Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with PUP.Datamngr


  • Please log in to reply
7 replies to this topic

#1 gizmog

gizmog

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 12 December 2012 - 07:38 AM

Hi everyone,

I've recently been having problems with a persistent homepage redirect that seems to be stemming from something called Datamngr, I ran a malwarebytes scan and it picked up multiple files to do with PUP.Datamngr and deleted them successfully. The problem is there seems to be one file left that malwarebytes can't get rid of in the registry.

It says that it's successfully deleted it after a scan but once I reboot it appears again.

If anyone could help me with removing it permanently i'd really appreciate it!

Thanks

Matt

BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Study Hall Senior
  • 1,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:43 AM

Posted 12 December 2012 - 10:08 AM

Hi, gizmog! I'm going to try to help you out. :)

TDSSKiller

I need you to run a scan using TDSSKiller.

  • Download TDSSKiller from here, and save it to your desktop.
  • Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.
  • Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Double-click the MBAM shortcut on your desktop to open MBAM.
  • Click the Update tab, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, select the Perform full scan option on the main interface. Then click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

AdwCleaner

I need you to run AdwCleaner to see if it removes anything.

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Delete button. Confirm operations at every prompt. Your PC will be rebooted after the final prompt.
  • Once rebooted, a text file will open up. Please copy and paste it into your reply.

RogueKiller

I need you to run RogueKiller to see if it removes anything.

  • Download RogueKiller from here, and save it to your desktop.
  • Close all open programs.
  • Double click the file on your desktop. Once the automatic check completes, hit the Scan button.
  • Once the full scan has finished, click on the Delete button. Once it's done removing things, open the newest log on your desktop (should be called RKreport[2].txt) and copy and paste it into your reply.

Let me know how the PC is doing after running these.

Gunto

qWmsXE2.jpg

It's pronounced Goon-toe!
Member of the Bleeping Computer A.I.I. early response team!


#3 gizmog

gizmog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 12 December 2012 - 11:36 AM

Hi Gunto,

Thanks so much for helping me out with this, i'm running the scans now and should be posting up the logs shortly :)

Thanks again!

#4 gizmog

gizmog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 12 December 2012 - 12:05 PM

Okay, below are the results of the scans!



