251e) C:\WINDOWS\system32\mfevtps.exe
08:35:59.0328 1868 mfevtp - ok
08:35:59.0406 1868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:35:59.0578 1868 mnmdd - ok
08:35:59.0656 1868 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:35:59.0828 1868 mnmsrvc - ok
08:35:59.0906 1868 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:36:00.0093 1868 Modem - ok
08:36:00.0156 1868 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:36:00.0343 1868 MODEMCSA - ok
08:36:00.0390 1868 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:36:00.0562 1868 Mouclass - ok
08:36:00.0625 1868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:36:00.0812 1868 mouhid - ok
08:36:00.0859 1868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:36:01.0046 1868 MountMgr - ok
08:36:01.0078 1868 mraid35x - ok
08:36:01.0125 1868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:36:01.0312 1868 MRxDAV - ok
08:36:01.0406 1868 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:36:01.0468 1868 MRxSmb - ok
08:36:01.0546 1868 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:36:01.0718 1868 MSDTC - ok
08:36:01.0781 1868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:36:01.0953 1868 Msfs - ok
08:36:02.0000 1868 MSIServer - ok
08:36:02.0046 1868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:36:02.0250 1868 MSKSSRV - ok
08:36:02.0296 1868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:36:02.0484 1868 MSPCLOCK - ok
08:36:02.0515 1868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:36:02.0703 1868 MSPQM - ok
08:36:02.0765 1868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:36:02.0937 1868 mssmbios - ok
08:36:02.0984 1868 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:36:03.0171 1868 MSTEE - ok
08:36:03.0265 1868 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:36:03.0328 1868 Mup - ok
08:36:03.0375 1868 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:36:03.0578 1868 NABTSFEC - ok
08:36:03.0656 1868 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:36:03.0843 1868 napagent - ok
08:36:03.0921 1868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:36:04.0109 1868 NDIS - ok
08:36:04.0140 1868 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:36:04.0343 1868 NdisIP - ok
08:36:04.0421 1868 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:36:04.0453 1868 NdisTapi - ok
08:36:04.0515 1868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:36:04.0687 1868 Ndisuio - ok
08:36:04.0734 1868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:36:04.0937 1868 NdisWan - ok
08:36:05.0015 1868 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:36:05.0046 1868 NDProxy - ok
08:36:05.0109 1868 Net Driver HPZ12 (9eac175ba34898308620c1984c881845) C:\WINDOWS\system32\HPZinw12.dll
08:36:05.0125 1868 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:36:05.0125 1868 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:36:05.0203 1868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:36:05.0375 1868 NetBIOS - ok
08:36:05.0437 1868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:36:05.0625 1868 NetBT - ok
08:36:05.0687 1868 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:36:05.0875 1868 NetDDE - ok
08:36:05.0890 1868 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:36:06.0062 1868 NetDDEdsdm - ok
08:36:06.0140 1868 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:36:06.0328 1868 Netlogon - ok
08:36:06.0375 1868 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:36:06.0562 1868 Netman - ok
08:36:06.0671 1868 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:36:06.0703 1868 NetTcpPortSharing - ok
08:36:06.0765 1868 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:36:06.0796 1868 Nla - ok
08:36:06.0875 1868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:36:07.0062 1868 Npfs - ok
08:36:07.0109 1868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:36:07.0296 1868 Ntfs - ok
08:36:07.0375 1868 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:36:07.0546 1868 NtLmSsp - ok
08:36:07.0609 1868 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:36:07.0828 1868 NtmsSvc - ok
08:36:07.0906 1868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:36:08.0109 1868 Null - ok
08:36:08.0171 1868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:36:08.0359 1868 NwlnkFlt - ok
08:36:08.0406 1868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:36:08.0593 1868 NwlnkFwd - ok
08:36:08.0640 1868 OMCI - ok
08:36:08.0734 1868 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:36:08.0750 1868 ose - ok
08:36:09.0000 1868 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:36:09.0203 1868 osppsvc - ok
08:36:09.0281 1868 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
