Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program


  • This topic is locked This topic is locked
23 replies to this topic

#1 Mortuza

Mortuza

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 03 June 2012 - 07:08 PM

Mod Edit:MOVED to Virus,Trojan and Malware Removal Logs ~~boopme


Hi,
I am referring to the following post.

http://www.bleepingcomputer.com/forums/topic444580.html

I am having the same problem to log in to Windows. I installed MSE and restarted my PC. After that I saw that stupid blue screen with the message. Fortunately, I did partition of my computer where I have Linux Mint and I am now working on Linux. But I would like to wake up my Windows too.

I followed the procedure that was mentioned in the above post and got the following log. I would really appreciate if anyone could help me out mentioning the further procedure.

Scan result of Farbar Recovery Scan Tool Version: 03-06-2012
Ran by SYSTEM at 03-06-2012 16:50:09
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-06-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-06-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-06-28] (Intel Corporation)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKU\Mortuza\...\Run: [Google Update] "C:\Users\Mortuza\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-01] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 134.121.139.10 134.121.80.36
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-05-12] (Microsoft Corporation)
2 jhi_service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [212944 2011-02-23] (Intel Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-03] (Intel Corporation)
2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe" [79872 2012-01-18] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [846448 2011-08-29] (VMware, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

1 mrjtkulo; \??\C:\Windows\system32\drivers\mrjtkulo.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-03 16:49 - 2012-06-03 16:50 - 0000000 ____D C:\FRST
2012-06-03 15:18 - 2012-06-03 15:18 - 0000899 ____A C:\Users\Mortuza\Desktop\fixlist.txt
2012-06-03 15:17 - 2012-06-03 15:04 - 1395739 ____A C:\Users\Mortuza\Desktop\FRST64.exe

============ 3 Months Modified Files and Folders =============

2012-06-03 15:44 - 2009-07-13 20:45 - 0231984 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-03 15:43 - 2012-01-06 02:06 - 3140173824 __ASH C:\hiberfil.sys
2012-06-03 15:18 - 2012-06-03 15:18 - 0000899 ____A C:\Users\Mortuza\Desktop\fixlist.txt
2012-06-03 15:04 - 2012-06-03 15:17 - 1395739 ____A C:\Users\Mortuza\Desktop\FRST64.exe


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3992.94 MB
Available physical RAM: 3385.78 MB
Total Pagefile: 3991.14 MB
Available Pagefile: 3353.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:69.22 GB) (Free:40.82 GB) NTFS
3 Drive f: (PENDRIVE) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:10.29 GB) (Free:5.4 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 3072 KB
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 69 GB 10 GB
Partition 0 Extended 386 GB 79 GB
Partition 4 Logical 7327 MB 79 GB
Partition 5 Logical 280 GB 86 GB
Partition 6 Logical 94 GB 367 GB
Partition 7 Logical 3991 MB 461 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 10 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 69 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 5
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 6
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 7
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PENDRIVE FAT32 Removable 3818 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2011-02-10 08:26

======================= End Of Log ==========================


Thanks in advance!

Regards,
Mortuza

Edited by boopme, 03 June 2012 - 07:18 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:43 AM

Posted 03 June 2012 - 08:31 PM

Hi,

Please delete the fixlist.txt from your desktop (the fix is designed for a specific machine so please do not use a fix designed for someone else)


now run the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
script removed
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 03 July 2012 - 08:46 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Mortuza

Mortuza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 04 June 2012 - 06:53 PM

Hi,
Thank you very much for the reply. Here are the logs of Fixlog.txt and comboFix respectively:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 2012-06-04 16:21:40 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
mrjtkulo service deleted successfully.

========= bootrec /FixMbr =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /fixboot =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====


Combofix Log:


ComboFix 12-06-04.02 - Mortuza 06/04/2012 16:25:31.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2799 [GMT -7:00]
Running from: c:\users\Mortuza\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\22cd857d
c:\users\Mortuza\AppData\Roaming\af0edbd6
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 23:28 . 2012-06-04 23:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 00:49 . 2012-06-04 00:50 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215562549-1918524831-555650164-1000Core.job
- c:\users\Mortuza\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-01 23:50]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215562549-1918524831-555650164-1000UA.job
- c:\users\Mortuza\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-01 23:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 134.121.139.10 134.121.80.36
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-04 16:31:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 23:31
.
Pre-Run: 43,675,508,736 bytes free
Post-Run: 43,667,750,912 bytes free
.
- - End Of File - - CB270D65BEB3637CFE17343F07869787

My Windows is working fine now. But I am unable to see my Linux OS now when the computer starts. Does that mean that I have lost all my data which was in Linux? I would like to have both Windows and Linux. I would really appreciate if you could let me know how I can see all the files of Linux.

