Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Communication problem


  • Please log in to reply
7 replies to this topic

#1 Max69

Max69

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 02 August 2012 - 03:49 AM

Hello,

here is my problem.

There is a PC (Windows 7 Professional SP1 and all Windows updates) behind a LiveBox Router (Orange, France) connected to the internet. On this PC runs an application waiting for UDP messages coming from a server in Italy.

I installed everything one months ago and everything worked perfectly, two weeks ago it started showing the problem I'm going to describe.

The server application (Italy) sends a UDP message, the client application (France) never receives it. Troubleshooting the problem I got these informations:

1) the UDP packet correctly reaches the target PC (in France), I can see it using the network protocol analyser WireShark;
2) the application never receives the UDP packet, which seems to be blocked somewhere in between the Ethernet layer and the application layer.
3) I don't think there is a bug on the target application (waiting for these UDP packets) as it is installed in many other sites without any problem. I also tried with two other applications, explicitely developed to troubleshoot this issue, and they all show the same problem. So, all three application shows the same problem;

Windows firewall is off, or at least, it should be off, as it's impossibile to check it. I can't get to the page where you can put the three check boxes saying if and where it must be enabled. This thing made me think of a possibile malware infection. The firewall service is stopped and I can't star itt, I get something like a "you have not enough rights" answer (and I work connected as administrator...).

I can reach the PC only through TeamViewer, but I was told by people knowing TeamViewer better than me that TeamViewer doesn't prevent a user from accessing the firewall.

When I installed the PC one month ago, Remote Desktop worked perfectly, today I can't connect using it, that's way I'm using TeamViewer.

I'm 100% sure no one made any modification to the PC or to the router through which it connects to the internet.

The PC is in France, on monday I'll take the car and go there with the following plan:

- backup data
- running sysclean/housecall (the first one seems to be only for 32 bits systems)
- restoring the system through a restore point created the day it was released to the customer
- system recovery using the recovery partition (I'll have to reinstall all our SW...)
- by a new PC and reinstall everything...

I've heard about ComboFix and I'd like to know if it can be of any use in this situation.

I posted this post asking you for any kind of advice you might have. What can I do? Could it be a malware problem?

Thank you very much to have been so kind and read everything :-)

Ciao,
Max

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 07 August 2012 - 10:35 PM

Hello Max
ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. If needed we will use it with you.

Please run these next.

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Max69

Max69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 08 August 2012 - 06:32 AM

Thank you for your reply.

Before doing what you suggested, I started the PC using Symantec End Point Recovery Tool (virus definitions updated on 6 August 2012), it found and removed Troyan.gen.

I've ran RKill, everything OK.

I ran TDSSKiller, it didn't find anything, the log follows.


I ran MBAM which found "pup.toolbardownloader" and asked me to reboot the system. I did it, MBAM log follows (unluckily it is in french language...).