16:00:47.0326 4420 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:00:49.0354 4420 ============================================================
16:00:49.0354 4420 Current date / time: 2012/12/12 16:00:49.0354
16:00:49.0354 4420 SystemInfo:
16:00:49.0354 4420
16:00:49.0354 4420 OS Version: 6.1.7601 ServicePack: 1.0
16:00:49.0354 4420 Product type: Workstation
16:00:49.0354 4420 ComputerName: RMA-LAPTOP
16:00:49.0354 4420 UserName: RMA
16:00:49.0354 4420 Windows directory: C:\Windows
16:00:49.0354 4420 System windows directory: C:\Windows
16:00:49.0354 4420 Running under WOW64
16:00:49.0354 4420 Processor architecture: Intel x64
16:00:49.0354 4420 Number of processors: 2
16:00:49.0354 4420 Page size: 0x1000
16:00:49.0354 4420 Boot type: Normal boot
16:00:49.0354 4420 ============================================================
16:00:51.0023 4420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:00:51.0023 4420 ============================================================
16:00:51.0023 4420 \Device\Harddisk0\DR0:
16:00:51.0023 4420 MBR partitions:
16:00:51.0023 4420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB2800, BlocksNum 0x2DC2000
16:00:51.0023 4420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2E74800, BlocksNum 0x37511030
16:00:51.0023 4420 ============================================================
16:00:51.0085 4420 C: <-> \Device\Harddisk0\DR0\Partition2
16:00:51.0085 4420 ============================================================
16:00:51.0085 4420 Initialize success
16:00:51.0085 4420 ============================================================
16:01:01.0085 1080 ============================================================
16:01:01.0085 1080 Scan started
16:01:01.0085 1080 Mode: Manual;
16:01:01.0085 1080 ============================================================
16:01:02.0411 1080 ================ Scan system memory ========================
16:01:02.0411 1080 System memory - ok
16:01:02.0427 1080 ================ Scan services =============================
16:01:02.0614 1080 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:01:02.0630 1080 1394ohci - ok
16:01:02.0676 1080 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:01:02.0692 1080 ACPI - ok
16:01:02.0739 1080 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:01:02.0754 1080 AcpiPmi - ok
16:01:02.0910 1080 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:01:02.0926 1080 AdobeFlashPlayerUpdateSvc - ok
16:01:03.0004 1080 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:01:03.0020 1080 adp94xx - ok
16:01:03.0051 1080 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:01:03.0051 1080 adpahci - ok
16:01:03.0098 1080 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:01:03.0098 1080 adpu320 - ok
16:01:03.0144 1080 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:01:03.0144 1080 AeLookupSvc - ok
16:01:03.0254 1080 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
16:01:03.0254 1080 AESTFilters - ok
16:01:03.0332 1080 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:01:03.0347 1080 AFD - ok
16:01:03.0394 1080 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:01:03.0394 1080 agp440 - ok
16:01:03.0441 1080 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:01:03.0441 1080 ALG - ok
16:01:03.0488 1080 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:01:03.0488 1080 aliide - ok
16:01:03.0550 1080 [ C6469CED96FEDEF508AEB74553135CDC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:01:03.0566 1080 AMD External Events Utility - ok
16:01:03.0581 1080 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:01:03.0581 1080 amdide - ok
16:01:03.0659 1080 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:01:03.0659 1080 AmdK8 - ok
16:01:03.0878 1080 [ 18AD9AD00FFAD95DC820762FB7F4B80F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:01:04.0034 1080 amdkmdag - ok
16:01:04.0080 1080 [ DBF0DB9A8B60A2C029EB70824AFCCBDA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:01:04.0096 1080 amdkmdap - ok
16:01:04.0143 1080 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:01:04.0143 1080 AmdPPM - ok
16:01:04.0205 1080 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:01:04.0221 1080 amdsata - ok
16:01:04.0283 1080 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:01:04.0283 1080 amdsbs - ok
16:01:04.0314 1080 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:01:04.0314 1080 amdxata - ok
16:01:04.0346 1080 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
16:01:04.0346 1080 amd_sata - ok
16:01:04.0361 1080 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
16:01:04.0361 1080 amd_xata - ok
16:01:04.0439 1080 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:01:04.0439 1080 AppID - ok
16:01:04.0470 1080 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:01:04.0470 1080 AppIDSvc - ok
16:01:04.0517 1080 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:01:04.0533 1080 Appinfo - ok
16:01:04.0595 1080 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:01:04.0595 1080 arc - ok
16:01:04.0611 1080 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:01:04.0611 1080 arcsas - ok
16:01:04.0642 1080 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:01:04.0642 1080 AsyncMac - ok
16:01:04.0720 1080 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:01:04.0720 1080 atapi - ok
16:01:04.0829 1080 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:01:04.0829 1080 AtiHdmiService - ok
16:01:04.0876 1080 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
16:01:04.0876 1080 AtiPcie - ok
16:01:04.0954 1080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:01:04.0954 1080 AudioEndpointBuilder - ok
16:01:04.0985 1080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:01:05.0001 1080 AudioSrv - ok
16:01:05.0282 1080 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
16:01:05.0328 1080 AVGIDSAgent - ok
16:01:05.0375 1080 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:01:05.0375 1080 AVGIDSDriver - ok
16:01:05.0500 1080 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
16:01:05.0500 1080 AVGIDSHA - ok
16:01:05.0562 1080 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
16:01:05.0562 1080 Avgldx64 - ok
16:01:05.0625 1080 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
16:01:05.0640 1080 Avgloga - ok
16:01:05.0687 1080 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
16:01:05.0687 1080 Avgmfx64 - ok
16:01:05.0750 1080 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
16:01:05.0750 1080 Avgrkx64 - ok
16:01:05.0828 1080 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
16:01:05.0828 1080 Avgtdia - ok
16:01:05.0890 1080 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
16:01:05.0890 1080 avgwd - ok
16:01:05.0952 1080 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:01:05.0952 1080 AxInstSV - ok
16:01:06.0030 1080 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:01:06.0046 1080 b06bdrv - ok
16:01:06.0124 1080 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:01:06.0124 1080 b57nd60a - ok
16:01:06.0171 1080 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
16:01:06.0171 1080 BCM42RLY - ok
16:01:06.0342 1080 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
16:01:06.0358 1080 BCM43XX - ok
16:01:06.0420 1080 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
16:01:06.0420 1080 BcmVWL - ok
16:01:06.0452 1080 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:01:06.0467 1080 BDESVC - ok
16:01:06.0530 1080 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:01:06.0530 1080 Beep - ok
16:01:06.0623 1080 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:01:06.0639 1080 BFE - ok
16:01:06.0670 1080 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:01:06.0670 1080 BITS - ok
16:01:06.0717 1080 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:01:06.0717 1080 blbdrive - ok