08:36:09.0328 1868 ossrv - ok
08:36:09.0468 1868 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
08:36:09.0546 1868 P17 - ok
08:36:09.0640 1868 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:36:09.0812 1868 Parport - ok
08:36:09.0875 1868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:36:10.0062 1868 PartMgr - ok
08:36:10.0125 1868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:36:10.0312 1868 ParVdm - ok
08:36:10.0375 1868 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:36:10.0562 1868 PCI - ok
08:36:10.0609 1868 PCIDump - ok
08:36:10.0656 1868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:36:10.0828 1868 PCIIde - ok
08:36:10.0890 1868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:36:11.0062 1868 Pcmcia - ok
08:36:11.0093 1868 PDCOMP - ok
08:36:11.0140 1868 PDFRAME - ok
08:36:11.0187 1868 PDRELI - ok
08:36:11.0218 1868 PDRFRAME - ok
08:36:11.0265 1868 perc2 - ok
08:36:11.0312 1868 perc2hib - ok
08:36:11.0421 1868 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:36:11.0453 1868 PlugPlay - ok
08:36:11.0500 1868 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\WINDOWS\system32\HPZipm12.dll
08:36:11.0531 1868 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:36:11.0531 1868 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:36:11.0578 1868 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:36:11.0750 1868 PolicyAgent - ok
08:36:11.0828 1868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:36:12.0015 1868 PptpMiniport - ok
08:36:12.0046 1868 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:36:12.0218 1868 ProtectedStorage - ok
08:36:12.0296 1868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:36:12.0515 1868 PSched - ok
08:36:12.0562 1868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:36:12.0750 1868 Ptilink - ok
08:36:12.0828 1868 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:36:12.0843 1868 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
08:36:12.0843 1868 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
08:36:13.0000 1868 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
08:36:13.0015 1868 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
08:36:13.0015 1868 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
08:36:13.0046 1868 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
08:36:13.0078 1868 QBFCService ( UnsignedFile.Multi.Generic ) - warning
08:36:13.0078 1868 QBFCService - detected UnsignedFile.Multi.Generic (1)
08:36:13.0187 1868 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
08:36:13.0265 1868 QBVSS ( UnsignedFile.Multi.Generic ) - warning
08:36:13.0265 1868 QBVSS - detected UnsignedFile.Multi.Generic (1)
08:36:13.0312 1868 ql1080 - ok
08:36:13.0375 1868 Ql10wnt - ok
08:36:13.0421 1868 ql12160 - ok
08:36:13.0468 1868 ql1240 - ok
08:36:13.0531 1868 ql1280 - ok
08:36:13.0640 1868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:36:13.0812 1868 RasAcd - ok
08:36:13.0890 1868 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:36:14.0078 1868 RasAuto - ok
08:36:14.0156 1868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:36:14.0343 1868 Rasl2tp - ok
08:36:14.0421 1868 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:36:14.0656 1868 RasMan - ok
08:36:14.0703 1868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:36:14.0890 1868 RasPppoe - ok
08:36:14.0921 1868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:36:15.0109 1868 Raspti - ok
08:36:15.0156 1868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:36:15.0343 1868 Rdbss - ok
08:36:15.0390 1868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:36:15.0578 1868 RDPCDD - ok
08:36:15.0625 1868 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:36:15.0796 1868 rdpdr - ok
08:36:15.0875 1868 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:36:15.0906 1868 RDPWD - ok
08:36:15.0984 1868 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:36:16.0156 1868 RDSessMgr - ok
08:36:16.0203 1868 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:36:16.0375 1868 redbook - ok
08:36:16.0453 1868 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:36:16.0640 1868 RemoteAccess - ok
08:36:16.0718 1868 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:36:16.0906 1868 RemoteRegistry - ok
08:36:16.0937 1868 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:36:17.0125 1868 RpcLocator - ok
08:36:17.0203 1868 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:36:17.0234 1868 RpcSs - ok
08:36:17.0328 1868 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:36:17.0484 1868 RSVP - ok
08:36:17.0562 1868 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:36:17.0734 1868 SamSs - ok