TDSSKiller report:
13:08:32.0586 2896 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:08:32.0611 2896 ============================================================
13:08:32.0611 2896 Current date / time: 2012/08/08 13:08:32.0611
13:08:32.0611 2896 SystemInfo:
13:08:32.0611 2896
13:08:32.0612 2896 OS Version: 6.1.7601 ServicePack: 1.0
13:08:32.0612 2896 Product type: Workstation
13:08:32.0612 2896 ComputerName: PC-UTENTE
13:08:32.0612 2896 UserName: Administrator
13:08:32.0612 2896 Windows directory: C:\Windows
13:08:32.0612 2896 System windows directory: C:\Windows
13:08:32.0612 2896 Running under WOW64
13:08:32.0612 2896 Processor architecture: Intel x64
13:08:32.0612 2896 Number of processors: 2
13:08:32.0612 2896 Page size: 0x1000
13:08:32.0612 2896 Boot type: Normal boot
13:08:32.0612 2896 ============================================================
13:08:33.0438 2896 Drive \Device\Harddisk0\DR0 - Size: 0x3A34B20000 (232.82 Gb), SectorSize: 0x200, Cylinders: 0x76B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:08:33.0441 2896 Drive \Device\Harddisk1\DR2 - Size: 0x77460000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:08:33.0443 2896 ============================================================
13:08:33.0443 2896 \Device\Harddisk0\DR0:
13:08:33.0443 2896 MBR partitions:
13:08:33.0443 2896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:08:33.0443 2896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D172800
13:08:33.0444 2896 \Device\Harddisk1\DR2:
13:08:33.0445 2896 MBR partitions:
13:08:33.0445 2896 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x3BA2E0
13:08:33.0445 2896 ============================================================
13:08:33.0457 2896 C: <-> \Device\Harddisk0\DR0\Partition1
13:08:33.0457 2896 ============================================================
13:08:33.0457 2896 Initialize success
13:08:33.0457 2896 ============================================================
13:09:10.0320 2136 ============================================================
13:09:10.0320 2136 Scan started
13:09:10.0320 2136 Mode: Manual; TDLFS;
13:09:10.0320 2136 ============================================================
13:09:10.0764 2136 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:09:10.0775 2136 1394ohci - ok
13:09:10.0815 2136 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:09:10.0819 2136 ACPI - ok
13:09:10.0834 2136 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:09:10.0835 2136 AcpiPmi - ok
13:09:10.0892 2136 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:09:10.0894 2136 AdobeARMservice - ok
13:09:10.0995 2136 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:09:11.0001 2136 AdobeFlashPlayerUpdateSvc - ok
13:09:11.0059 2136 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:09:11.0067 2136 adp94xx - ok
13:09:11.0116 2136 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:09:11.0126 2136 adpahci - ok
13:09:11.0160 2136 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:09:11.0168 2136 adpu320 - ok
13:09:11.0229 2136 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:09:11.0235 2136 AFD - ok
13:09:11.0256 2136 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:09:11.0257 2136 agp440 - ok
13:09:11.0283 2136 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:09:11.0284 2136 ALG - ok
13:09:11.0301 2136 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:09:11.0302 2136 aliide - ok
13:09:11.0346 2136 AMD External Events Utility (e0fd88ead5d8b1fae64a500d1d825c6d) C:\Windows\system32\atiesrxx.exe
13:09:11.0348 2136 AMD External Events Utility - ok
13:09:11.0362 2136 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:09:11.0363 2136 amdide - ok
13:09:11.0369 2136 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:09:11.0371 2136 AmdK8 - ok
13:09:11.0648 2136 amdkmdag (9337b5fabc03ca44cd355f700da9b25b) C:\Windows\system32\DRIVERS\atipmdag.sys
13:09:11.0713 2136 amdkmdag - ok
13:09:11.0845 2136 amdkmdap (560688a447e7a87f43774a2ff23a3e52) C:\Windows\system32\DRIVERS\atikmpag.sys
13:09:11.0849 2136 amdkmdap - ok
13:09:11.0887 2136 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:09:11.0889 2136 AmdPPM - ok
13:09:11.0919 2136 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:09:11.0921 2136 amdsata - ok
13:09:11.0945 2136 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:09:11.0947 2136 amdsbs - ok
13:09:11.0972 2136 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:09:11.0973 2136 amdxata - ok
13:09:11.0994 2136 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:09:11.0996 2136 AppID - ok
13:09:12.0027 2136 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:09:12.0028 2136 AppIDSvc - ok
13:09:12.0065 2136 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:09:12.0066 2136 Appinfo - ok
13:09:12.0081 2136 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:09:12.0083 2136 arc - ok
13:09:12.0107 2136 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:09:12.0108 2136 arcsas - ok
13:09:12.0124 2136 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:09:12.0125 2136 AsyncMac - ok
13:09:12.0150 2136 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:09:12.0151 2136 atapi - ok
13:09:12.0186 2136 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:09:12.0186 2136 AtiPcie - ok
13:09:12.0241 2136 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:09:12.0255 2136 AudioEndpointBuilder - ok
13:09:12.0263 2136 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:09:12.0267 2136 AudioSrv - ok
13:09:12.0283 2136 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:09:12.0285 2136 AxInstSV - ok
13:09:12.0328 2136 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:09:12.0342 2136 b06bdrv - ok
13:09:12.0385 2136 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:09:12.0399 2136 b57nd60a - ok
13:09:12.0420 2136 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:09:12.0422 2136 BDESVC - ok
13:09:12.0428 2136 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:09:12.0429 2136 Beep - ok
13:09:12.0486 2136 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:09:12.0499 2136 BFE - ok
13:09:12.0557 2136 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:09:12.0571 2136 BITS - ok
13:09:12.0610 2136 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:09:12.0612 2136 blbdrive - ok
13:09:12.0632 2136 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:09:12.0633 2136 bowser - ok
13:09:12.0637 2136 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:09:12.0639 2136 BrFiltLo - ok
13:09:12.0643 2136 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:09:12.0644 2136 BrFiltUp - ok
13:09:12.0670 2136 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:09:12.0673 2136 Browser - ok
13:09:12.0691 2136 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:09:12.0695 2136 Brserid - ok
13:09:12.0701 2136 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:09:12.0702 2136 BrSerWdm - ok
13:09:12.0716 2136 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:09:12.0717 2136 BrUsbMdm - ok
13:09:12.0721 2136 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:09:12.0722 2136 BrUsbSer - ok
13:09:12.0731 2136 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:09:12.0732 2136 BTHMODEM - ok