Thanks,
Mortuza

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:43 AM

Posted 04 June 2012 - 07:04 PM

No,

the Linux files will all still be there, bear with me until I return with a solution.

in the meantime

please run the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Mortuza

Mortuza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 04 June 2012 - 07:20 PM

Hi,
Thanks for the response. Here is the log file:


17:15:03.0274 1952 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
17:15:03.0677 1952 ============================================================
17:15:03.0677 1952 Current date / time: 2012/06/04 17:15:03.0677
17:15:03.0677 1952 SystemInfo:
17:15:03.0677 1952
17:15:03.0677 1952 OS Version: 6.1.7601 ServicePack: 1.0
17:15:03.0677 1952 Product type: Workstation
17:15:03.0677 1952 ComputerName: MORTUZA-PC
17:15:03.0677 1952 UserName: Mortuza
17:15:03.0677 1952 Windows directory: C:\Windows
17:15:03.0677 1952 System windows directory: C:\Windows
17:15:03.0677 1952 Running under WOW64
17:15:03.0677 1952 Processor architecture: Intel x64
17:15:03.0677 1952 Number of processors: 4
17:15:03.0677 1952 Page size: 0x1000
17:15:03.0677 1952 Boot type: Normal boot
17:15:03.0677 1952 ============================================================
17:15:04.0441 1952 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:15:04.0495 1952 ============================================================
17:15:04.0495 1952 \Device\Harddisk0\DR0:
17:15:04.0495 1952 MBR partitions:
17:15:04.0495 1952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1497000
17:15:04.0495 1952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14AB800, BlocksNum 0x8A73000
17:15:04.0555 1952 ============================================================
17:15:04.0593 1952 C: <-> \Device\Harddisk0\DR0\Partition1
17:15:04.0593 1952 ============================================================
17:15:04.0593 1952 Initialize success
17:15:04.0593 1952 ============================================================
17:15:37.0880 0128 ============================================================
17:15:37.0880 0128 Scan started
17:15:37.0880 0128 Mode: Manual; TDLFS;
17:15:37.0880 0128 ============================================================
17:15:38.0315 0128 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:15:38.0319 0128 1394ohci - ok
17:15:38.0342 0128 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:15:38.0346 0128 ACPI - ok
17:15:38.0354 0128 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:15:38.0355 0128 AcpiPmi - ok
17:15:38.0381 0128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:15:38.0388 0128 adp94xx - ok
17:15:38.0401 0128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:15:38.0406 0128 adpahci - ok
17:15:38.0414 0128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:15:38.0416 0128 adpu320 - ok
17:15:38.0435 0128 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:15:38.0436 0128 AeLookupSvc - ok
17:15:38.0490 0128 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:15:38.0494 0128 AFD - ok
17:15:38.0507 0128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:15:38.0509 0128 agp440 - ok
17:15:38.0515 0128 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:15:38.0517 0128 ALG - ok
17:15:38.0520 0128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:15:38.0521 0128 aliide - ok
17:15:38.0524 0128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:15:38.0525 0128 amdide - ok
17:15:38.0530 0128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:15:38.0531 0128 AmdK8 - ok
17:15:38.0535 0128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:15:38.0536 0128 AmdPPM - ok
17:15:38.0551 0128 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:15:38.0553 0128 amdsata - ok
17:15:38.0563 0128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:15:38.0565 0128 amdsbs - ok
17:15:38.0568 0128 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:15:38.0569 0128 amdxata - ok
17:15:38.0574 0128 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:15:38.0575 0128 AppID - ok
17:15:38.0588 0128 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:15:38.0589 0128 AppIDSvc - ok
17:15:38.0594 0128 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:15:38.0595 0128 Appinfo - ok
17:15:38.0630 0128 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:15:38.0633 0128 AppMgmt - ok
17:15:38.0649 0128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:15:38.0651 0128 arc - ok
17:15:38.0657 0128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:15:38.0659 0128 arcsas - ok
17:15:38.0822 0128 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:15:38.0838 0128 aspnet_state - ok
17:15:38.0853 0128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:15:38.0853 0128 AsyncMac - ok
17:15:38.0893 0128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:15:38.0894 0128 atapi - ok
17:15:38.0945 0128 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:15:38.0954 0128 AudioEndpointBuilder - ok
17:15:38.0961 0128 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:15:38.0967 0128 AudioSrv - ok
17:15:38.0995 0128 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:15:38.0996 0128 AxInstSV - ok
17:15:39.0023 0128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:15:39.0029 0128 b06bdrv - ok
17:15:39.0070 0128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:15:39.0074 0128 b57nd60a - ok
17:15:39.0143 0128 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:15:39.0146 0128 BBSvc - ok
17:15:39.0176 0128 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:15:39.0179 0128 BBUpdate - ok
17:15:39.0217 0128 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:15:39.0219 0128 BDESVC - ok
17:15:39.0222 0128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:15:39.0223 0128 Beep - ok
17:15:39.0271 0128 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:15:39.0289 0128 BFE - ok
17:15:39.0326 0128 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:15:39.0339 0128 BITS - ok
17:15:39.0425 0128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:15:39.0426 0128 blbdrive - ok
17:15:39.0458 0128 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:15:39.0460 0128 bowser - ok
17:15:39.0469 0128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:15:39.0471 0128 BrFiltLo - ok
17:15:39.0474 0128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:15:39.0475 0128 BrFiltUp - ok
17:15:39.0502 0128 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:15:39.0504 0128 BridgeMP - ok
17:15:39.0535 0128 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:15:39.0538 0128 Browser - ok
17:15:39.0560 0128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:15:39.0565 0128 Brserid - ok
17:15:39.0570 0128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:15:39.0571 0128 BrSerWdm - ok
17:15:39.0575 0128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:15:39.0576 0128 BrUsbMdm - ok
17:15:39.0579 0128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:15:39.0581 0128 BrUsbSer - ok
17:15:39.0584 0128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:15:39.0585 0128 BTHMODEM - ok
17:15:39.0599 0128 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:15:39.0600 0128 bthserv - ok
17:15:39.0613 0128 catchme - ok
17:15:39.0626 0128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:15:39.0628 0128 cdfs - ok
