Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Gozi Virus. Help Please!


  • Please log in to reply
5 replies to this topic

#1 pob1

pob1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 20 September 2012 - 06:51 PM

Hi,

A couple of months ago MSE on my laptop found a virus java-cve-2012-0507.cg. Ever since I have experienced numerous crashes until this evening without any prompting 'Live Security Platinum' appeared on my desktop and trusteer rapport flashed up with 'Gozi Malware'. I pulled the power and rebooted in safe mode but suspect that my laptop requires a full clean. I'd appreciate if somebody could help me with this.

Kind Regards

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of any malware logs included with the topic. ~ Animal

Edited by pob1, 20 September 2012 - 06:55 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:09 PM

Posted 20 September 2012 - 07:23 PM

Hello and welcome.

Please follow our Removal Guide here Remove Live Security Platinum (Uninstall Guide) .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.



GOZI is a keylogging trojann that is particularlu after banking data.

If you bank on here that I would consifer reformatting.

For removal run...

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pob1

pob1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 21 September 2012 - 07:03 AM

Hi Boopme,

Many thanks for getting back to me. Prior to your reply I booted in safe mode to an earlier date and can see no sign of 'Live Security Platinum'. This morning I did a full scan and here is the log.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gav :: GAV-TOSH [administrator]

21/09/2012 09:13:01
mbam-log-2012-09-21 (10-13-31).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334255
Time elapsed: 55 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Gav\AppData\Local\Temp\~!#272B.tmp (Rootkit.0Access) -> No action taken.

(end)

* I removed the detected item after saving the log.

I ran TDSS and it came up clean. He is the report.