13:09:12.0763 2136 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:09:12.0765 2136 bthserv - ok
13:09:12.0778 2136 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:09:12.0779 2136 cdfs - ok
13:09:12.0810 2136 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:09:12.0812 2136 cdrom - ok
13:09:12.0833 2136 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:09:12.0834 2136 CertPropSvc - ok
13:09:12.0839 2136 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:09:12.0840 2136 circlass - ok
13:09:12.0873 2136 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:09:12.0877 2136 CLFS - ok
13:09:12.0932 2136 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:09:12.0935 2136 clr_optimization_v2.0.50727_32 - ok
13:09:12.0968 2136 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:09:12.0971 2136 clr_optimization_v2.0.50727_64 - ok
13:09:13.0035 2136 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:09:13.0044 2136 clr_optimization_v4.0.30319_32 - ok
13:09:13.0083 2136 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:09:13.0086 2136 clr_optimization_v4.0.30319_64 - ok
13:09:13.0114 2136 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:09:13.0115 2136 CmBatt - ok
13:09:13.0128 2136 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:09:13.0129 2136 cmdide - ok
13:09:13.0184 2136 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
13:09:13.0189 2136 CNG - ok
13:09:13.0206 2136 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:09:13.0207 2136 Compbatt - ok
13:09:13.0233 2136 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:09:13.0234 2136 CompositeBus - ok
13:09:13.0245 2136 COMSysApp - ok
13:09:13.0257 2136 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:09:13.0258 2136 crcdisk - ok
13:09:13.0300 2136 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:09:13.0309 2136 CryptSvc - ok
13:09:13.0357 2136 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:09:13.0368 2136 CSC - ok
13:09:13.0418 2136 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:09:13.0426 2136 CscService - ok
13:09:13.0474 2136 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:09:13.0479 2136 DcomLaunch - ok
13:09:13.0513 2136 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:09:13.0517 2136 defragsvc - ok
13:09:13.0563 2136 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:09:13.0566 2136 DfsC - ok
13:09:13.0604 2136 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:09:13.0615 2136 Dhcp - ok
13:09:13.0646 2136 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:09:13.0646 2136 discache - ok
13:09:13.0692 2136 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:09:13.0693 2136 Disk - ok
13:09:13.0719 2136 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:09:13.0721 2136 dmvsc - ok
13:09:13.0756 2136 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:09:13.0765 2136 Dnscache - ok
13:09:13.0792 2136 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:09:13.0796 2136 dot3svc - ok
13:09:13.0815 2136 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:09:13.0818 2136 DPS - ok
13:09:13.0854 2136 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:09:13.0855 2136 drmkaud - ok
13:09:13.0921 2136 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:09:13.0927 2136 DXGKrnl - ok
13:09:13.0949 2136 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:09:13.0951 2136 EapHost - ok
13:09:14.0114 2136 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:09:14.0153 2136 ebdrv - ok
13:09:14.0252 2136 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:09:14.0255 2136 EFS - ok
13:09:14.0321 2136 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:09:14.0334 2136 ehRecvr - ok
13:09:14.0355 2136 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:09:14.0357 2136 ehSched - ok
13:09:14.0421 2136 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:09:14.0432 2136 elxstor - ok
13:09:14.0440 2136 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:09:14.0441 2136 ErrDev - ok
13:09:14.0495 2136 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:09:14.0504 2136 EventSystem - ok
13:09:14.0545 2136 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:09:14.0551 2136 exfat - ok
13:09:14.0576 2136 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:09:14.0583 2136 fastfat - ok
13:09:14.0624 2136 FastUserSwitchingCompatibility - ok
13:09:14.0694 2136 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:09:14.0706 2136 Fax - ok
13:09:14.0711 2136 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:09:14.0713 2136 fdc - ok
13:09:14.0727 2136 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:09:14.0728 2136 fdPHost - ok
13:09:14.0744 2136 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:09:14.0745 2136 FDResPub - ok
13:09:14.0759 2136 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:09:14.0760 2136 FileInfo - ok
13:09:14.0764 2136 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:09:14.0765 2136 Filetrace - ok
13:09:14.0769 2136 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:09:14.0770 2136 flpydisk - ok
13:09:14.0797 2136 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:09:14.0800 2136 FltMgr - ok
13:09:14.0871 2136 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:09:14.0886 2136 FontCache - ok
13:09:14.0911 2136 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:09:14.0912 2136 FontCache3.0.0.0 - ok
13:09:14.0931 2136 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:09:14.0932 2136 FsDepends - ok
13:09:14.0945 2136 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:09:14.0946 2136 Fs_Rec - ok
13:09:15.0033 2136 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
13:09:15.0046 2136 ftpsvc - ok
13:09:15.0075 2136 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:09:15.0078 2136 fvevol - ok
13:09:15.0097 2136 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:09:15.0099 2136 gagp30kx - ok
13:09:15.0164 2136 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:09:15.0183 2136 gpsvc - ok
13:09:15.0192 2136 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:09:15.0193 2136 hcw85cir - ok
13:09:15.0243 2136 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:09:15.0253 2136 HdAudAddService - ok
13:09:15.0269 2136 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:09:15.0270 2136 HDAudBus - ok
13:09:15.0275 2136 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:09:15.0276 2136 HidBatt - ok
13:09:15.0285 2136 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:09:15.0287 2136 HidBth - ok
13:09:15.0293 2136 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:09:15.0294 2136 HidIr - ok
13:09:15.0307 2136 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:09:15.0308 2136 hidserv - ok
13:09:15.0331 2136 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:09:15.0332 2136 HidUsb - ok
13:09:15.0347 2136 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:09:15.0349 2136 hkmsvc - ok
13:09:15.0369 2136 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:09:15.0376 2136 HomeGroupListener - ok
13:09:15.0396 2136 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:09:15.0405 2136 HomeGroupProvider - ok
13:09:15.0432 2136 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:09:15.0433 2136 HpSAMD - ok