16:01:06.0779 1080 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:01:06.0779 1080 bowser - ok
16:01:06.0826 1080 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:01:06.0826 1080 BrFiltLo - ok
16:01:06.0826 1080 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:01:06.0842 1080 BrFiltUp - ok
16:01:06.0873 1080 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:01:06.0873 1080 BridgeMP - ok
16:01:06.0920 1080 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:01:06.0920 1080 Browser - ok
16:01:06.0920 1080 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:01:06.0935 1080 Brserid - ok
16:01:06.0935 1080 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:01:06.0951 1080 BrSerWdm - ok
16:01:06.0951 1080 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:01:06.0966 1080 BrUsbMdm - ok
16:01:06.0966 1080 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:01:06.0966 1080 BrUsbSer - ok
16:01:07.0013 1080 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:01:07.0013 1080 BTHMODEM - ok
16:01:07.0076 1080 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:01:07.0076 1080 bthserv - ok
16:01:07.0107 1080 catchme - ok
16:01:07.0169 1080 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:01:07.0169 1080 cdfs - ok
16:01:07.0232 1080 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:01:07.0247 1080 cdrom - ok
16:01:07.0310 1080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:01:07.0310 1080 CertPropSvc - ok
16:01:07.0356 1080 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:01:07.0372 1080 circlass - ok
16:01:07.0403 1080 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:01:07.0419 1080 CLFS - ok
16:01:07.0622 1080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:01:07.0637 1080 clr_optimization_v2.0.50727_32 - ok
16:01:07.0856 1080 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:01:07.0856 1080 clr_optimization_v2.0.50727_64 - ok
16:01:08.0168 1080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:01:08.0308 1080 clr_optimization_v4.0.30319_32 - ok
16:01:08.0464 1080 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:01:08.0480 1080 clr_optimization_v4.0.30319_64 - ok
16:01:08.0542 1080 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:01:08.0558 1080 CmBatt - ok
16:01:08.0604 1080 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:01:08.0620 1080 cmdide - ok
16:01:08.0682 1080 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:01:08.0682 1080 CNG - ok
16:01:08.0838 1080 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:01:08.0838 1080 Compbatt - ok
16:01:08.0916 1080 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:01:08.0916 1080 CompositeBus - ok
16:01:08.0948 1080 COMSysApp - ok
16:01:09.0010 1080 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:01:09.0010 1080 crcdisk - ok
16:01:09.0182 1080 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:01:09.0182 1080 CryptSvc - ok
16:01:09.0306 1080 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:01:09.0322 1080 CtClsFlt - ok
16:01:09.0899 1080 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:01:09.0946 1080 cvhsvc - ok
16:01:10.0320 1080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:01:10.0336 1080 DcomLaunch - ok
16:01:10.0508 1080 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:01:10.0508 1080 defragsvc - ok
16:01:10.0554 1080 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:01:10.0554 1080 DfsC - ok
16:01:10.0804 1080 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:01:10.0804 1080 Dhcp - ok
16:01:10.0898 1080 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:01:10.0898 1080 discache - ok
16:01:11.0319 1080 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:01:11.0319 1080 Disk - ok
16:01:11.0397 1080 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:01:11.0412 1080 Dnscache - ok
16:01:11.0678 1080 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
16:01:11.0678 1080 DockLoginService - ok
16:01:11.0756 1080 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:01:11.0756 1080 dot3svc - ok
16:01:11.0818 1080 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:01:11.0834 1080 DPS - ok
16:01:12.0099 1080 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:01:12.0099 1080 drmkaud - ok
16:01:12.0286 1080 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:01:12.0302 1080 DXGKrnl - ok
16:01:12.0364 1080 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:01:12.0380 1080 EapHost - ok
16:01:13.0019 1080 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:01:13.0144 1080 ebdrv - ok
16:01:13.0206 1080 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:01:13.0222 1080 EFS - ok
16:01:13.0518 1080 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:01:13.0534 1080 ehRecvr - ok
16:01:13.0581 1080 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:01:13.0596 1080 ehSched - ok
16:01:13.0846 1080 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:01:13.0862 1080 elxstor - ok
16:01:13.0877 1080 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:01:13.0877 1080 ErrDev - ok
16:01:14.0018 1080 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:01:14.0018 1080 EventSystem - ok
16:01:14.0064 1080 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:01:14.0064 1080 exfat - ok
16:01:14.0127 1080 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:01:14.0127 1080 fastfat - ok
16:01:14.0314 1080 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:01:14.0361 1080 Fax - ok
16:01:14.0501 1080 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:01:14.0517 1080 fdc - ok
16:01:14.0564 1080 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:01:14.0564 1080 fdPHost - ok
16:01:14.0626 1080 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:01:14.0626 1080 FDResPub - ok
16:01:14.0720 1080 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:01:14.0720 1080 FileInfo - ok
16:01:14.0766 1080 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:01:14.0766 1080 Filetrace - ok
16:01:15.0281 1080 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:01:15.0297 1080 flpydisk - ok
16:01:15.0656 1080 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:01:15.0656 1080 FltMgr - ok
16:01:15.0905 1080 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:01:15.0905 1080 FontCache - ok
16:01:16.0061 1080 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:01:16.0077 1080 FontCache3.0.0.0 - ok
16:01:16.0155 1080 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:01:16.0155 1080 FsDepends - ok
16:01:16.0217 1080 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:01:16.0217 1080 Fs_Rec - ok
16:01:16.0529 1080 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:01:16.0545 1080 fvevol - ok
16:01:16.0982 1080 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:01:16.0997 1080 gagp30kx - ok
16:01:17.0169 1080 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:01:17.0169 1080 gpsvc - ok
16:01:17.0559 1080 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:01:17.0559 1080 gupdate - ok
16:01:17.0668 1080 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:01:17.0668 1080 gupdatem - ok
16:01:17.0902 1080 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:01:17.0918 1080 gusvc - ok
16:01:17.0933 1080 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:01:17.0933 1080 hcw85cir - ok
16:01:18.0027 1080 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:01:18.0042 1080 HdAudAddService - ok
16:01:18.0167 1080 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:01:18.0167 1080 HDAudBus - ok
16:01:18.0198 1080 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:01:18.0198 1080 HidBatt - ok
16:01:18.0214 1080 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:01:18.0214 1080 HidBth - ok
16:01:18.0245 1080 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:01:18.0261 1080 HidIr - ok