08:36:17.0765 1868 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:36:17.0953 1868 SCardSvr - ok
08:36:18.0046 1868 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:36:18.0234 1868 Schedule - ok
08:36:18.0312 1868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:36:18.0390 1868 Secdrv - ok
08:36:18.0437 1868 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:36:18.0640 1868 seclogon - ok
08:36:18.0671 1868 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:36:18.0875 1868 SENS - ok
08:36:18.0906 1868 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:36:19.0093 1868 serenum - ok
08:36:19.0140 1868 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:36:19.0343 1868 Serial - ok
08:36:19.0500 1868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:36:19.0687 1868 Sfloppy - ok
08:36:19.0781 1868 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:36:19.0984 1868 SharedAccess - ok
08:36:20.0078 1868 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:36:20.0093 1868 ShellHWDetection - ok
08:36:20.0125 1868 Simbad - ok
08:36:20.0203 1868 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:36:20.0390 1868 SLIP - ok
08:36:20.0453 1868 Sparrow - ok
08:36:20.0531 1868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:36:20.0703 1868 splitter - ok
08:36:20.0765 1868 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:36:20.0812 1868 Spooler - ok
08:36:20.0890 1868 sprtlisten - ok
08:36:20.0968 1868 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:36:21.0062 1868 sr - ok
08:36:21.0140 1868 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:36:21.0234 1868 srservice - ok
08:36:21.0328 1868 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:36:21.0390 1868 Srv - ok
08:36:21.0453 1868 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
08:36:21.0468 1868 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
08:36:21.0468 1868 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
08:36:21.0515 1868 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:36:21.0625 1868 SSDPSRV - ok
08:36:21.0671 1868 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
08:36:21.0703 1868 ssrtln ( UnsignedFile.Multi.Generic ) - warning
08:36:21.0703 1868 ssrtln - detected UnsignedFile.Multi.Generic (1)
08:36:21.0765 1868 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
08:36:21.0937 1868 StillCam - ok
08:36:21.0984 1868 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:36:22.0203 1868 stisvc - ok
08:36:22.0312 1868 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:36:22.0500 1868 streamip - ok
08:36:22.0593 1868 SupportSoft RemoteAssist (2e5586392cdfbd1d73badb20e9ed6386) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
08:36:22.0625 1868 SupportSoft RemoteAssist - ok
08:36:22.0703 1868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:36:22.0875 1868 swenum - ok
08:36:22.0953 1868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:36:23.0140 1868 swmidi - ok
08:36:23.0171 1868 SwPrv - ok
08:36:23.0218 1868 symc810 - ok
08:36:23.0281 1868 symc8xx - ok
08:36:23.0312 1868 sym_hi - ok
08:36:23.0343 1868 sym_u3 - ok
08:36:23.0406 1868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:36:23.0578 1868 sysaudio - ok
08:36:23.0656 1868 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:36:23.0843 1868 SysmonLog - ok
08:36:23.0890 1868 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:36:24.0078 1868 TapiSrv - ok
08:36:24.0156 1868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:36:24.0187 1868 Tcpip - ok
08:36:24.0250 1868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:36:24.0437 1868 TDPIPE - ok
08:36:24.0531 1868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:36:24.0812 1868 TDTCP - ok
08:36:24.0921 1868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:36:25.0109 1868 TermDD - ok
08:36:25.0171 1868 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:36:25.0406 1868 TermService - ok
08:36:25.0484 1868 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
08:36:25.0484 1868 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
08:36:25.0484 1868 tfsnboio - detected UnsignedFile.Multi.Generic (1)
08:36:25.0515 1868 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
08:36:25.0531 1868 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
08:36:25.0531 1868 tfsncofs - detected UnsignedFile.Multi.Generic (1)
08:36:25.0609 1868 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
08:36:25.0625 1868 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
08:36:25.0625 1868 tfsndrct - detected UnsignedFile.Multi.Generic (1)
08:36:25.0671 1868 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
08:36:25.0687 1868 tfsndres ( UnsignedFile.Multi.Generic ) - warning