13:09:15.0478 2136 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:09:15.0484 2136 HTTP - ok
13:09:15.0503 2136 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:09:15.0503 2136 hwpolicy - ok
13:09:15.0529 2136 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:09:15.0531 2136 i8042prt - ok
13:09:15.0571 2136 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:09:15.0581 2136 iaStorV - ok
13:09:15.0702 2136 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:09:15.0738 2136 idsvc - ok
13:09:15.0756 2136 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:09:15.0758 2136 iirsp - ok
13:09:15.0826 2136 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:09:15.0841 2136 IKEEXT - ok
13:09:15.0855 2136 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:09:15.0856 2136 intelide - ok
13:09:15.0873 2136 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:09:15.0874 2136 intelppm - ok
13:09:15.0894 2136 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:09:15.0896 2136 IPBusEnum - ok
13:09:15.0904 2136 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:09:15.0905 2136 IpFilterDriver - ok
13:09:15.0944 2136 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:09:15.0954 2136 iphlpsvc - ok
13:09:15.0962 2136 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:09:15.0963 2136 IPMIDRV - ok
13:09:15.0972 2136 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:09:15.0974 2136 IPNAT - ok
13:09:15.0989 2136 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:09:15.0990 2136 IRENUM - ok
13:09:16.0002 2136 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:09:16.0003 2136 isapnp - ok
13:09:16.0029 2136 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:09:16.0034 2136 iScsiPrt - ok
13:09:16.0050 2136 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:09:16.0051 2136 kbdclass - ok
13:09:16.0068 2136 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:09:16.0069 2136 kbdhid - ok
13:09:16.0085 2136 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:09:16.0085 2136 KeyIso - ok
13:09:16.0116 2136 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
13:09:16.0117 2136 KSecDD - ok
13:09:16.0131 2136 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
13:09:16.0133 2136 KSecPkg - ok
13:09:16.0142 2136 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:09:16.0143 2136 ksthunk - ok
13:09:16.0176 2136 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:09:16.0186 2136 KtmRm - ok
13:09:16.0219 2136 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:09:16.0225 2136 LanmanServer - ok
13:09:16.0254 2136 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:09:16.0257 2136 LanmanWorkstation - ok
13:09:16.0296 2136 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:09:16.0297 2136 lltdio - ok
13:09:16.0331 2136 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:09:16.0343 2136 lltdsvc - ok
13:09:16.0354 2136 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:09:16.0355 2136 lmhosts - ok
13:09:16.0390 2136 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:09:16.0391 2136 LSI_FC - ok
13:09:16.0414 2136 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:09:16.0415 2136 LSI_SAS - ok
13:09:16.0426 2136 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:09:16.0427 2136 LSI_SAS2 - ok
13:09:16.0446 2136 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:09:16.0448 2136 LSI_SCSI - ok
13:09:16.0463 2136 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:09:16.0465 2136 luafv - ok
13:09:16.0488 2136 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:09:16.0490 2136 Mcx2Svc - ok
13:09:16.0505 2136 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:09:16.0505 2136 megasas - ok
13:09:16.0533 2136 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:09:16.0538 2136 MegaSR - ok
13:09:16.0564 2136 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:09:16.0566 2136 MMCSS - ok
13:09:16.0582 2136 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:09:16.0582 2136 Modem - ok
13:09:16.0609 2136 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:09:16.0610 2136 monitor - ok
13:09:16.0630 2136 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:09:16.0631 2136 mouclass - ok
13:09:16.0661 2136 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:09:16.0662 2136 mouhid - ok
13:09:16.0699 2136 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:09:16.0701 2136 mountmgr - ok
13:09:16.0725 2136 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:09:16.0727 2136 mpio - ok
13:09:16.0747 2136 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:09:16.0748 2136 mpsdrv - ok
13:09:16.0817 2136 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:09:16.0833 2136 MpsSvc - ok
13:09:16.0852 2136 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:09:16.0854 2136 MRxDAV - ok
13:09:16.0886 2136 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:09:16.0889 2136 mrxsmb - ok
13:09:16.0932 2136 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:09:16.0945 2136 mrxsmb10 - ok
13:09:16.0961 2136 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:09:16.0963 2136 mrxsmb20 - ok
13:09:16.0975 2136 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:09:16.0976 2136 msahci - ok
13:09:16.0994 2136 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:09:16.0995 2136 msdsm - ok
13:09:17.0014 2136 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:09:17.0016 2136 MSDTC - ok
13:09:17.0053 2136 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:09:17.0054 2136 Msfs - ok
13:09:17.0064 2136 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:09:17.0065 2136 mshidkmdf - ok
13:09:17.0075 2136 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:09:17.0075 2136 msisadrv - ok
13:09:17.0078 2136 msiserver - ok
13:09:17.0096 2136 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:09:17.0097 2136 MSKSSRV - ok
13:09:17.0102 2136 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:09:17.0103 2136 MSPCLOCK - ok
13:09:17.0107 2136 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:09:17.0107 2136 MSPQM - ok
13:09:17.0136 2136 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:09:17.0139 2136 MsRPC - ok
13:09:17.0150 2136 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:09:17.0150 2136 mssmbios - ok
13:09:17.0162 2136 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:09:17.0163 2136 MSTEE - ok
13:09:17.0174 2136 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:09:17.0175 2136 MTConfig - ok
13:09:17.0193 2136 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:09:17.0193 2136 Mup - ok
13:09:17.0242 2136 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:09:17.0256 2136 napagent - ok
13:09:17.0292 2136 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:09:17.0304 2136 NativeWifiP - ok
13:09:17.0360 2136 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:09:17.0368 2136 NDIS - ok
13:09:17.0381 2136 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:09:17.0382 2136 NdisCap - ok
13:09:17.0400 2136 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:09:17.0401 2136 NdisTapi - ok
13:09:17.0413 2136 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:09:17.0414 2136 Ndisuio - ok
13:09:17.0432 2136 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:09:17.0434 2136 NdisWan - ok