16:01:18.0323 1080 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:01:18.0323 1080 hidserv - ok
16:01:18.0510 1080 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:01:18.0526 1080 HidUsb - ok
16:01:18.0573 1080 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:01:18.0573 1080 hkmsvc - ok
16:01:18.0635 1080 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:01:18.0651 1080 HomeGroupListener - ok
16:01:18.0713 1080 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:01:18.0713 1080 HomeGroupProvider - ok
16:01:18.0791 1080 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:01:18.0807 1080 HpSAMD - ok
16:01:18.0932 1080 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:01:18.0947 1080 HTTP - ok
16:01:18.0994 1080 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:01:18.0994 1080 hwpolicy - ok
16:01:19.0088 1080 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:01:19.0103 1080 i8042prt - ok
16:01:19.0197 1080 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:01:19.0212 1080 iaStorV - ok
16:01:19.0290 1080 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:01:19.0368 1080 idsvc - ok
16:01:20.0024 1080 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:01:20.0211 1080 igfx - ok
16:01:20.0273 1080 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:01:20.0273 1080 iirsp - ok
16:01:20.0398 1080 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:01:20.0460 1080 IKEEXT - ok
16:01:20.0492 1080 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:01:20.0492 1080 intelide - ok
16:01:20.0554 1080 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:01:20.0570 1080 intelppm - ok
16:01:20.0616 1080 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:01:20.0632 1080 IPBusEnum - ok
16:01:20.0679 1080 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:01:20.0679 1080 IpFilterDriver - ok
16:01:20.0835 1080 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:01:20.0850 1080 iphlpsvc - ok
16:01:20.0913 1080 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:01:20.0991 1080 IPMIDRV - ok
16:01:21.0116 1080 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:01:21.0116 1080 IPNAT - ok
16:01:21.0209 1080 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:01:21.0209 1080 IRENUM - ok
16:01:21.0240 1080 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:01:21.0256 1080 isapnp - ok
16:01:21.0396 1080 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:01:21.0412 1080 iScsiPrt - ok
16:01:21.0443 1080 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:01:21.0443 1080 kbdclass - ok
16:01:21.0506 1080 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:01:21.0506 1080 kbdhid - ok
16:01:21.0552 1080 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:01:21.0552 1080 KeyIso - ok
16:01:21.0615 1080 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:01:21.0615 1080 KSecDD - ok
16:01:21.0693 1080 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:01:21.0740 1080 KSecPkg - ok
16:01:21.0786 1080 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:01:21.0802 1080 ksthunk - ok
16:01:21.0958 1080 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:01:21.0974 1080 KtmRm - ok
16:01:22.0067 1080 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:01:22.0067 1080 LanmanServer - ok
16:01:22.0192 1080 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:01:22.0208 1080 LanmanWorkstation - ok
16:01:22.0332 1080 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:01:22.0332 1080 lltdio - ok
16:01:22.0457 1080 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:01:22.0473 1080 lltdsvc - ok
16:01:22.0488 1080 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:01:22.0488 1080 lmhosts - ok
16:01:22.0613 1080 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:01:22.0613 1080 LSI_FC - ok
16:01:22.0691 1080 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:01:22.0691 1080 LSI_SAS - ok
16:01:22.0754 1080 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:01:22.0754 1080 LSI_SAS2 - ok
16:01:22.0894 1080 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:01:22.0894 1080 LSI_SCSI - ok
16:01:23.0019 1080 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:01:23.0019 1080 luafv - ok
16:01:23.0128 1080 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:01:23.0144 1080 Mcx2Svc - ok
16:01:23.0190 1080 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:01:23.0190 1080 megasas - ok
16:01:23.0300 1080 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:01:23.0378 1080 MegaSR - ok
16:01:23.0471 1080 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:01:23.0487 1080 MMCSS - ok
16:01:23.0549 1080 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:01:23.0549 1080 Modem - ok
16:01:23.0674 1080 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:01:23.0674 1080 monitor - ok
16:01:23.0768 1080 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:01:23.0768 1080 mouclass - ok
16:01:23.0892 1080 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:01:23.0908 1080 mouhid - ok
16:01:23.0970 1080 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:01:23.0970 1080 mountmgr - ok
16:01:24.0204 1080 [ EF20340BD2346BCD502A118E78BD1E58 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:01:24.0314 1080 MozillaMaintenance - ok
16:01:24.0376 1080 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:01:24.0376 1080 mpio - ok
16:01:24.0423 1080 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:01:24.0423 1080 mpsdrv - ok
16:01:24.0579 1080 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:01:24.0594 1080 MpsSvc - ok
16:01:24.0610 1080 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:01:24.0626 1080 MRxDAV - ok
16:01:24.0672 1080 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:01:24.0688 1080 mrxsmb - ok
16:01:24.0766 1080 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:01:24.0782 1080 mrxsmb10 - ok
16:01:24.0797 1080 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:01:24.0797 1080 mrxsmb20 - ok
16:01:24.0860 1080 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:01:24.0860 1080 msahci - ok
16:01:24.0922 1080 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:01:24.0922 1080 msdsm - ok
16:01:24.0984 1080 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:01:24.0984 1080 MSDTC - ok
16:01:25.0031 1080 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:01:25.0031 1080 Msfs - ok
16:01:25.0062 1080 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:01:25.0062 1080 mshidkmdf - ok
16:01:25.0109 1080 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:01:25.0109 1080 msisadrv - ok
16:01:25.0218 1080 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:01:25.0234 1080 MSiSCSI - ok
16:01:25.0234 1080 msiserver - ok
16:01:25.0359 1080 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:01:25.0359 1080 MSKSSRV - ok
16:01:25.0437 1080 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:01:25.0437 1080 MSPCLOCK - ok
16:01:25.0515 1080 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:01:25.0515 1080 MSPQM - ok
16:01:25.0577 1080 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:01:25.0593 1080 MsRPC - ok
16:01:25.0624 1080 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:01:25.0624 1080 mssmbios - ok
16:01:25.0749 1080 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:01:25.0749 1080 MSTEE - ok
16:01:25.0764 1080 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:01:25.0764 1080 MTConfig - ok
16:01:25.0874 1080 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:01:25.0874 1080 Mup - ok
16:01:25.0952 1080 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:01:25.0952 1080 napagent - ok
16:01:26.0092 1080 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:01:26.0108 1080 NativeWifiP - ok
16:01:26.0186 1080 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:01:26.0201 1080 NDIS - ok