17:15:39.0650 0128 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:15:39.0653 0128 cdrom - ok
17:15:39.0673 0128 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:15:39.0675 0128 CertPropSvc - ok
17:15:39.0681 0128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:15:39.0682 0128 circlass - ok
17:15:39.0701 0128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:15:39.0705 0128 CLFS - ok
17:15:39.0804 0128 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:39.0806 0128 clr_optimization_v2.0.50727_32 - ok
17:15:39.0869 0128 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:15:39.0871 0128 clr_optimization_v2.0.50727_64 - ok
17:15:39.0971 0128 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:15:39.0992 0128 clr_optimization_v4.0.30319_32 - ok
17:15:40.0084 0128 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:15:40.0100 0128 clr_optimization_v4.0.30319_64 - ok
17:15:40.0136 0128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:15:40.0138 0128 CmBatt - ok
17:15:40.0141 0128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:15:40.0143 0128 cmdide - ok
17:15:40.0173 0128 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:15:40.0179 0128 CNG - ok
17:15:40.0248 0128 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
17:15:40.0261 0128 CnxtHdAudService - ok
17:15:40.0485 0128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:15:40.0487 0128 Compbatt - ok
17:15:40.0510 0128 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:15:40.0511 0128 CompositeBus - ok
17:15:40.0518 0128 COMSysApp - ok
17:15:40.0525 0128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:15:40.0527 0128 crcdisk - ok
17:15:40.0554 0128 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:15:40.0557 0128 CryptSvc - ok
17:15:40.0590 0128 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:15:40.0596 0128 CSC - ok
17:15:40.0619 0128 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:15:40.0628 0128 CscService - ok
17:15:40.0657 0128 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:15:40.0664 0128 DcomLaunch - ok
17:15:40.0691 0128 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:15:40.0695 0128 defragsvc - ok
17:15:40.0790 0128 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:15:40.0792 0128 DfsC - ok
17:15:40.0823 0128 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:15:40.0827 0128 Dhcp - ok
17:15:40.0833 0128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:15:40.0834 0128 discache - ok
17:15:40.0852 0128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:15:40.0854 0128 Disk - ok
17:15:40.0878 0128 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:15:40.0879 0128 dmvsc - ok
17:15:40.0902 0128 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:15:40.0905 0128 Dnscache - ok
17:15:40.0922 0128 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:15:40.0926 0128 dot3svc - ok
17:15:40.0938 0128 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:15:40.0941 0128 DPS - ok
17:15:40.0967 0128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:15:40.0967 0128 drmkaud - ok
17:15:41.0007 0128 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:15:41.0021 0128 DXGKrnl - ok
17:15:41.0035 0128 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:15:41.0037 0128 EapHost - ok
17:15:41.0177 0128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:15:41.0224 0128 ebdrv - ok
17:15:41.0398 0128 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:15:41.0415 0128 EFS - ok
17:15:41.0494 0128 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:15:41.0538 0128 ehRecvr - ok
17:15:41.0552 0128 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:15:41.0569 0128 ehSched - ok
17:15:41.0684 0128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:15:41.0691 0128 elxstor - ok
17:15:41.0695 0128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:15:41.0696 0128 ErrDev - ok
17:15:41.0728 0128 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:15:41.0732 0128 EventSystem - ok
17:15:41.0744 0128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:15:41.0747 0128 exfat - ok
17:15:41.0756 0128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:15:41.0759 0128 fastfat - ok
17:15:41.0784 0128 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:15:41.0792 0128 Fax - ok
17:15:41.0796 0128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:15:41.0798 0128 fdc - ok
17:15:41.0810 0128 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:15:41.0811 0128 fdPHost - ok
17:15:41.0815 0128 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:15:41.0816 0128 FDResPub - ok
17:15:41.0831 0128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:15:41.0833 0128 FileInfo - ok
17:15:41.0837 0128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:15:41.0838 0128 Filetrace - ok
17:15:41.0842 0128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:15:41.0843 0128 flpydisk - ok
17:15:41.0858 0128 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:15:41.0862 0128 FltMgr - ok
17:15:41.0910 0128 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:15:41.0931 0128 FontCache - ok
17:15:41.0996 0128 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:15:41.0997 0128 FontCache3.0.0.0 - ok
17:15:42.0056 0128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:15:42.0056 0128 FsDepends - ok
17:15:42.0072 0128 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:15:42.0072 0128 Fs_Rec - ok
17:15:42.0088 0128 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:15:42.0088 0128 fvevol - ok
17:15:42.0103 0128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:15:42.0119 0128 gagp30kx - ok
17:15:42.0152 0128 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:15:42.0162 0128 gpsvc - ok
17:15:42.0165 0128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:15:42.0166 0128 hcw85cir - ok
17:15:42.0187 0128 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:15:42.0188 0128 HDAudBus - ok
17:15:42.0192 0128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:15:42.0193 0128 HidBatt - ok
17:15:42.0198 0128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:15:42.0200 0128 HidBth - ok
17:15:42.0213 0128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:15:42.0214 0128 HidIr - ok
17:15:42.0229 0128 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:15:42.0231 0128 hidserv - ok
17:15:42.0242 0128 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:15:42.0243 0128 HidUsb - ok
17:15:42.0270 0128 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:15:42.0273 0128 hkmsvc - ok
17:15:42.0291 0128 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:15:42.0295 0128 HomeGroupListener - ok
17:15:42.0314 0128 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:15:42.0319 0128 HomeGroupProvider - ok
17:15:42.0359 0128 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:15:42.0361 0128 HpSAMD - ok
17:15:42.0402 0128 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:15:42.0412 0128 HTTP - ok
17:15:42.0416 0128 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:15:42.0417 0128 hwpolicy - ok
17:15:42.0428 0128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:15:42.0430 0128 i8042prt - ok
17:15:42.0451 0128 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:15:42.0455 0128 iaStorV - ok
17:15:42.0551 0128 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:15:42.0561 0128 idsvc - ok