13:09:17.0445 2136 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:09:17.0446 2136 NDProxy - ok
13:09:17.0454 2136 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:09:17.0455 2136 NetBIOS - ok
13:09:17.0480 2136 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:09:17.0482 2136 NetBT - ok
13:09:17.0509 2136 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:09:17.0510 2136 Netlogon - ok
13:09:17.0567 2136 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:09:17.0577 2136 Netman - ok
13:09:17.0615 2136 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:09:17.0629 2136 netprofm - ok
13:09:17.0707 2136 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:09:17.0709 2136 NetTcpPortSharing - ok
13:09:17.0738 2136 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:09:17.0739 2136 nfrd960 - ok
13:09:17.0773 2136 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:09:17.0820 2136 NlaSvc - ok
13:09:17.0861 2136 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
13:09:17.0862 2136 NPF - ok
13:09:17.0881 2136 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:09:17.0882 2136 Npfs - ok
13:09:17.0897 2136 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:09:17.0901 2136 nsi - ok
13:09:17.0914 2136 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:09:17.0914 2136 nsiproxy - ok
13:09:18.0022 2136 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:09:18.0052 2136 Ntfs - ok
13:09:18.0126 2136 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:09:18.0127 2136 Null - ok
13:09:18.0158 2136 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:09:18.0161 2136 nvraid - ok
13:09:18.0182 2136 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:09:18.0184 2136 nvstor - ok
13:09:18.0208 2136 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:09:18.0209 2136 nv_agp - ok
13:09:18.0217 2136 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:09:18.0218 2136 ohci1394 - ok
13:09:18.0273 2136 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:09:18.0276 2136 ose - ok
13:09:18.0323 2136 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:09:18.0334 2136 p2pimsvc - ok
13:09:18.0381 2136 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:09:18.0395 2136 p2psvc - ok
13:09:18.0446 2136 PAC7302 (f0f5d45bf52238aefcaf6884d9aaf78d) C:\Windows\system32\DRIVERS\PAC7302.SYS
13:09:18.0457 2136 PAC7302 - ok
13:09:18.0487 2136 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:09:18.0489 2136 Parport - ok
13:09:18.0515 2136 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:09:18.0516 2136 partmgr - ok
13:09:18.0540 2136 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:09:18.0548 2136 PcaSvc - ok
13:09:18.0569 2136 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:09:18.0571 2136 pci - ok
13:09:18.0581 2136 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:09:18.0582 2136 pciide - ok
13:09:18.0609 2136 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:09:18.0617 2136 pcmcia - ok
13:09:18.0633 2136 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:09:18.0633 2136 pcw - ok
13:09:18.0677 2136 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:09:18.0685 2136 PEAUTH - ok
13:09:18.0772 2136 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:09:18.0787 2136 PeerDistSvc - ok
13:09:18.0840 2136 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:09:18.0841 2136 PerfHost - ok
13:09:19.0017 2136 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:09:19.0040 2136 pla - ok
13:09:19.0083 2136 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:09:19.0092 2136 PlugPlay - ok
13:09:19.0103 2136 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:09:19.0105 2136 PNRPAutoReg - ok
13:09:19.0130 2136 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:09:19.0132 2136 PNRPsvc - ok
13:09:19.0171 2136 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:09:19.0184 2136 PolicyAgent - ok
13:09:19.0196 2136 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:09:19.0199 2136 Power - ok
13:09:19.0245 2136 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:09:19.0247 2136 PptpMiniport - ok
13:09:19.0267 2136 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:09:19.0268 2136 Processor - ok
13:09:19.0304 2136 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:09:19.0311 2136 ProfSvc - ok
13:09:19.0334 2136 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:09:19.0335 2136 ProtectedStorage - ok
13:09:19.0345 2136 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:09:19.0346 2136 Psched - ok
13:09:19.0436 2136 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:09:19.0457 2136 ql2300 - ok
13:09:19.0559 2136 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:09:19.0567 2136 ql40xx - ok
13:09:19.0607 2136 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:09:19.0613 2136 QWAVE - ok
13:09:19.0624 2136 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:09:19.0625 2136 QWAVEdrv - ok
13:09:19.0640 2136 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:09:19.0641 2136 RasAcd - ok
13:09:19.0674 2136 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:09:19.0675 2136 RasAgileVpn - ok
13:09:19.0692 2136 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:09:19.0694 2136 Rasl2tp - ok
13:09:19.0707 2136 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:09:19.0708 2136 RasPppoe - ok
13:09:19.0719 2136 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:09:19.0720 2136 RasSstp - ok
13:09:19.0755 2136 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:09:19.0800 2136 rdbss - ok
13:09:19.0819 2136 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:09:19.0821 2136 rdpbus - ok
13:09:19.0836 2136 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:09:19.0836 2136 RDPCDD - ok
13:09:19.0874 2136 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:09:19.0876 2136 RDPDR - ok
13:09:19.0894 2136 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:09:19.0894 2136 RDPENCDD - ok
13:09:19.0906 2136 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:09:19.0907 2136 RDPREFMP - ok
13:09:19.0926 2136 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:09:19.0929 2136 RDPWD - ok
13:09:19.0957 2136 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:09:19.0960 2136 rdyboost - ok
13:09:19.0981 2136 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:09:19.0990 2136 RemoteRegistry - ok
13:09:20.0042 2136 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
13:09:20.0046 2136 rpcapd - ok
13:09:20.0072 2136 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:09:20.0074 2136 RpcEptMapper - ok
13:09:20.0097 2136 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:09:20.0099 2136 RpcLocator - ok
13:09:20.0137 2136 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:09:20.0142 2136 RpcSs - ok
13:09:20.0175 2136 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:09:20.0176 2136 rspndr - ok
13:09:20.0235 2136 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:09:20.0241 2136 RTL8167 - ok
13:09:20.0266 2136 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:09:20.0267 2136 s3cap - ok
13:09:20.0293 2136 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:09:20.0294 2136 SamSs - ok