08:36:25.0687 1868 tfsndres - detected UnsignedFile.Multi.Generic (1)
08:36:25.0718 1868 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
08:36:25.0750 1868 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
08:36:25.0750 1868 tfsnifs - detected UnsignedFile.Multi.Generic (1)
08:36:25.0781 1868 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
08:36:25.0812 1868 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
08:36:25.0812 1868 tfsnopio - detected UnsignedFile.Multi.Generic (1)
08:36:25.0859 1868 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
08:36:25.0859 1868 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
08:36:25.0859 1868 tfsnpool - detected UnsignedFile.Multi.Generic (1)
08:36:25.0890 1868 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
08:36:25.0890 1868 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
08:36:25.0890 1868 tfsnudf - detected UnsignedFile.Multi.Generic (1)
08:36:25.0921 1868 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
08:36:25.0937 1868 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
08:36:25.0937 1868 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
08:36:26.0000 1868 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:36:26.0015 1868 Themes - ok
08:36:26.0078 1868 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:36:26.0171 1868 TlntSvr - ok
08:36:26.0218 1868 TosIde - ok
08:36:26.0312 1868 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:36:26.0515 1868 TrkWks - ok
08:36:26.0609 1868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:36:26.0781 1868 Udfs - ok
08:36:26.0828 1868 ultra - ok
08:36:26.0890 1868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:36:27.0109 1868 Update - ok
08:36:27.0171 1868 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:36:27.0281 1868 upnphost - ok
08:36:27.0328 1868 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:36:27.0515 1868 UPS - ok
08:36:27.0578 1868 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:36:27.0625 1868 USBAAPL - ok
08:36:27.0671 1868 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:36:27.0875 1868 usbaudio - ok
08:36:27.0953 1868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:36:28.0140 1868 usbccgp - ok
08:36:28.0218 1868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:36:28.0390 1868 usbehci - ok
08:36:28.0437 1868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:36:28.0640 1868 usbhub - ok
08:36:28.0703 1868 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:36:28.0890 1868 usbprint - ok
08:36:28.0953 1868 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:36:29.0140 1868 usbscan - ok
08:36:29.0187 1868 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:36:29.0359 1868 usbstor - ok
08:36:29.0406 1868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:36:29.0593 1868 usbuhci - ok
08:36:29.0671 1868 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:36:29.0843 1868 usbvideo - ok
08:36:29.0890 1868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:36:30.0062 1868 VgaSave - ok
08:36:30.0093 1868 ViaIde - ok
08:36:30.0140 1868 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:36:30.0328 1868 VolSnap - ok
08:36:30.0421 1868 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:36:30.0515 1868 VSS - ok
08:36:30.0562 1868 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:36:30.0750 1868 W32Time - ok
08:36:30.0812 1868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:36:30.0984 1868 Wanarp - ok
08:36:31.0062 1868 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
08:36:31.0093 1868 wanatw - ok
08:36:31.0156 1868 WDICA - ok
08:36:31.0250 1868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:36:31.0453 1868 wdmaud - ok
08:36:31.0531 1868 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:36:31.0718 1868 WebClient - ok
08:36:31.0812 1868 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:36:31.0843 1868 winachsf - ok
08:36:31.0937 1868 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:36:32.0109 1868 winmgmt - ok
08:36:32.0171 1868 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
08:36:32.0187 1868 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
08:36:32.0187 1868 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
08:36:32.0234 1868 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
08:36:32.0421 1868 WmdmPmSN - ok
08:36:32.0515 1868 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:36:32.0546 1868 Wmi - ok
08:36:32.0625 1868 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:36:32.0781 1868 WmiApSrv - ok
08:36:32.0937 1868 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:36:32.0984 1868 WPFFontCache_v0400 - ok
08:36:33.0093 1868 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:36:33.0265 1868 wscsvc - ok