17:15:42.0873 0128 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:15:43.0056 0128 igfx - ok
17:15:43.0310 0128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:15:43.0312 0128 iirsp - ok
17:15:43.0356 0128 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:15:43.0367 0128 IKEEXT - ok
17:15:43.0404 0128 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:15:43.0409 0128 IntcDAud - ok
17:15:43.0429 0128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:15:43.0431 0128 intelide - ok
17:15:43.0442 0128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:15:43.0443 0128 intelppm - ok
17:15:43.0468 0128 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:15:43.0471 0128 IPBusEnum - ok
17:15:43.0485 0128 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:15:43.0487 0128 IpFilterDriver - ok
17:15:43.0544 0128 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:15:43.0553 0128 iphlpsvc - ok
17:15:43.0565 0128 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:15:43.0567 0128 IPMIDRV - ok
17:15:43.0573 0128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:15:43.0574 0128 IPNAT - ok
17:15:43.0584 0128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:15:43.0585 0128 IRENUM - ok
17:15:43.0588 0128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:15:43.0589 0128 isapnp - ok
17:15:43.0607 0128 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:15:43.0609 0128 iScsiPrt - ok
17:15:43.0682 0128 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
17:15:43.0724 0128 jhi_service - ok
17:15:43.0760 0128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:15:43.0761 0128 kbdclass - ok
17:15:43.0775 0128 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:15:43.0776 0128 kbdhid - ok
17:15:43.0796 0128 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:43.0798 0128 KeyIso - ok
17:15:43.0816 0128 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:15:43.0818 0128 KSecDD - ok
17:15:43.0836 0128 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:15:43.0838 0128 KSecPkg - ok
17:15:43.0851 0128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:15:43.0852 0128 ksthunk - ok
17:15:43.0893 0128 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:15:43.0900 0128 KtmRm - ok
17:15:43.0928 0128 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:15:43.0933 0128 LanmanServer - ok
17:15:43.0956 0128 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:15:43.0959 0128 LanmanWorkstation - ok
17:15:43.0971 0128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:15:43.0972 0128 lltdio - ok
17:15:43.0994 0128 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:15:43.0999 0128 lltdsvc - ok
17:15:44.0010 0128 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:15:44.0012 0128 lmhosts - ok
17:15:44.0087 0128 LMS (5f5899711df18a02162b6d518c17b0d7) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:15:44.0091 0128 LMS - ok
17:15:44.0122 0128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:15:44.0124 0128 LSI_FC - ok
17:15:44.0143 0128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:15:44.0145 0128 LSI_SAS - ok
17:15:44.0152 0128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:15:44.0154 0128 LSI_SAS2 - ok
17:15:44.0164 0128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:15:44.0166 0128 LSI_SCSI - ok
17:15:44.0176 0128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:15:44.0177 0128 luafv - ok
17:15:44.0202 0128 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:15:44.0205 0128 Mcx2Svc - ok
17:15:44.0207 0128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:15:44.0207 0128 megasas - ok
17:15:44.0217 0128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:15:44.0227 0128 MegaSR - ok
17:15:44.0257 0128 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:15:44.0257 0128 MEIx64 - ok
17:15:44.0278 0128 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:15:44.0280 0128 MMCSS - ok
17:15:44.0286 0128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:15:44.0287 0128 Modem - ok
17:15:44.0291 0128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:15:44.0292 0128 monitor - ok
17:15:44.0307 0128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:15:44.0307 0128 mouclass - ok
17:15:44.0311 0128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:15:44.0312 0128 mouhid - ok
17:15:44.0318 0128 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:15:44.0319 0128 mountmgr - ok
17:15:44.0348 0128 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
17:15:44.0349 0128 MpFilter - ok
17:15:44.0358 0128 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:15:44.0360 0128 mpio - ok
17:15:44.0365 0128 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:15:44.0366 0128 MpNWMon - ok
17:15:44.0373 0128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:15:44.0375 0128 mpsdrv - ok
17:15:44.0456 0128 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:15:44.0468 0128 MpsSvc - ok
17:15:44.0481 0128 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:15:44.0483 0128 MRxDAV - ok
17:15:44.0505 0128 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:15:44.0508 0128 mrxsmb - ok
17:15:44.0519 0128 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:15:44.0523 0128 mrxsmb10 - ok
17:15:44.0531 0128 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:15:44.0532 0128 mrxsmb20 - ok
17:15:44.0555 0128 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:15:44.0556 0128 msahci - ok
17:15:44.0573 0128 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:15:44.0576 0128 msdsm - ok
17:15:44.0594 0128 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:15:44.0598 0128 MSDTC - ok
17:15:44.0606 0128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:15:44.0607 0128 Msfs - ok
17:15:44.0618 0128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:15:44.0619 0128 mshidkmdf - ok
17:15:44.0643 0128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:15:44.0643 0128 msisadrv - ok
17:15:44.0668 0128 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:15:44.0671 0128 MSiSCSI - ok
17:15:44.0675 0128 msiserver - ok
17:15:44.0688 0128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:15:44.0690 0128 MSKSSRV - ok
17:15:44.0751 0128 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:15:44.0752 0128 MsMpSvc - ok
17:15:44.0756 0128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:15:44.0757 0128 MSPCLOCK - ok
17:15:44.0760 0128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:15:44.0761 0128 MSPQM - ok
17:15:44.0781 0128 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:15:44.0786 0128 MsRPC - ok
17:15:44.0793 0128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:15:44.0794 0128 mssmbios - ok
17:15:44.0797 0128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:15:44.0798 0128 MSTEE - ok
17:15:44.0802 0128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:15:44.0803 0128 MTConfig - ok
17:15:44.0808 0128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:15:44.0808 0128 Mup - ok
17:15:44.0848 0128 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:15:44.0855 0128 napagent - ok
17:15:44.0894 0128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:15:44.0898 0128 NativeWifiP - ok
17:15:44.0961 0128 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
17:15:44.0972 0128 NDIS - ok