13:09:20.0311 2136 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:09:20.0313 2136 sbp2port - ok
13:09:20.0331 2136 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:09:20.0339 2136 SCardSvr - ok
13:09:20.0349 2136 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:09:20.0350 2136 scfilter - ok
13:09:20.0423 2136 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:09:20.0445 2136 Schedule - ok
13:09:20.0468 2136 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:09:20.0469 2136 SCPolicySvc - ok
13:09:20.0495 2136 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:09:20.0505 2136 SDRSVC - ok
13:09:20.0547 2136 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:09:20.0548 2136 secdrv - ok
13:09:20.0560 2136 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:09:20.0564 2136 seclogon - ok
13:09:20.0578 2136 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:09:20.0581 2136 SENS - ok
13:09:20.0597 2136 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:09:20.0599 2136 SensrSvc - ok
13:09:20.0611 2136 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:09:20.0612 2136 Serenum - ok
13:09:20.0643 2136 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:09:20.0645 2136 Serial - ok
13:09:20.0669 2136 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:09:20.0670 2136 sermouse - ok
13:09:20.0699 2136 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:09:20.0702 2136 SessionEnv - ok
13:09:20.0714 2136 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:09:20.0715 2136 sffdisk - ok
13:09:20.0719 2136 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:09:20.0720 2136 sffp_mmc - ok
13:09:20.0725 2136 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:09:20.0726 2136 sffp_sd - ok
13:09:20.0731 2136 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:09:20.0732 2136 sfloppy - ok
13:09:20.0767 2136 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:09:20.0777 2136 ShellHWDetection - ok
13:09:20.0796 2136 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:09:20.0797 2136 SiSRaid2 - ok
13:09:20.0812 2136 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:09:20.0813 2136 SiSRaid4 - ok
13:09:20.0829 2136 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:09:20.0831 2136 Smb - ok
13:09:20.0855 2136 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:09:20.0857 2136 SNMPTRAP - ok
13:09:20.0882 2136 SNXPCAMD (4d3d31e8eaac02fa433e4f5159275f31) C:\Windows\system32\DRIVERS\snxpcamd.sys
13:09:20.0884 2136 SNXPCAMD - ok
13:09:20.0919 2136 SNXPSAMD (8cdc12aa4670d5053b0a1e36e7f99633) C:\Windows\system32\DRIVERS\snxpsamd.sys
13:09:20.0922 2136 SNXPSAMD - ok
13:09:20.0936 2136 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:09:20.0936 2136 spldr - ok
13:09:20.0977 2136 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:09:20.0982 2136 Spooler - ok
13:09:21.0137 2136 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:09:21.0177 2136 sppsvc - ok
13:09:21.0241 2136 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:09:21.0243 2136 sppuinotify - ok
13:09:21.0294 2136 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:09:21.0300 2136 srv - ok
13:09:21.0329 2136 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:09:21.0338 2136 srv2 - ok
13:09:21.0359 2136 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:09:21.0361 2136 srvnet - ok
13:09:21.0386 2136 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:09:21.0394 2136 SSDPSRV - ok
13:09:21.0409 2136 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:09:21.0411 2136 SstpSvc - ok
13:09:21.0429 2136 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:09:21.0430 2136 stexstor - ok
13:09:21.0509 2136 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:09:21.0531 2136 stisvc - ok
13:09:21.0555 2136 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:09:21.0556 2136 storflt - ok
13:09:21.0573 2136 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:09:21.0575 2136 StorSvc - ok
13:09:21.0596 2136 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:09:21.0597 2136 storvsc - ok
13:09:21.0612 2136 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:09:21.0612 2136 swenum - ok
13:09:21.0664 2136 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:09:21.0675 2136 swprv - ok
13:09:21.0774 2136 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:09:21.0802 2136 SysMain - ok
13:09:21.0890 2136 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:09:21.0900 2136 TabletInputService - ok
13:09:21.0910 2136 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:09:21.0912 2136 TBS - ok
13:09:22.0034 2136 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:09:22.0078 2136 Tcpip - ok
13:09:22.0239 2136 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:09:22.0252 2136 TCPIP6 - ok
13:09:22.0305 2136 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:09:22.0306 2136 tcpipreg - ok
13:09:22.0315 2136 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:09:22.0316 2136 TDPIPE - ok
13:09:22.0339 2136 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:09:22.0339 2136 TDTCP - ok
13:09:22.0366 2136 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:09:22.0368 2136 tdx - ok
13:09:22.0385 2136 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:09:22.0385 2136 TermDD - ok
13:09:22.0430 2136 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:09:22.0445 2136 TermService - ok
13:09:22.0455 2136 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:09:22.0456 2136 Themes - ok
13:09:22.0482 2136 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:09:22.0483 2136 THREADORDER - ok
13:09:22.0503 2136 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:09:22.0506 2136 TrkWks - ok
13:09:22.0534 2136 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:09:22.0542 2136 TrustedInstaller - ok
13:09:22.0552 2136 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:09:22.0552 2136 tssecsrv - ok
13:09:22.0569 2136 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:09:22.0570 2136 TsUsbFlt - ok
13:09:22.0575 2136 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:09:22.0576 2136 TsUsbGD - ok
13:09:22.0609 2136 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:09:22.0611 2136 tunnel - ok
13:09:22.0643 2136 U2SP (4fd2f1366055d55f0d10b2568526ab78) C:\Windows\system32\DRIVERS\u2s2kxp64.sys
13:09:22.0644 2136 U2SP - ok
13:09:22.0657 2136 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:09:22.0658 2136 uagp35 - ok
13:09:22.0684 2136 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:09:22.0695 2136 udfs - ok
13:09:22.0713 2136 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:09:22.0715 2136 UI0Detect - ok
13:09:22.0724 2136 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:09:22.0725 2136 uliagpkx - ok
13:09:22.0748 2136 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:09:22.0748 2136 umbus - ok
13:09:22.0752 2136 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:09:22.0752 2136 UmPass - ok
13:09:22.0779 2136 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:09:22.0786 2136 UmRdpService - ok
13:09:22.0812 2136 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:09:22.0823 2136 upnphost - ok
13:09:22.0854 2136 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:09:22.0856 2136 usbaudio - ok