16:01:26.0295 1080 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:01:26.0295 1080 NdisCap - ok
16:01:26.0388 1080 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:01:26.0388 1080 NdisTapi - ok
16:01:26.0544 1080 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:01:26.0560 1080 Ndisuio - ok
16:01:26.0607 1080 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:01:26.0622 1080 NdisWan - ok
16:01:26.0669 1080 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:01:26.0685 1080 NDProxy - ok
16:01:26.0810 1080 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:01:26.0810 1080 NetBIOS - ok
16:01:26.0888 1080 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:01:26.0903 1080 NetBT - ok
16:01:26.0919 1080 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:01:26.0919 1080 Netlogon - ok
16:01:27.0012 1080 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:01:27.0028 1080 Netman - ok
16:01:27.0028 1080 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:01:27.0028 1080 netprofm - ok
16:01:27.0106 1080 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:01:27.0106 1080 NetTcpPortSharing - ok
16:01:27.0200 1080 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:01:27.0200 1080 nfrd960 - ok
16:01:27.0293 1080 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:01:27.0309 1080 NlaSvc - ok
16:01:27.0340 1080 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:01:27.0356 1080 Npfs - ok
16:01:27.0402 1080 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:01:27.0402 1080 nsi - ok
16:01:27.0449 1080 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:01:27.0449 1080 nsiproxy - ok
16:01:27.0574 1080 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:01:27.0652 1080 Ntfs - ok
16:01:27.0699 1080 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:01:27.0699 1080 Null - ok
16:01:27.0777 1080 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:01:27.0792 1080 nvraid - ok
16:01:27.0855 1080 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:01:27.0855 1080 nvstor - ok
16:01:27.0917 1080 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:01:27.0980 1080 nv_agp - ok
16:01:28.0058 1080 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:01:28.0104 1080 ohci1394 - ok
16:01:28.0338 1080 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:01:28.0448 1080 ose - ok
16:01:29.0586 1080 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:01:29.0696 1080 osppsvc - ok
16:01:29.0789 1080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:01:29.0805 1080 p2pimsvc - ok
16:01:29.0883 1080 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:01:29.0883 1080 p2psvc - ok
16:01:29.0930 1080 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:01:29.0930 1080 Parport - ok
16:01:29.0992 1080 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:01:29.0992 1080 partmgr - ok
16:01:30.0054 1080 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:01:30.0070 1080 PcaSvc - ok
16:01:30.0101 1080 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:01:30.0101 1080 pci - ok
16:01:30.0132 1080 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:01:30.0132 1080 pciide - ok
16:01:30.0164 1080 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:01:30.0164 1080 pcmcia - ok
16:01:30.0195 1080 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:01:30.0195 1080 pcw - ok
16:01:30.0242 1080 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:01:30.0257 1080 PEAUTH - ok
16:01:30.0366 1080 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:01:30.0382 1080 PerfHost - ok
16:01:30.0585 1080 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:01:30.0600 1080 pla - ok
16:01:30.0772 1080 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:01:30.0772 1080 PlugPlay - ok
16:01:30.0803 1080 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:01:30.0819 1080 PNRPAutoReg - ok
16:01:30.0897 1080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:01:30.0897 1080 PNRPsvc - ok
16:01:31.0053 1080 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:01:31.0115 1080 PolicyAgent - ok
16:01:31.0224 1080 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:01:31.0224 1080 Power - ok
16:01:31.0365 1080 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:01:31.0365 1080 PptpMiniport - ok
16:01:31.0458 1080 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:01:31.0474 1080 Processor - ok
16:01:31.0599 1080 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:01:31.0614 1080 ProfSvc - ok
16:01:31.0646 1080 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:01:31.0646 1080 ProtectedStorage - ok
16:01:31.0848 1080 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:01:31.0848 1080 Psched - ok
16:01:31.0989 1080 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:01:31.0989 1080 PxHlpa64 - ok
16:01:32.0363 1080 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:01:32.0441 1080 ql2300 - ok
16:01:32.0566 1080 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:01:32.0566 1080 ql40xx - ok
16:01:32.0706 1080 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:01:32.0722 1080 QWAVE - ok
16:01:32.0769 1080 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:01:32.0769 1080 QWAVEdrv - ok
16:01:32.0847 1080 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:01:32.0847 1080 RasAcd - ok
16:01:32.0925 1080 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:01:32.0925 1080 RasAgileVpn - ok
16:01:32.0987 1080 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:01:32.0987 1080 RasAuto - ok
16:01:33.0096 1080 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:01:33.0112 1080 Rasl2tp - ok
16:01:33.0174 1080 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:01:33.0174 1080 RasMan - ok
16:01:33.0330 1080 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:01:33.0346 1080 RasPppoe - ok
16:01:33.0424 1080 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:01:33.0440 1080 RasSstp - ok
16:01:33.0549 1080 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:01:33.0564 1080 rdbss - ok
16:01:33.0627 1080 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:01:33.0642 1080 rdpbus - ok
16:01:33.0705 1080 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:01:33.0705 1080 RDPCDD - ok
16:01:33.0861 1080 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:01:33.0861 1080 RDPENCDD - ok
16:01:33.0908 1080 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:01:33.0908 1080 RDPREFMP - ok
16:01:33.0986 1080 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:01:34.0001 1080 RDPWD - ok
16:01:34.0095 1080 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:01:34.0110 1080 rdyboost - ok
16:01:34.0173 1080 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:01:34.0188 1080 RemoteAccess - ok
16:01:34.0251 1080 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:01:34.0251 1080 RemoteRegistry - ok
16:01:34.0313 1080 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:01:34.0329 1080 RpcEptMapper - ok
16:01:34.0376 1080 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:01:34.0376 1080 RpcLocator - ok
16:01:34.0469 1080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:01:34.0469 1080 RpcSs - ok
16:01:34.0578 1080 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:01:34.0578 1080 rspndr - ok
16:01:34.0703 1080 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:01:34.0719 1080 RSUSBSTOR - ok
16:01:34.0937 1080 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:01:34.0953 1080 RTL8167 - ok
16:01:34.0968 1080 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:01:34.0968 1080 SamSs - ok
16:01:35.0046 1080 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:01:35.0046 1080 sbp2port - ok
16:01:35.0124 1080 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:01:35.0124 1080 SCardSvr - ok
16:01:35.0187 1080 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:01:35.0202 1080 scfilter - ok