17:15:44.0989 0128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:15:44.0990 0128 NdisCap - ok
17:15:45.0002 0128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:15:45.0003 0128 NdisTapi - ok
17:15:45.0008 0128 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:15:45.0009 0128 Ndisuio - ok
17:15:45.0020 0128 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:15:45.0022 0128 NdisWan - ok
17:15:45.0035 0128 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:15:45.0037 0128 NDProxy - ok
17:15:45.0050 0128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:15:45.0051 0128 NetBIOS - ok
17:15:45.0074 0128 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:15:45.0078 0128 NetBT - ok
17:15:45.0095 0128 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:45.0097 0128 Netlogon - ok
17:15:45.0139 0128 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:15:45.0145 0128 Netman - ok
17:15:45.0276 0128 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:15:45.0285 0128 NetMsmqActivator - ok
17:15:45.0289 0128 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:15:45.0290 0128 NetPipeActivator - ok
17:15:45.0306 0128 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:15:45.0322 0128 netprofm - ok
17:15:45.0322 0128 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:15:45.0322 0128 NetTcpActivator - ok
17:15:45.0322 0128 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:15:45.0322 0128 NetTcpPortSharing - ok
17:15:45.0450 0128 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
17:15:45.0452 0128 netvsc - ok
17:15:45.0480 0128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:15:45.0482 0128 nfrd960 - ok
17:15:45.0508 0128 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:15:45.0509 0128 NisDrv - ok
17:15:45.0569 0128 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
17:15:45.0573 0128 NisSrv - ok
17:15:45.0616 0128 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:15:45.0621 0128 NlaSvc - ok
17:15:45.0627 0128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:15:45.0628 0128 Npfs - ok
17:15:45.0637 0128 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:15:45.0640 0128 nsi - ok
17:15:45.0643 0128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:15:45.0644 0128 nsiproxy - ok
17:15:45.0703 0128 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:15:45.0725 0128 Ntfs - ok
17:15:45.0969 0128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:15:45.0970 0128 Null - ok
17:15:46.0000 0128 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:15:46.0003 0128 nvraid - ok
17:15:46.0012 0128 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:15:46.0014 0128 nvstor - ok
17:15:46.0029 0128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:15:46.0031 0128 nv_agp - ok
17:15:46.0037 0128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:15:46.0039 0128 ohci1394 - ok
17:15:46.0063 0128 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:15:46.0069 0128 p2pimsvc - ok
17:15:46.0091 0128 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:15:46.0098 0128 p2psvc - ok
17:15:46.0106 0128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:15:46.0108 0128 Parport - ok
17:15:46.0115 0128 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:15:46.0116 0128 partmgr - ok
17:15:46.0124 0128 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:15:46.0127 0128 PcaSvc - ok
17:15:46.0144 0128 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:15:46.0146 0128 pci - ok
17:15:46.0169 0128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:15:46.0169 0128 pciide - ok
17:15:46.0186 0128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:15:46.0190 0128 pcmcia - ok
17:15:46.0196 0128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:15:46.0196 0128 pcw - ok
17:15:46.0215 0128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:15:46.0220 0128 PEAUTH - ok
17:15:46.0285 0128 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:15:46.0312 0128 PeerDistSvc - ok
17:15:46.0482 0128 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:15:46.0484 0128 PerfHost - ok
17:15:46.0674 0128 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:15:46.0718 0128 pla - ok
17:15:46.0758 0128 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:15:46.0765 0128 PlugPlay - ok
17:15:46.0779 0128 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:15:46.0781 0128 PNRPAutoReg - ok
17:15:46.0793 0128 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:15:46.0797 0128 PNRPsvc - ok
17:15:46.0829 0128 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:15:46.0836 0128 PolicyAgent - ok
17:15:46.0873 0128 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
17:15:46.0877 0128 Power - ok
17:15:46.0987 0128 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:15:46.0989 0128 PptpMiniport - ok
17:15:46.0997 0128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:15:46.0999 0128 Processor - ok
17:15:47.0023 0128 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:15:47.0027 0128 ProfSvc - ok
17:15:47.0043 0128 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:47.0045 0128 ProtectedStorage - ok
17:15:47.0066 0128 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:15:47.0068 0128 Psched - ok
17:15:47.0128 0128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:15:47.0170 0128 ql2300 - ok
17:15:47.0423 0128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:15:47.0426 0128 ql40xx - ok
17:15:47.0457 0128 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:15:47.0457 0128 QWAVE - ok
17:15:47.0467 0128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:15:47.0467 0128 QWAVEdrv - ok
17:15:47.0467 0128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:15:47.0467 0128 RasAcd - ok
17:15:47.0507 0128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:15:47.0507 0128 RasAgileVpn - ok
17:15:47.0534 0128 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:15:47.0537 0128 RasAuto - ok
17:15:47.0546 0128 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:15:47.0548 0128 Rasl2tp - ok
17:15:47.0567 0128 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:15:47.0571 0128 RasMan - ok
17:15:47.0578 0128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:15:47.0579 0128 RasPppoe - ok
17:15:47.0585 0128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:15:47.0586 0128 RasSstp - ok
17:15:47.0603 0128 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:15:47.0605 0128 rdbss - ok
17:15:47.0609 0128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:15:47.0610 0128 rdpbus - ok
17:15:47.0622 0128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:15:47.0623 0128 RDPCDD - ok
17:15:47.0648 0128 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:15:47.0651 0128 RDPDR - ok
17:15:47.0654 0128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:15:47.0654 0128 RDPENCDD - ok
17:15:47.0658 0128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:15:47.0658 0128 RDPREFMP - ok
17:15:47.0670 0128 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:15:47.0671 0128 RDPWD - ok
17:15:47.0684 0128 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:15:47.0686 0128 rdyboost - ok
17:15:47.0700 0128 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:15:47.0702 0128 RemoteAccess - ok
17:15:47.0727 0128 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:15:47.0731 0128 RemoteRegistry - ok