13:09:22.0876 2136 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:09:22.0877 2136 usbccgp - ok
13:09:22.0885 2136 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:09:22.0886 2136 usbcir - ok
13:09:22.0898 2136 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:09:22.0899 2136 usbehci - ok
13:09:22.0935 2136 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:09:22.0946 2136 usbhub - ok
13:09:22.0957 2136 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:09:22.0957 2136 usbohci - ok
13:09:22.0969 2136 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:09:22.0970 2136 usbprint - ok
13:09:22.0991 2136 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:09:22.0992 2136 usbscan - ok
13:09:23.0008 2136 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
13:09:23.0009 2136 usbser - ok
13:09:23.0022 2136 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:09:23.0023 2136 USBSTOR - ok
13:09:23.0032 2136 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:09:23.0033 2136 usbuhci - ok
13:09:23.0058 2136 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:09:23.0059 2136 UxSms - ok
13:09:23.0076 2136 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:09:23.0077 2136 VaultSvc - ok
13:09:23.0097 2136 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:09:23.0098 2136 vdrvroot - ok
13:09:23.0133 2136 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:09:23.0144 2136 vds - ok
13:09:23.0158 2136 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:09:23.0159 2136 vga - ok
13:09:23.0166 2136 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:09:23.0167 2136 VgaSave - ok
13:09:23.0180 2136 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:09:23.0182 2136 vhdmp - ok
13:09:23.0194 2136 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:09:23.0195 2136 viaide - ok
13:09:23.0233 2136 Viewpower - ok
13:09:23.0264 2136 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:09:23.0277 2136 vmbus - ok
13:09:23.0295 2136 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:09:23.0297 2136 VMBusHID - ok
13:09:23.0329 2136 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:09:23.0330 2136 volmgr - ok
13:09:23.0359 2136 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:09:23.0364 2136 volmgrx - ok
13:09:23.0383 2136 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:09:23.0386 2136 volsnap - ok
13:09:23.0411 2136 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:09:23.0413 2136 vsmraid - ok
13:09:23.0507 2136 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:09:23.0530 2136 VSS - ok
13:09:23.0612 2136 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:09:23.0614 2136 vwifibus - ok
13:09:23.0654 2136 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:09:23.0661 2136 W32Time - ok
13:09:23.0695 2136 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:09:23.0701 2136 WacomPen - ok
13:09:23.0730 2136 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:09:23.0731 2136 WANARP - ok
13:09:23.0747 2136 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:09:23.0747 2136 Wanarpv6 - ok
13:09:23.0859 2136 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:09:23.0891 2136 WatAdminSvc - ok
13:09:23.0983 2136 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:09:24.0009 2136 wbengine - ok
13:09:24.0102 2136 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:09:24.0109 2136 WbioSrvc - ok
13:09:24.0144 2136 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:09:24.0154 2136 wcncsvc - ok
13:09:24.0162 2136 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:09:24.0165 2136 WcsPlugInService - ok
13:09:24.0200 2136 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:09:24.0201 2136 Wd - ok
13:09:24.0252 2136 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:09:24.0260 2136 Wdf01000 - ok
13:09:24.0272 2136 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:09:24.0274 2136 WdiServiceHost - ok
13:09:24.0277 2136 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:09:24.0278 2136 WdiSystemHost - ok
13:09:24.0301 2136 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:09:24.0306 2136 WebClient - ok
13:09:24.0326 2136 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:09:24.0329 2136 Wecsvc - ok
13:09:24.0346 2136 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:09:24.0348 2136 wercplsupport - ok
13:09:24.0375 2136 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:09:24.0377 2136 WerSvc - ok
13:09:24.0423 2136 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:09:24.0425 2136 WfpLwf - ok
13:09:24.0444 2136 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:09:24.0446 2136 WIMMount - ok
13:09:24.0484 2136 WinDefend - ok
13:09:24.0499 2136 WinHttpAutoProxySvc - ok
13:09:24.0559 2136 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:09:24.0568 2136 Winmgmt - ok
13:09:24.0749 2136 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:09:24.0785 2136 WinRM - ok
13:09:24.0909 2136 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:09:24.0930 2136 Wlansvc - ok
13:09:24.0961 2136 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:09:24.0961 2136 WmiAcpi - ok
13:09:24.0993 2136 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:09:25.0000 2136 wmiApSrv - ok
13:09:25.0008 2136 WMPNetworkSvc - ok
13:09:25.0018 2136 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:09:25.0021 2136 WPCSvc - ok
13:09:25.0040 2136 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:09:25.0043 2136 WPDBusEnum - ok
13:09:25.0054 2136 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:09:25.0055 2136 ws2ifsl - ok
13:09:25.0070 2136 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:09:25.0074 2136 wscsvc - ok
13:09:25.0077 2136 WSearch - ok
13:09:25.0230 2136 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:09:25.0263 2136 wuauserv - ok
13:09:25.0329 2136 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:09:25.0331 2136 WudfPf - ok
13:09:25.0360 2136 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:09:25.0363 2136 WUDFRd - ok
13:09:25.0378 2136 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:09:25.0381 2136 wudfsvc - ok
13:09:25.0404 2136 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:09:25.0418 2136 WwanSvc - ok
13:09:25.0429 2136 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:09:25.0736 2136 \Device\Harddisk0\DR0 - ok
13:09:25.0745 2136 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
13:09:25.0900 2136 \Device\Harddisk1\DR2 - ok
13:09:25.0903 2136 Boot (0x1200) (8b00d2922d28549469f0b35351d50995) \Device\Harddisk0\DR0\Partition0
13:09:25.0904 2136 \Device\Harddisk0\DR0\Partition0 - ok
13:09:25.0918 2136 Boot (0x1200) (3f4c9b054ce9e80db56534b611d9f0a2) \Device\Harddisk0\DR0\Partition1
13:09:25.0919 2136 \Device\Harddisk0\DR0\Partition1 - ok
13:09:25.0923 2136 Boot (0x1200) (2df88cd6d88abfc99f20cf055c908bb2) \Device\Harddisk1\DR2\Partition0
13:09:25.0927 2136 \Device\Harddisk1\DR2\Partition0 - ok
13:09:25.0927 2136 ============================================================
13:09:25.0927 2136 Scan finished
13:09:25.0927 2136 ============================================================
13:09:25.0937 2044 Detected object count: 0
13:09:25.0937 2044 Actual detected object count: 0