16:01:35.0405 1080 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:01:35.0421 1080 Schedule - ok
16:01:35.0468 1080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:01:35.0468 1080 SCPolicySvc - ok
16:01:35.0499 1080 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:01:35.0514 1080 SDRSVC - ok
16:01:35.0608 1080 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:01:35.0608 1080 secdrv - ok
16:01:35.0702 1080 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:01:35.0702 1080 seclogon - ok
16:01:35.0795 1080 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:01:35.0795 1080 SENS - ok
16:01:35.0904 1080 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:01:35.0904 1080 SensrSvc - ok
16:01:35.0936 1080 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:01:35.0936 1080 Serenum - ok
16:01:36.0060 1080 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:01:36.0060 1080 Serial - ok
16:01:36.0138 1080 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:01:36.0138 1080 sermouse - ok
16:01:36.0232 1080 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:01:36.0232 1080 SessionEnv - ok
16:01:36.0326 1080 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:01:36.0326 1080 sffdisk - ok
16:01:36.0372 1080 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:01:36.0450 1080 sffp_mmc - ok
16:01:36.0482 1080 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:01:36.0482 1080 sffp_sd - ok
16:01:36.0560 1080 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:01:36.0653 1080 sfloppy - ok
16:01:36.0887 1080 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
16:01:36.0903 1080 Sftfs - ok
16:01:37.0121 1080 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:01:37.0168 1080 sftlist - ok
16:01:37.0308 1080 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:01:37.0308 1080 Sftplay - ok
16:01:37.0355 1080 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:01:37.0355 1080 Sftredir - ok
16:01:37.0792 1080 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:01:37.0964 1080 SftService - ok
16:01:38.0073 1080 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
16:01:38.0073 1080 Sftvol - ok
16:01:38.0213 1080 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:01:38.0213 1080 sftvsa - ok
16:01:38.0432 1080 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:01:38.0447 1080 SharedAccess - ok
16:01:38.0556 1080 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:01:38.0572 1080 ShellHWDetection - ok
16:01:38.0697 1080 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:01:38.0697 1080 SiSRaid2 - ok
16:01:38.0712 1080 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:01:38.0712 1080 SiSRaid4 - ok
16:01:39.0789 1080 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:01:39.0898 1080 Skype C2C Service - ok
16:01:40.0116 1080 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:01:40.0132 1080 SkypeUpdate - ok
16:01:40.0257 1080 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:01:40.0272 1080 Smb - ok
16:01:40.0350 1080 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:01:40.0350 1080 SNMPTRAP - ok
16:01:40.0397 1080 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:01:40.0397 1080 spldr - ok
16:01:40.0506 1080 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:01:40.0522 1080 Spooler - ok
16:01:40.0896 1080 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:01:40.0912 1080 sppsvc - ok
16:01:40.0990 1080 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:01:40.0990 1080 sppuinotify - ok
16:01:41.0193 1080 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:01:41.0208 1080 srv - ok
16:01:41.0318 1080 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:01:41.0333 1080 srv2 - ok
16:01:41.0427 1080 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:01:41.0427 1080 srvnet - ok
16:01:41.0708 1080 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:01:41.0723 1080 SSDPSRV - ok
16:01:41.0801 1080 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:01:41.0817 1080 SstpSvc - ok
16:01:42.0316 1080 [ 463E33B1EA7AF1E6EB87B66B831DB41A ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
16:01:42.0316 1080 STacSV - ok
16:01:42.0394 1080 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:01:42.0394 1080 stexstor - ok
16:01:42.0940 1080 [ 4304B75094E106FB5423A290C95841E5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
16:01:42.0971 1080 STHDA - ok
16:01:43.0049 1080 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:01:43.0065 1080 stisvc - ok
16:01:43.0112 1080 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:01:43.0112 1080 swenum - ok
16:01:43.0268 1080 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:01:43.0283 1080 swprv - ok
16:01:43.0829 1080 [ 8A3FBCB3D6D4710730D27DA4392A4863 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:01:43.0829 1080 SynTP - ok
16:01:44.0406 1080 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:01:44.0438 1080 SysMain - ok
16:01:44.0516 1080 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:01:44.0516 1080 TabletInputService - ok
16:01:44.0672 1080 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:01:44.0687 1080 TapiSrv - ok
16:01:44.0796 1080 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:01:44.0812 1080 TBS - ok
16:01:45.0374 1080 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:01:45.0498 1080 Tcpip - ok
16:01:46.0091 1080 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:01:46.0091 1080 TCPIP6 - ok
16:01:46.0138 1080 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:01:46.0138 1080 tcpipreg - ok
16:01:46.0325 1080 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:01:46.0325 1080 TDPIPE - ok
16:01:46.0403 1080 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:01:46.0419 1080 TDTCP - ok
16:01:46.0466 1080 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:01:46.0466 1080 tdx - ok
16:01:46.0497 1080 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:01:46.0497 1080 TermDD - ok
16:01:46.0700 1080 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:01:46.0715 1080 TermService - ok
16:01:46.0762 1080 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:01:46.0778 1080 Themes - ok
16:01:46.0840 1080 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:01:46.0840 1080 THREADORDER - ok
16:01:46.0965 1080 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:01:46.0965 1080 TrkWks - ok
16:01:47.0058 1080 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:01:47.0058 1080 TrustedInstaller - ok
16:01:47.0105 1080 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:01:47.0105 1080 tssecsrv - ok
16:01:47.0433 1080 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:01:47.0448 1080 TsUsbFlt - ok
16:01:47.0558 1080 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:01:47.0558 1080 tunnel - ok
16:01:47.0620 1080 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:01:47.0620 1080 uagp35 - ok
16:01:47.0698 1080 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:01:47.0698 1080 udfs - ok
16:01:47.0760 1080 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:01:47.0760 1080 UI0Detect - ok
16:01:47.0792 1080 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:01:47.0792 1080 uliagpkx - ok
16:01:47.0870 1080 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:01:47.0870 1080 umbus - ok
16:01:47.0932 1080 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:01:47.0948 1080 UmPass - ok
16:01:48.0026 1080 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:01:48.0026 1080 upnphost - ok
16:01:48.0088 1080 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:01:48.0088 1080 usbccgp - ok
16:01:48.0150 1080 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:01:48.0166 1080 usbcir - ok
16:01:48.0197 1080 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:01:48.0197 1080 usbehci - ok