17:15:47.0742 0128 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:15:47.0745 0128 RpcEptMapper - ok
17:15:47.0757 0128 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:15:47.0759 0128 RpcLocator - ok
17:15:47.0785 0128 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:15:47.0791 0128 RpcSs - ok
17:15:47.0822 0128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:15:47.0824 0128 rspndr - ok
17:15:47.0866 0128 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:15:47.0869 0128 RTL8167 - ok
17:15:47.0891 0128 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:15:47.0893 0128 s3cap - ok
17:15:47.0909 0128 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:47.0910 0128 SamSs - ok
17:15:47.0919 0128 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:15:47.0921 0128 sbp2port - ok
17:15:47.0940 0128 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:15:47.0944 0128 SCardSvr - ok
17:15:47.0949 0128 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:15:47.0950 0128 scfilter - ok
17:15:47.0990 0128 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:15:48.0011 0128 Schedule - ok
17:15:48.0024 0128 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:15:48.0024 0128 SCPolicySvc - ok
17:15:48.0042 0128 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:15:48.0046 0128 SDRSVC - ok
17:15:48.0155 0128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:15:48.0157 0128 secdrv - ok
17:15:48.0166 0128 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:15:48.0169 0128 seclogon - ok
17:15:48.0180 0128 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:15:48.0182 0128 SENS - ok
17:15:48.0191 0128 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:15:48.0193 0128 SensrSvc - ok
17:15:48.0202 0128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:15:48.0204 0128 Serenum - ok
17:15:48.0228 0128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:15:48.0231 0128 Serial - ok
17:15:48.0241 0128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:15:48.0242 0128 sermouse - ok
17:15:48.0261 0128 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:15:48.0264 0128 SessionEnv - ok
17:15:48.0269 0128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:15:48.0270 0128 sffdisk - ok
17:15:48.0274 0128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:15:48.0275 0128 sffp_mmc - ok
17:15:48.0279 0128 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:15:48.0280 0128 sffp_sd - ok
17:15:48.0283 0128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:15:48.0283 0128 sfloppy - ok
17:15:48.0348 0128 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:15:48.0354 0128 SharedAccess - ok
17:15:48.0371 0128 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:15:48.0375 0128 ShellHWDetection - ok
17:15:48.0389 0128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:15:48.0391 0128 SiSRaid2 - ok
17:15:48.0397 0128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:15:48.0398 0128 SiSRaid4 - ok
17:15:48.0405 0128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:15:48.0406 0128 Smb - ok
17:15:48.0433 0128 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:15:48.0435 0128 SNMPTRAP - ok
17:15:48.0449 0128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:15:48.0450 0128 spldr - ok
17:15:48.0477 0128 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:15:48.0486 0128 Spooler - ok
17:15:48.0572 0128 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:15:48.0646 0128 sppsvc - ok
17:15:48.0828 0128 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:15:48.0831 0128 sppuinotify - ok
17:15:48.0936 0128 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:15:48.0942 0128 srv - ok
17:15:48.0960 0128 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:15:48.0965 0128 srv2 - ok
17:15:48.0976 0128 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:15:48.0978 0128 srvnet - ok
17:15:49.0009 0128 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:15:49.0014 0128 SSDPSRV - ok
17:15:49.0020 0128 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:15:49.0024 0128 SstpSvc - ok
17:15:49.0046 0128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:15:49.0048 0128 stexstor - ok
17:15:49.0093 0128 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:15:49.0102 0128 stisvc - ok
17:15:49.0122 0128 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:15:49.0124 0128 StorSvc - ok
17:15:49.0157 0128 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:15:49.0159 0128 storvsc - ok
17:15:49.0163 0128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:15:49.0164 0128 swenum - ok
17:15:49.0189 0128 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:15:49.0197 0128 swprv - ok
17:15:49.0214 0128 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
17:15:49.0215 0128 SynthVid - ok
17:15:49.0269 0128 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:15:49.0297 0128 SysMain - ok
17:15:49.0486 0128 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:15:49.0489 0128 TabletInputService - ok
17:15:49.0504 0128 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:15:49.0510 0128 TapiSrv - ok
17:15:49.0522 0128 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:15:49.0524 0128 TBS - ok
17:15:49.0655 0128 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:15:49.0671 0128 Tcpip - ok
17:15:49.0964 0128 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:15:49.0972 0128 TCPIP6 - ok
17:15:50.0220 0128 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:15:50.0221 0128 tcpipreg - ok
17:15:50.0227 0128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:15:50.0238 0128 TDPIPE - ok
17:15:50.0242 0128 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:15:50.0242 0128 TDTCP - ok
17:15:50.0250 0128 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:15:50.0252 0128 tdx - ok
17:15:50.0265 0128 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:15:50.0266 0128 TermDD - ok
17:15:50.0306 0128 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:15:50.0316 0128 TermService - ok
17:15:50.0325 0128 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:15:50.0327 0128 Themes - ok
17:15:50.0339 0128 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:15:50.0340 0128 THREADORDER - ok
17:15:50.0354 0128 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:15:50.0357 0128 TrkWks - ok
17:15:50.0396 0128 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:15:50.0423 0128 TrustedInstaller - ok
17:15:50.0449 0128 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:15:50.0450 0128 tssecsrv - ok
17:15:50.0461 0128 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:15:50.0463 0128 TsUsbFlt - ok
17:15:50.0467 0128 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:15:50.0468 0128 TsUsbGD - ok
17:15:50.0486 0128 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:15:50.0488 0128 tunnel - ok
17:15:50.0494 0128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:15:50.0496 0128 uagp35 - ok
17:15:50.0520 0128 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:15:50.0524 0128 udfs - ok
17:15:50.0551 0128 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:15:50.0553 0128 UI0Detect - ok
17:15:50.0572 0128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:15:50.0573 0128 uliagpkx - ok
17:15:50.0583 0128 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:15:50.0584 0128 umbus - ok