--------------------------------------------------
MBAM report:

Malwarebytes Anti-Malware (Essai) 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.08.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16443
Administrator :: PC-UTENTE [administrateur]

Protection: Activé

08/08/2012 13:19:36
mbam-log-2012-08-08 (13-19-36).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 238562
Temps écoulé: 3 minute(s), 56 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GG83MCY8\SoftonicDownloader_per_microsoft-data-access-components-mdac.exe (PUP.ToolbarDownloader) -> Mis en quarantaine et supprimé avec succès.

(fin)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 08 August 2012 - 06:13 PM

Please do one more scan...

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Max69

Max69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 09 August 2012 - 10:49 AM

In a last attempt to solve the problem I ran aswMBR but it seems to me it didn't find anything:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 17:41:01
-----------------------------
17:41:01.392 OS Version: Windows x64 6.1.7601 Service Pack 1
17:41:01.392 Number of processors: 2 586 0x603
17:41:01.392 ComputerName: PC-UTENTE UserName:
17:41:01.940 Initialize success
17:41:30.865 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
17:41:30.870 Disk 0 Vendor: AMD_____ 1.10 Size: 238411MB BusType: 8
17:41:30.884 Disk 0 MBR read successfully
17:41:30.889 Disk 0 MBR scan
17:41:30.894 Disk 0 Windows 7 default MBR code
17:41:30.901 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:41:30.914 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238309 MB offset 206848
17:41:30.926 Disk 0 scanning C:\Windows\system32\drivers
17:41:34.969 Service scanning
17:41:43.762 Modules scanning
17:41:43.777 Disk 0 trace - called modules:
17:41:43.800 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll amdsbs.sys
17:41:43.809 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004670430]
17:41:43.818 3 CLASSPNP.SYS[fffff88001bb043f] -> nt!IofCallDriver -> \Device\00000051[0xfffffa80043f29c0]
17:41:43.831 Scan finished successfully
17:42:15.720 Disk 0 MBR has been saved successfully to "E:\TGL\aswMBR\MBR.dat"
17:42:15.733 The log file has been saved successfully to "E:\TGL\aswMBR\aswMBR.txt"

I thank you for your support but at this time I can't search for viruses any longer. Almost a week has passed, the client starts begin unhappy...

I'll start playing with "system restore", then I'll try to fix the operating system using the restore partition and, at the end, I'll make a new install of the operating system.

I'm sorry if I made you loose your time. Thank you very much for your support.

Ciao,
Max

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 09 August 2012 - 08:39 PM

No problem and thanks for letting me know.. Sometimes the malware wins and you just have to reformat.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Max69

Max69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 10 August 2012 - 11:36 AM

No problem and thanks for letting me know.. Sometimes the malware wins and you just have to reformat.


I've been a bit more lucky than expected, "system restore" solved the problem, I just had to reinstall a couple of drivers that were not properly restored. Now it works like a charm.

I hope it will keep working like this for a very long time :)

Ciao,
Max

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 10 August 2012 - 01:09 PM

Depending on haw far you went back you may need to check Windows updates too.

You're welcome and have a great day!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users