08:36:33.0343 1868 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:36:33.0515 1868 WSTCODEC - ok
08:36:33.0562 1868 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:36:33.0750 1868 wuauserv - ok
08:36:33.0843 1868 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:36:34.0046 1868 WZCSVC - ok
08:36:34.0109 1868 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:36:34.0265 1868 xmlprov - ok
08:36:34.0328 1868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:36:34.0515 1868 \Device\Harddisk0\DR0 - ok
08:36:34.0531 1868 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
08:36:35.0000 1868 \Device\Harddisk1\DR2 - ok
08:36:35.0000 1868 Boot (0x1200) (a06a8228af67a4b512400ed7f1c27886) \Device\Harddisk0\DR0\Partition0
08:36:35.0015 1868 \Device\Harddisk0\DR0\Partition0 - ok
08:36:35.0031 1868 Boot (0x1200) (92e31a9a6d42112075793bee0a5a87bc) \Device\Harddisk1\DR2\Partition0
08:36:35.0031 1868 \Device\Harddisk1\DR2\Partition0 - ok
08:36:35.0046 1868 ============================================================
08:36:35.0046 1868 Scan finished
08:36:35.0046 1868 ============================================================
08:36:35.0171 1608 Detected object count: 23
08:36:35.0171 1608 Actual detected object count: 23
08:39:55.0531 1608 C:\WINDOWS\system32\Drivers\ov550i.sys - copied to quarantine
08:39:55.0531 1608 APL531 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:55.0703 1608 C:\WINDOWS\system32\ati2sgag.exe - copied to quarantine
08:39:55.0703 1608 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:55.0796 1608 C:\WINDOWS\system32\CTsvcCDA.EXE - copied to quarantine
08:39:55.0812 1608 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:55.0937 1608 C:\WINDOWS\system32\drivers\drvmcdb.sys - copied to quarantine
08:39:55.0937 1608 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0000 1608 C:\WINDOWS\system32\drivers\drvnddm.sys - copied to quarantine
08:39:56.0000 1608 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0125 1608 C:\WINDOWS\system32\HPZinw12.dll - copied to quarantine
08:39:56.0125 1608 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0234 1608 C:\WINDOWS\system32\HPZipm12.dll - copied to quarantine
08:39:56.0234 1608 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0328 1608 C:\WINDOWS\system32\Drivers\PxHelp20.sys - copied to quarantine
08:39:56.0328 1608 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0531 1608 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe - copied to quarantine
08:39:56.0531 1608 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0593 1608 C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe - copied to quarantine
08:39:56.0593 1608 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0796 1608 C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe - copied to quarantine
08:39:56.0796 1608 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:56.0890 1608 C:\WINDOWS\system32\drivers\sscdbhk5.sys - copied to quarantine
08:39:56.0890 1608 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0031 1608 C:\WINDOWS\system32\drivers\ssrtln.sys - copied to quarantine
08:39:57.0031 1608 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0125 1608 C:\WINDOWS\system32\dla\tfsnboio.sys - copied to quarantine
08:39:57.0125 1608 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0203 1608 C:\WINDOWS\system32\dla\tfsncofs.sys - copied to quarantine
08:39:57.0203 1608 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0281 1608 C:\WINDOWS\system32\dla\tfsndrct.sys - copied to quarantine
08:39:57.0281 1608 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0421 1608 C:\WINDOWS\system32\dla\tfsndres.sys - copied to quarantine
08:39:57.0421 1608 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0453 1608 C:\WINDOWS\system32\dla\tfsnifs.sys - copied to quarantine
08:39:57.0453 1608 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0546 1608 C:\WINDOWS\system32\dla\tfsnopio.sys - copied to quarantine
08:39:57.0546 1608 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0593 1608 C:\WINDOWS\system32\dla\tfsnpool.sys - copied to quarantine
08:39:57.0593 1608 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0671 1608 C:\WINDOWS\system32\dla\tfsnudf.sys - copied to quarantine
08:39:57.0671 1608 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0734 1608 C:\WINDOWS\system32\dla\tfsnudfa.sys - copied to quarantine
08:39:57.0734 1608 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:39:57.0843 1608 C:\WINDOWS\system32\MsPMSPSv.exe - copied to quarantine
08:39:57.0843 1608 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:40:26.0687 0624 Deinitialize success
Go to the top of the page
 