17:15:50.0590 0128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:15:50.0592 0128 UmPass - ok
17:15:50.0630 0128 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:15:50.0635 0128 UmRdpService - ok
17:15:50.0794 0128 UNS (f7a1f83f28b125aa3737bc06eabb0cd5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:15:50.0834 0128 UNS - ok
17:15:51.0001 0128 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:15:51.0007 0128 upnphost - ok
17:15:51.0108 0128 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\drivers\usbccgp.sys
17:15:51.0111 0128 usbccgp - ok
17:15:51.0146 0128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:15:51.0149 0128 usbcir - ok
17:15:51.0158 0128 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:15:51.0159 0128 usbehci - ok
17:15:51.0206 0128 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:15:51.0211 0128 usbhub - ok
17:15:51.0235 0128 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:15:51.0236 0128 usbohci - ok
17:15:51.0251 0128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:15:51.0252 0128 usbprint - ok
17:15:51.0266 0128 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:15:51.0268 0128 USBSTOR - ok
17:15:51.0298 0128 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:15:51.0300 0128 usbuhci - ok
17:15:51.0316 0128 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:15:51.0319 0128 UxSms - ok
17:15:51.0339 0128 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:51.0341 0128 VaultSvc - ok
17:15:51.0346 0128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:15:51.0347 0128 vdrvroot - ok
17:15:51.0379 0128 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:15:51.0388 0128 vds - ok
17:15:51.0402 0128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:15:51.0403 0128 vga - ok
17:15:51.0408 0128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:15:51.0409 0128 VgaSave - ok
17:15:51.0422 0128 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:15:51.0426 0128 vhdmp - ok
17:15:51.0431 0128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:15:51.0431 0128 viaide - ok
17:15:51.0452 0128 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:15:51.0453 0128 VMBusHID - ok
17:15:51.0467 0128 vmci - ok
17:15:51.0472 0128 VMnetAdapter - ok
17:15:51.0487 0128 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:15:51.0489 0128 volmgr - ok
17:15:51.0517 0128 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:15:51.0521 0128 volmgrx - ok
17:15:51.0533 0128 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:15:51.0537 0128 volsnap - ok
17:15:51.0545 0128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:15:51.0548 0128 vsmraid - ok
17:15:51.0600 0128 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:15:51.0628 0128 VSS - ok
17:15:51.0880 0128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:15:51.0882 0128 vwifibus - ok
17:15:51.0911 0128 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:15:51.0916 0128 W32Time - ok
17:15:51.0922 0128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:15:51.0923 0128 WacomPen - ok
17:15:51.0937 0128 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:15:51.0938 0128 WANARP - ok
17:15:51.0946 0128 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:15:51.0946 0128 Wanarpv6 - ok
17:15:52.0024 0128 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:15:52.0048 0128 WatAdminSvc - ok
17:15:52.0098 0128 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:15:52.0122 0128 wbengine - ok
17:15:52.0305 0128 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:15:52.0310 0128 WbioSrvc - ok
17:15:52.0323 0128 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:15:52.0330 0128 wcncsvc - ok
17:15:52.0349 0128 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:15:52.0350 0128 WcsPlugInService - ok
17:15:52.0441 0128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:15:52.0442 0128 Wd - ok
17:15:52.0462 0128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:15:52.0470 0128 Wdf01000 - ok
17:15:52.0502 0128 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:15:52.0504 0128 WdiServiceHost - ok
17:15:52.0505 0128 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:15:52.0507 0128 WdiSystemHost - ok
17:15:52.0524 0128 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:15:52.0529 0128 WebClient - ok
17:15:52.0546 0128 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:15:52.0551 0128 Wecsvc - ok
17:15:52.0561 0128 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:15:52.0564 0128 wercplsupport - ok
17:15:52.0582 0128 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:15:52.0585 0128 WerSvc - ok
17:15:52.0688 0128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:15:52.0689 0128 WfpLwf - ok
17:15:52.0694 0128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:15:52.0696 0128 WIMMount - ok
17:15:52.0717 0128 WinDefend - ok
17:15:52.0725 0128 WinHttpAutoProxySvc - ok
17:15:52.0820 0128 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:15:52.0845 0128 Winmgmt - ok
17:15:52.0905 0128 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:15:52.0956 0128 WinRM - ok
17:15:53.0173 0128 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:15:53.0184 0128 Wlansvc - ok
17:15:53.0227 0128 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:15:53.0229 0128 wlcrasvc - ok
17:15:53.0305 0128 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:15:53.0342 0128 wlidsvc - ok
17:15:53.0587 0128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:15:53.0588 0128 WmiAcpi - ok
17:15:53.0671 0128 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:15:53.0695 0128 wmiApSrv - ok
17:15:53.0716 0128 WMPNetworkSvc - ok
17:15:53.0740 0128 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:15:53.0743 0128 WPCSvc - ok
17:15:53.0751 0128 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:15:53.0755 0128 WPDBusEnum - ok
17:15:53.0760 0128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:15:53.0761 0128 ws2ifsl - ok
17:15:53.0786 0128 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:15:53.0788 0128 wscsvc - ok
17:15:53.0790 0128 WSearch - ok
17:15:53.0855 0128 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:15:53.0894 0128 wuauserv - ok
17:15:54.0149 0128 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:15:54.0151 0128 WudfPf - ok
17:15:54.0171 0128 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:15:54.0174 0128 WUDFRd - ok
17:15:54.0219 0128 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:15:54.0222 0128 wudfsvc - ok
17:15:54.0235 0128 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:15:54.0240 0128 WwanSvc - ok
17:15:54.0262 0128 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:15:54.0485 0128 \Device\Harddisk0\DR0 - ok
17:15:54.0488 0128 Boot (0x1200) (71ce99878a5330fe26be2212d9f7c41e) \Device\Harddisk0\DR0\Partition0
17:15:54.0490 0128 \Device\Harddisk0\DR0\Partition0 - ok
17:15:54.0507 0128 Boot (0x1200) (0535d53b3c70735b3f1e6cec1f347816) \Device\Harddisk0\DR0\Partition1
17:15:54.0509 0128 \Device\Harddisk0\DR0\Partition1 - ok
17:15:54.0509 0128 ============================================================
17:15:54.0509 0128 Scan finished
17:15:54.0509 0128 ============================================================
17:15:54.0517 3848 Detected object count: 0
17:15:54.0517 3848 Actual detected object count: 0
17:16:27.0754 3976 Deinitialize success