16:01:48.0244 1080 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:01:48.0244 1080 usbfilter - ok
16:01:48.0306 1080 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:01:48.0322 1080 usbhub - ok
16:01:48.0353 1080 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:01:48.0353 1080 usbohci - ok
16:01:48.0400 1080 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:01:48.0400 1080 usbprint - ok
16:01:48.0431 1080 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:01:48.0431 1080 USBSTOR - ok
16:01:48.0478 1080 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:01:48.0478 1080 usbuhci - ok
16:01:48.0587 1080 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:01:48.0587 1080 usbvideo - ok
16:01:48.0634 1080 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:01:48.0634 1080 UxSms - ok
16:01:48.0650 1080 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:01:48.0665 1080 VaultSvc - ok
16:01:48.0712 1080 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:01:48.0712 1080 vdrvroot - ok
16:01:48.0806 1080 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:01:48.0806 1080 vds - ok
16:01:48.0899 1080 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:01:48.0899 1080 vga - ok
16:01:48.0915 1080 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:01:48.0915 1080 VgaSave - ok
16:01:48.0962 1080 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:01:48.0962 1080 vhdmp - ok
16:01:49.0008 1080 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:01:49.0008 1080 viaide - ok
16:01:49.0040 1080 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:01:49.0055 1080 volmgr - ok
16:01:49.0118 1080 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:01:49.0133 1080 volmgrx - ok
16:01:49.0211 1080 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:01:49.0211 1080 volsnap - ok
16:01:49.0320 1080 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:01:49.0320 1080 vsmraid - ok
16:01:49.0492 1080 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:01:49.0492 1080 VSS - ok
16:01:49.0508 1080 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:01:49.0508 1080 vwifibus - ok
16:01:49.0539 1080 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:01:49.0539 1080 vwififlt - ok
16:01:49.0632 1080 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:01:49.0632 1080 vwifimp - ok
16:01:49.0726 1080 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:01:49.0742 1080 W32Time - ok
16:01:49.0773 1080 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:01:49.0773 1080 WacomPen - ok
16:01:49.0882 1080 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:01:49.0882 1080 WANARP - ok
16:01:49.0929 1080 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:01:49.0929 1080 Wanarpv6 - ok
16:01:50.0428 1080 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:01:50.0444 1080 WatAdminSvc - ok
16:01:50.0584 1080 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:01:50.0615 1080 wbengine - ok
16:01:50.0662 1080 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:01:50.0678 1080 WbioSrvc - ok
16:01:50.0756 1080 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:01:50.0756 1080 wcncsvc - ok
16:01:50.0818 1080 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:01:50.0818 1080 WcsPlugInService - ok
16:01:50.0865 1080 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:01:50.0865 1080 Wd - ok
16:01:50.0974 1080 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:01:50.0990 1080 Wdf01000 - ok
16:01:51.0036 1080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:01:51.0052 1080 WdiServiceHost - ok
16:01:51.0068 1080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:01:51.0068 1080 WdiSystemHost - ok
16:01:51.0146 1080 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:01:51.0161 1080 WebClient - ok
16:01:51.0208 1080 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:01:51.0224 1080 Wecsvc - ok
16:01:51.0239 1080 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:01:51.0255 1080 wercplsupport - ok
16:01:51.0302 1080 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:01:51.0317 1080 WerSvc - ok
16:01:51.0411 1080 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:01:51.0411 1080 WfpLwf - ok
16:01:51.0504 1080 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:01:51.0520 1080 WimFltr - ok
16:01:51.0582 1080 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:01:51.0582 1080 WIMMount - ok
16:01:51.0629 1080 WinDefend - ok
16:01:51.0645 1080 WinHttpAutoProxySvc - ok
16:01:51.0816 1080 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:01:51.0832 1080 Winmgmt - ok
16:01:52.0019 1080 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:01:52.0050 1080 WinRM - ok
16:01:52.0284 1080 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:01:52.0284 1080 WinUsb - ok
16:01:52.0409 1080 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:01:52.0425 1080 Wlansvc - ok
16:01:52.0518 1080 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
16:01:52.0518 1080 wltrysvc - ok
16:01:52.0596 1080 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:01:52.0612 1080 WmiAcpi - ok
16:01:52.0674 1080 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:01:52.0674 1080 wmiApSrv - ok
16:01:52.0721 1080 WMPNetworkSvc - ok
16:01:52.0784 1080 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:01:52.0799 1080 WPCSvc - ok
16:01:52.0877 1080 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:01:52.0877 1080 WPDBusEnum - ok
16:01:52.0940 1080 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:01:52.0940 1080 ws2ifsl - ok
16:01:53.0002 1080 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:01:53.0002 1080 wscsvc - ok
16:01:53.0080 1080 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:01:53.0080 1080 WSDPrintDevice - ok
16:01:53.0158 1080 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
16:01:53.0174 1080 WSDScan - ok
16:01:53.0174 1080 WSearch - ok
16:01:53.0423 1080 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:01:53.0439 1080 wuauserv - ok
16:01:53.0470 1080 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:01:53.0470 1080 WudfPf - ok
16:01:53.0595 1080 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:01:53.0610 1080 WUDFRd - ok
16:01:53.0657 1080 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:01:53.0657 1080 wudfsvc - ok
16:01:53.0751 1080 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:01:53.0751 1080 WwanSvc - ok
16:01:53.0860 1080 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
16:01:53.0860 1080 yukonw7 - ok
16:01:53.0938 1080 ================ Scan global ===============================
16:01:54.0000 1080 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:01:54.0063 1080 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:01:54.0110 1080 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:01:54.0172 1080 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:01:54.0266 1080 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:01:54.0266 1080 [Global] - ok
16:01:54.0266 1080 ================ Scan MBR ==================================
16:01:54.0297 1080 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:01:54.0936 1080 \Device\Harddisk0\DR0 - ok
16:01:54.0936 1080 ================ Scan VBR ==================================
16:01:54.0936 1080 [ B441EA37D64F7609C53FF93C627977EA ] \Device\Harddisk0\DR0\Partition1
16:01:54.0936 1080 \Device\Harddisk0\DR0\Partition1 - ok
16:01:54.0968 1080 [ 4BFEC6FF38FFD66DCBC6EF04C228A197 ] \Device\Harddisk0\DR0\Partition2
16:01:54.0968 1080 \Device\Harddisk0\DR0\Partition2 - ok
16:01:54.0968 1080 ============================================================
16:01:54.0968 1080 Scan finished
16:01:54.0968 1080 ============================================================
16:01:54.0999 1540 Detected object count: 0
16:01:54.0999 1540 Actual detected object count: 0
16:03:05.0227 5808 Deinitialize success



Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
RMA :: RMA-LAPTOP [administrator]

12/12/2012 16:04:04
mbam-log-2012-12-12 (16-04-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328030
Time elapsed: 39 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



# AdwCleaner v2.100 - Logfile created 12/12/2012 at 16:47:42
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : RMA - RMA-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\RMA\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\RMA\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner.txt - [652 octets] - [12/12/2012 16:47:42]

########## EOF - C:\AdwCleaner.txt - [711 octets] ##########



RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : RMA [Admin rights]
Mode : Remove -- Date : 12/12/2012 16:56:24

Bad processes : 0

Registry Entries : 10
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=hxxp://www-cache.freeserve.com:8080;ftp=hxxp://www-cache.freeserve.com:8080) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{1BD969B5-40EE-4BD9-B417-B97A86E98679} : NameServer (62.24.139.6,62.24.243.2) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{1BD969B5-40EE-4BD9-B417-B97A86E98679} : NameServer (62.24.139.6,62.24.243.2) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD50 00BEVT-75A0RT0 SATA Disk Device +++++
--- User ---
[MBR] 009d7cf41906cd24fb2610d13e1e0a60
[BSP] 88024ac716d9957392ab874f6907da46 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 356 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 731136 | Size: 23428 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 48711680 | Size: 453154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12122012_02d1656.txt >>
RKreport[1]_S_12122012_02d1655.txt ; RKreport[2]_D_12122012_02d1656.txt





After a reboot the homepage seems to be back to normal which is great, but I rescanned with MalwareBytes and it's still picking up the Registry Key that is shown in the log above, even though it said it had deleted it successfully.

Thanks again for your help so far Gunto, hopefully we can get rid of it completely :)

#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Study Hall Senior
  • 1,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:43 AM

Posted 12 December 2012 - 11:17 PM

Hi,

Good to see things are going better, though I've got a few more things to try. :)

SUPERAntiSpyware

I need you to run a scan with SUPERAntiSpyware.

  • Download SAS from here, and save it to your desktop.
  • Double click the installer to start the installation. If you do not want to start the trial of the full version, please decline, and feel free to uncheck options to install external toolbars/software, unless you want them. Otherwise, follow the prompts and let the program install.
  • Once the program is done installing and updating, tick the Complete Scan option on the interface, and press the big Scan your Computer... button. Ensure that the options Activate Scan Boost™ > Low boost and Scan inside .ZIP archives are selected and Start Complete Scan.
  • After scanning, be sure to remove all detected threats if any were detected. If asked to reboot to remove threats, do so immediately.
  • Once finished, return to the main interface, go to View Scan Logs and view the newest log. Copy and paste it into your reply.

ESET Online Scanner

I need you to run a scan with ESET Online Scanner.

  • Download the scanner from here, and save it to your desktop.
  • Double click the file to install the program. Once it's done, accept the terms of use and click Start. Be sure the following settings are checked before beginning:
    Scan archives
    Remove found threats
    Scan potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth technology
  • Once the scan is done, if anything was found, click List of found threats, and then Export to text file..., and save the log to your desktop.
  • Click << Back, and then Finish. If you have to reboot, do so immediately.
  • After ESET finishes scanning and removing threats, copy and paste the log into your reply.

Junkware Removal Tool

I need you to run a scan with Junkware Removal Tool.

  • Download JRT from here, and save it to your desktop.
  • Double click the file to open it, and hit any key as per the instructions of the popped up window.
  • Once the scan is done, copy and paste the contents of the resulting log into your reply.

Let me know how the PC is running after running these.

Gunto

qWmsXE2.jpg

It's pronounced Goon-toe!
Member of the Bleeping Computer A.I.I. early response team!


#6 gizmog

gizmog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 13 December 2012 - 12:58 PM

Attaching the logs below! It seems to have found and deleted some things but the initial bad registry key is still being detected in malwarebytes after a reboot :(

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/13/2012 at 11:33 AM

Application Version : 5.6.1014

Core Rules Database Version : 9732
Trace Rules Database Version: 7544

Scan type : Complete Scan
Total Scan Time : 00:36:07

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 716
Memory threats detected : 0
Registry items scanned : 70183
Registry threats detected : 0
File items scanned : 54624
File threats detected : 34

Adware.Tracking Cookie
C:\USERS\RMA\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWG85O5A.txt [ Cookie:[email protected]/pagead/conversion/1052825908/ ]
C:\USERS\RMA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QIJL6R14.txt [ Cookie:[email protected]/ ]
C:\USERS\RMA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWFLPX68.txt [ Cookie:[email protected]/ ]
C:\USERS\RMA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PDRLQKI0.txt [ Cookie:[email protected]/ ]
C:\USERS\RMA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RFN8IAWQ.txt [ Cookie:[email protected]/ ]
.doubleclick.net [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\RMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.VXGame-Variant/D
C:\USERS\RMA\APPDATA\LOCAL\APPS\2.0\PMVN8KR6.G8N\85A0M6LB.63P\GOOG...APP_4FE91EDE9F9BDCA3_0001.0003_838A067EF695B1DD\CLICKONCE_BOOTSTRAP.EXE






ESET

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.0 (12.12.2012:3)
OS: Windows 7 Home Premium x64
Ran by RMA on 13/12/2012 at 17:29:31.04
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\ilividtoolbarguid"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\RMA\appdata\locallow\ilividtoolbarguid"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/12/2012 at 17:36:02.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7 gizmog

gizmog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 13 December 2012 - 02:44 PM

Update! (Sorry for the double post)

It seems that after a few more reboots MalwareBytes no longer detects the problem so I think it's all fixed! Thanks very much for your help Gunto, I couldn't have done it without your help :D

#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Study Hall Senior
  • 1,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:43 AM

Posted 14 December 2012 - 12:32 AM

Hi,

That's great news! But we're not quite done yet, I have a few more things for you to do. :)

Security Check

I need you to run a checkup with Security Check.

  • Download Security Check here, and save it to your desktop.
  • Double click the file to run it. In the first screen, hit any key and let the scan run.
  • Once the scan is finished, copy and paste the resulting log into your reply.

Gunto

qWmsXE2.jpg

It's pronounced Goon-toe!
Member of the Bleeping Computer A.I.I. early response team!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users