+Quote Post
richbuff
post 27.04.2012 02:16
Post #11


Oldtimer
****************

Group: Moderators
Posts: 47448
Joined: 14.06.2007




I see lots of quarantining, but I don't see any deletions logged.

Please see: http://forum.kaspersky.com/index.php?s=&am...t&p=1783403 Scroll up and down. Link opens to two important posts.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
MerciMe
post 27.04.2012 20:32
Post #12


Member
**

Group: Members
Posts: 11
Joined: 25.04.2012




QUOTE(richbuff @ 27.04.2012 01:16) *
I see lots of quarantining, but I don't see any deletions logged.

Please see: http://forum.kaspersky.com/index.php?s=&am...t&p=1783403 Scroll up and down. Link opens to two important posts.

I read that but am not a programmer so be patient with me as I doublecheck if I am doing the right thing. Two questions: 1) Where do I find the file to run these scripts or do I just open Notepad and enter my script. 2) What is sptd.sys? Is this to be used as the copy to file on all quarantined items. Below is an example I typed from one of my quarantined files. Does this look correct?

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0008\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0008\svc0000\sptd.sys
C:\Windows\Program_Files\Common_Files\Intuit\QuickBooks\QBCFMonitorService.exe
Go to the top of the page
 
+Quote Post
MerciMe
post 27.04.2012 20:53
Post #13


Member
**

Group: Members
Posts: 11
Joined: 25.04.2012




QUOTE(MerciMe @ 27.04.2012 19:32) *
I read that but am not a programmer so be patient with me as I doublecheck if I am doing the right thing. Two questions: 1) Where do I find the file to run these scripts or do I just open Notepad and enter my script. 2) What is sptd.sys? Is this to be used as the copy to file on all quarantined items. Below is an example I typed from one of my quarantined files. Does this look correct?

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0008\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0008\svc0000\sptd.sys
C:\Windows\Program_Files\Common_Files\Intuit\QuickBooks\QBCFMonitorService.exe

And then do I use a space between each set of entries?
Go to the top of the page
 
+Quote Post
MerciMe
post 27.04.2012 21:57
Post #14


Member
**

Group: Members
Posts: 11
Joined: 25.04.2012




QUOTE(MerciMe @ 27.04.2012 19:53) *
And then do I use a space between each set of entries?

Opps...I added the Windows directory in there. Here is what I have. The report says I have 23 but there were only 22 directories.

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\sptd.sys
C:\Windows\System32\Drivers\ov550i.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0001\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0001\svc0000\sptd.sys
C:\Windows\System32\ati2sgag.exe

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0002\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0002\svc0000\sptd.sys
C:\Windows\System32\CTsvcCDA.EXE

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0003\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0003\svc0000\sptd.sys
C:\Windows\System32\Drivers\drvmcdb.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0004\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0004\svc0000\sptd.sys
C:\Windows\System32\Drivers\drvnddm.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0005\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0005\svc0000\sptd.sys
C:\Windows\System32\HPZinw12.dll

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0006\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0006\svc0000\sptd.sys
C:\Windows\System32\HPZipm12.dll

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0007\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0007\svc0000\sptd.sys
C:\Windows\System32\Drivers\PxHelp20.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0008\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0008\svc0000\sptd.sys
C:\ Program_Files\Common_Files\Intuit\QuickBooks\QBCFMonitorService.exe

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0009\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0009\svc0000\sptd.sys
C:\ Program_Files\Common_Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0010\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0010\svc0000\sptd.sys
C:\ Program_Files\Common_Files\Intuit\DataProtect\QBIDPService.exe

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0011\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0011\svc0000\sptd.sys
C:\Windows\System32\Drivers\sscdbhk5.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0012\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0012\svc0000\sptd.sys
C:\Windows\System32\Drivers\ssrtln.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0013\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0013\svc0000\sptd.sys
C:\Windows\System32\dla\tfsnboio.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0014\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0014\svc0000\sptd.sys
C:\Windows\System32\dla\tfsncofs.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0015\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0015\svc0000\sptd.sys
C:\Windows\System32\dla\tfsndrct.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0016\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0016\svc0000\sptd.sys
C:\Windows\System32\dla\tfsndres.sys


REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0017\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0017\svc0000\sptd.sys
C:\Windows\System32\dla\tfsnifs.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0018\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0018\svc0000\sptd.sys
C:\Windows\System32\dla\tfsnopio.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0019\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0019\svc0000\sptd.sys
C:\Windows\System32\dla\tfsnpool.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0020\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0020\svc0000\sptd.sys
C:\Windows\System32\dla\tfsnudf.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0021\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0021\svc0000\sptd.sys
C:\Windows\System32\dla\tfsnudfa.sys

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0022\svc0000\tsk0000.dta sptd.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0022\svc0000\sptd.sys
C:\Windows\System32\MsPMSPSV.exe
Go to the top of the page
 
+Quote Post
richbuff
post 28.04.2012 02:35
Post #15


Oldtimer
****************

Group: Moderators
Posts: 47448
Joined: 14.06.2007




Please follow this content that is quoted below:
QUOTE(Maxstar1 @ 20.01.2012 03:46) *
...Option B (Fix)
With this option the tool will open a blank Notepad Window, in this Window you can put 'batch scripts'. When you close this window with the filesaving option it will automatically run the insert batch script.

Example:


CODE
REN "C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000\tsk0000.dta" sptd.sys
COPY "C:\TDSSKiller_Quarantine\30.12.2011_12.42.12\susp0000\svc0000\sptd.sys" C:\Windows\System32\Drivers\
...



--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
MerciMe
post 29.04.2012 01:37
Post #16


Member
**

Group: Members
Posts: 11
Joined: 25.04.2012




QUOTE(richbuff @ 28.04.2012 01:35) *
Please follow this content that is quoted below:

? I read that. I wasn't sure what they were saying which is the basis of my reply. What tool are they talking about? Where do I get it? Was my text above correct. Lastly, can I open notepad put in the text I posted above and save and then it will run?
Go to the top of the page
 
+Quote Post
MerciMe
post 29.04.2012 01:56
Post #17


Member
**

Group: Members
Posts: 11
Joined: 25.04.2012




QUOTE(richbuff @ 27.04.2012 01:16) *
I see lots of quarantining, but I don't see any deletions logged.

Please see: http://forum.kaspersky.com/index.php?s=&am...t&p=1783403 Scroll up and down. Link opens to two important posts.

I see the link to the program. Are you saying all I need to do is run the fix option and enter the two lines you sent me in the last post and that it will restore all 22 programs? That just didn't make sense to me because not everything came from the \drivers\ directory. But then, as I said, I am not a programmer.
Go to the top of the page
 
+Quote Post
MerciMe
post 29.04.2012 22:32
Post #18


Member
**

Group: Members
Posts: 11
Joined: 25.04.2012




I just figured it out. How stupid. The sptd.sys file is only an example of a quarantined file. So I have revised my notepad entries. Here is what I will copy and past from my word document. Does this look correcr?

One thing that was not shown up in the sample was the _ for a space in a directory name, e.g. \Common Files\ So I entered my two-word directory names as such: \Common_Files\. Is that correct?

I think I will copy the TDSSKiller_Quarntine directory to TDSSKiller_Quarntine-1, for safeguard.

REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\tsk0000.dta ov550i.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\ov550i.sys
C:\Windows\System32\Drivers\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0001\svc0000\tsk0000.dta ati2sgag.exe
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0001\svc0000\ati2sgag.exe
C:\Windows\System32\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0002\svc0000\tsk0000.dta CTsvcCDA.EXE
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0002\svc0000\CTsvcCDA.EXE
C:\Windows\System32\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0003\svc0000\tsk0000.dta drvmcdb.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0003\svc0000\drvmcdb.sys
C:\Windows\System32\Drivers\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0004\svc0000\tsk0000.dta drvnddm.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0004\svc0000\drvnddm.sys
C:\Windows\System32\Drivers\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0005\svc0000\tsk0000.dta HPZinw12.dll
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0005\svc0000\HPZinw12.dll
C:\Windows\System32\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0006\svc0000\tsk0000.dta HPZipm12.dll
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0006\svc0000\HPZipm12.dll
C:\Windows\System32\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0007\svc0000\tsk0000.dta PxHelp20.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0007\svc0000\PxHelp20.sys
C:\Windows\System32\Drivers\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0008\svc0000\tsk0000.dta QBCFMonitorService.exe
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0008\svc0000\QBCFMonitorService.exe
C:\ Program_Files\Common_Files\Intuit\QuickBooks\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0009\svc0000\tsk0000.dta Intuit.QuickBooks.FCS.exe
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0009\svc0000\Intuit.QuickBooks.FCS.exe
C:\ Program_Files\Common_Files\Intuit\QuickBooks\FCS\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0010\svc0000\tsk0000.dta QBIDPService.exe
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0010\svc0000\QBIDPService.exe
C:\ Program_Files\Common_Files\Intuit\DataProtect\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0011\svc0000\tsk0000.dta sscdbhk5.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0011\svc0000\sscdbhk5.sys
C:\Windows\System32\Drivers\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0012\svc0000\tsk0000.dta ssrtln.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0012\svc0000\ssrtln.sys
C:\Windows\System32\Drivers\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0013\svc0000\tsk0000.dta tfsnboio.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0013\svc0000\tfsnboio.sys
C:\Windows\System32\dla\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0014\svc0000\tsk0000.dta tfsncofs.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0014\svc0000\tfsncofs.sys
C:\Windows\System32\dla\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0015\svc0000\tsk0000.dta tfsndrct.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0015\svc0000\tfsndrct.sys
C:\Windows\System32\dla\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0016\svc0000\tsk0000.dta tfsndres.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0016\svc0000\tfsndres.sys
C:\Windows\System32\dla\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0017\svc0000\tsk0000.dta tfsnifs.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0017\svc0000\tfsnifs.sys
C:\Windows\System32\dla\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0018\svc0000\tsk0000.dta tfsnopio.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0018\svc0000\tfsnopio.sys
C:\Windows\System32\dla\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0019\svc0000\tsk0000.dta tfsnpool.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0019\svc0000\tfsnpool.sys
C:\Windows\System32\dla\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0020\svc0000\tsk0000.dta tfsnudf.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0020\svc0000\tfsnudf.sys
C:\Windows\System32\dla\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0021\svc0000\tsk0000.dta tfsnudfa.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0021\svc0000\tfsnudfa.sys
C:\Windows\System32\dla\
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0022\svc0000\tsk0000.dta MsPMSPSV.exe
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0022\svc0000\MsPMSPSV.exe
C:\Windows\System32\

This post has been edited by MerciMe: 29.04.2012 22:33
Go to the top of the page
 
+Quote Post
MerciMe
post 1.05.2012 23:24
Post #19


Member
**

Group: Members
Posts: 11
Joined: 25.04.2012




This did not work. But getting close.

So I tried a rename/copy command of one file from the MSDOS C prompt and the .dta file was renamed to the correct file name. On the copy command it stopped and asked if I wanted to overwrite the file. Everything looks like it took. So the question is, does that mean that if there is a overwrite response required but none indicated, that the TDSS QLook program will NOT complete at all including the rename command? Because none of the .dta files in the other directories have been renamed after I ran the program.

Would I need to change my copy line to: COPY "C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\ov550i.sys" C:\Windows\System32\Drivers\ /Y

And is there a space between drivers\ and /Y
Go to the top of the page
 
+Quote Post
Maxstar1
post 3.05.2012 16:14
Post #20


Newbie
*

Group: Members
Posts: 2
Joined: 20.01.2012




Hi,

Can you provide me the TDSS Qlook logfile, so I can made a correct script to use.

Your script don't work because the wrong usage of the commands and wrong and missing ""

Wrong
REN “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\tsk0000.dta ov550i.sys
COPY “C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\ov550i.sys
C:\Windows\System32\Drivers\

Good
REN "C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\tsk0000.dta" ov550i.sys
COPY "C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\ov550i.sys" C:\Windows\System32\Drivers\

This will also work
COPY "C:\TDSSKiller_Quarantine\10.04.2012_08.33.56\susp0000\svc0000\tsk0000.dta" C:\Windows\System32\Drivers\ov550i.sys
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 25.04.2014 06:51