Regards,
Mortuza

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:43 AM

Posted 04 June 2012 - 07:21 PM

Please run the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:43 AM

Posted 04 June 2012 - 07:33 PM

Hi,

to rescue the Linux partition please try the following:

(when I fixed the windows boot situation a new boot sector was written to the MBR, which replaced the one that included Linux.)

It can be fixed with the following tool:


Download EasyBCD

this will allow you to re-add the entry for the Linux distribution in the boot manager’s menu:

Posted Image



Did you use GRUB 2 (used by most Linux distributions) as the boot loader, or GRUB Legacy.

Let me know if you have any questions before doing this

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Mortuza

Mortuza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 04 June 2012 - 08:05 PM

Hi,
Here is the log of MBAM.

MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mortuza :: MORTUZA-PC [administrator]

6/4/2012 5:31:26 PM
mbam-log-2012-06-04 (17-31-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202157
Time elapsed: 1 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

No threads were found from ESET.

I do not remember which GRUB I used for Linux. However, I am going to use GRUB 2 and let you know the update.

Thanks a lot!

Regards,
Mortuza

#9 Mortuza

Mortuza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 04 June 2012 - 08:22 PM

Hi,
Thanks a lot! Both Linux and Windows are working fine in my computer. I truly appreciate your help. Its been 4 months I was stuck with this issue.

I am just wondering why there is still an exclamation sign (!) at the Start> Shut Down tab?

Thanks once again!

Regards,
Mortuza

#10 Mortuza

Mortuza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 04 June 2012 - 08:28 PM

Hi,
That exclamation sign has gone!! So, I am all set.

Thanks,
Mortuza

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:43 AM

Posted 04 June 2012 - 08:30 PM

that's great, we just need to run the remaining scans to make certain there is nothing remaining, so stay with me till I give you the all clear, if you could please run the scans from this post

http://www.bleepingcomputer.com/forums/topic455797.html/page__view__findpost__p__2720360

could you please post a screen shot of what you are seeing with the exclamation sign

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Mortuza

Mortuza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 04 June 2012 - 08:34 PM

Hi,
I have already run these scans. However, I am running again. I have attached the picture of exclamation sign with the post.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:43 AM

Posted 04 June 2012 - 08:36 PM

oh, my apology, I missed that post

how is the computer running now?

any outstanding issues

Edited by CatByte, 04 June 2012 - 08:36 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Mortuza

Mortuza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 04 June 2012 - 08:38 PM

Hi,
Here is the log again from MBAM:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mortuza :: MORTUZA-PC [administrator]

6/4/2012 6:34:55 PM
mbam-log-2012-06-04 (18-34-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202155
Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

No, there is no issue so far except that exclamation sign.

Thanks,
Mortuza

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:43 AM

Posted 04 June 2012 - 08:39 PM

the picture of the exclamation didn't show up if you can give it another go

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users