13:09:01.0201 2216 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:09:01.0481 2216 ============================================================
13:09:01.0481 2216 Current date / time: 2012/09/21 13:09:01.0481
13:09:01.0481 2216 SystemInfo:
13:09:01.0481 2216
13:09:01.0481 2216 OS Version: 6.1.7601 ServicePack: 1.0
13:09:01.0481 2216 Product type: Workstation
13:09:01.0481 2216 ComputerName: GAV-TOSH
13:09:01.0481 2216 UserName: Gav
13:09:01.0481 2216 Windows directory: C:\Windows
13:09:01.0481 2216 System windows directory: C:\Windows
13:09:01.0481 2216 Running under WOW64
13:09:01.0481 2216 Processor architecture: Intel x64
13:09:01.0481 2216 Number of processors: 2
13:09:01.0481 2216 Page size: 0x1000
13:09:01.0481 2216 Boot type: Normal boot
13:09:01.0481 2216 ============================================================
13:09:02.0839 2216 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:09:02.0854 2216 ============================================================
13:09:02.0854 2216 \Device\Harddisk0\DR0:
13:09:02.0854 2216 MBR partitions:
13:09:02.0854 2216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
13:09:02.0854 2216 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
13:09:02.0854 2216 ============================================================
13:09:02.0870 2216 C: <-> \Device\Harddisk0\DR0\Partition1
13:09:02.0963 2216 D: <-> \Device\Harddisk0\DR0\Partition2
13:09:02.0979 2216 ============================================================
13:09:02.0979 2216 Initialize success
13:09:02.0979 2216 ============================================================
13:09:44.0147 4612 ============================================================
13:09:44.0147 4612 Scan started
13:09:44.0147 4612 Mode: Manual; TDLFS;
13:09:44.0147 4612 ============================================================
13:09:44.0303 4612 ================ Scan system memory ========================
13:09:44.0303 4612 System memory - ok
13:09:44.0303 4612 ================ Scan services =============================
13:09:44.0506 4612 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:09:44.0506 4612 1394ohci - ok
13:09:44.0537 4612 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:09:44.0537 4612 ACPI - ok
13:09:44.0600 4612 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:09:44.0600 4612 AcpiPmi - ok
13:09:44.0725 4612 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:09:44.0725 4612 AdobeARMservice - ok
13:09:44.0896 4612 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:09:44.0896 4612 AdobeFlashPlayerUpdateSvc - ok
13:09:44.0974 4612 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:09:44.0974 4612 adp94xx - ok
13:09:44.0990 4612 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:09:45.0005 4612 adpahci - ok
13:09:45.0005 4612 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:09:45.0021 4612 adpu320 - ok
13:09:45.0052 4612 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:09:45.0052 4612 AeLookupSvc - ok
13:09:45.0115 4612 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:09:45.0115 4612 AFD - ok
13:09:45.0161 4612 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:09:45.0161 4612 agp440 - ok
13:09:45.0208 4612 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:09:45.0208 4612 ALG - ok
13:09:45.0271 4612 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:09:45.0271 4612 aliide - ok
13:09:45.0302 4612 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:09:45.0302 4612 amdide - ok
13:09:45.0349 4612 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:09:45.0349 4612 AmdK8 - ok
13:09:45.0364 4612 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:09:45.0364 4612 AmdPPM - ok
13:09:45.0411 4612 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:09:45.0427 4612 amdsata - ok
13:09:45.0442 4612 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:09:45.0458 4612 amdsbs - ok
13:09:45.0489 4612 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:09:45.0489 4612 amdxata - ok
13:09:45.0567 4612 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:09:45.0567 4612 AppID - ok
13:09:45.0598 4612 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:09:45.0598 4612 AppIDSvc - ok
13:09:45.0645 4612 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:09:45.0645 4612 Appinfo - ok
13:09:45.0692 4612 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:09:45.0692 4612 arc - ok
13:09:45.0692 4612 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:09:45.0707 4612 arcsas - ok
13:09:45.0739 4612 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:09:45.0739 4612 AsyncMac - ok
13:09:45.0785 4612 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:09:45.0785 4612 atapi - ok
13:09:45.0848 4612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:09:45.0863 4612 AudioEndpointBuilder - ok
13:09:45.0879 4612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:09:45.0879 4612 AudioSrv - ok
13:09:45.0941 4612 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:09:45.0941 4612 AxInstSV - ok
13:09:46.0004 4612 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:09:46.0004 4612 b06bdrv - ok
13:09:46.0066 4612 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:09:46.0066 4612 b57nd60a - ok
13:09:46.0113 4612 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:09:46.0129 4612 BDESVC - ok
13:09:46.0160 4612 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:09:46.0160 4612 Beep - ok
13:09:46.0222 4612 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:09:46.0238 4612 BFE - ok
13:09:46.0253 4612 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:09:46.0285 4612 BITS - ok
13:09:46.0347 4612 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:09:46.0347 4612 blbdrive - ok
13:09:46.0409 4612 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:09:46.0409 4612 bowser - ok
13:09:46.0441 4612 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:09:46.0441 4612 BrFiltLo - ok
13:09:46.0441 4612 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:09:46.0456 4612 BrFiltUp - ok
13:09:46.0503 4612 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:09:46.0503 4612 Browser - ok
13:09:46.0550 4612 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:09:46.0565 4612 Brserid - ok
13:09:46.0565 4612 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:09:46.0581 4612 BrSerWdm - ok
13:09:46.0581 4612 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:09:46.0581 4612 BrUsbMdm - ok
13:09:46.0597 4612 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:09:46.0597 4612 BrUsbSer - ok
13:09:46.0597 4612 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:09:46.0612 4612 BTHMODEM - ok
13:09:46.0675 4612 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:09:46.0675 4612 bthserv - ok
13:09:46.0706 4612 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:09:46.0721 4612 cdfs - ok
13:09:46.0784 4612 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:09:46.0784 4612 cdrom - ok
13:09:46.0831 4612 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
13:09:46.0831 4612 CeKbFilter - ok
13:09:46.0877 4612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:09:46.0877 4612 CertPropSvc - ok
13:09:46.0955 4612 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
13:09:46.0955 4612 cfWiMAXService - ok
13:09:47.0002 4612 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:09:47.0002 4612 circlass - ok
13:09:47.0033 4612 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:09:47.0033 4612 CLFS - ok
13:09:47.0111 4612 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:09:47.0111 4612 clr_optimization_v2.0.50727_32 - ok
13:09:47.0174 4612 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:09:47.0174 4612 clr_optimization_v2.0.50727_64 - ok
13:09:47.0236 4612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:09:47.0252 4612 clr_optimization_v4.0.30319_32 - ok
13:09:47.0283 4612 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:09:47.0283 4612 clr_optimization_v4.0.30319_64 - ok
13:09:47.0330 4612 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:09:47.0330 4612 CmBatt - ok
13:09:47.0345 4612 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:09:47.0345 4612 cmdide - ok
13:09:47.0392 4612 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:09:47.0408 4612 CNG - ok
13:09:47.0439 4612 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:09:47.0439 4612 Compbatt - ok
13:09:47.0486 4612 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:09:47.0486 4612 CompositeBus - ok
13:09:47.0501 4612 COMSysApp - ok
13:09:47.0548 4612 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
13:09:47.0548 4612 ConfigFree Service - ok
13:09:47.0564 4612 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:09:47.0564 4612 crcdisk - ok
13:09:47.0611 4612 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:09:47.0611 4612 CryptSvc - ok
13:09:47.0673 4612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:09:47.0673 4612 DcomLaunch - ok
13:09:47.0720 4612 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:09:47.0720 4612 defragsvc - ok
13:09:47.0782 4612 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:09:47.0798 4612 DfsC - ok
13:09:47.0845 4612 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:09:47.0860 4612 Dhcp - ok
13:09:47.0876 4612 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:09:47.0876 4612 discache - ok
13:09:47.0923 4612 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:09:47.0923 4612 Disk - ok
13:09:47.0969 4612 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:09:47.0969 4612 Dnscache - ok
13:09:48.0032 4612 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:09:48.0032 4612 dot3svc - ok
13:09:48.0079 4612 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:09:48.0079 4612 DPS - ok
13:09:48.0125 4612 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:09:48.0125 4612 drmkaud - ok
13:09:48.0188 4612 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:09:48.0203 4612 DXGKrnl - ok
13:09:48.0235 4612 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:09:48.0235 4612 EapHost - ok
13:09:48.0328 4612 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:09:48.0406 4612 ebdrv - ok
13:09:48.0437 4612 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:09:48.0437 4612 EFS - ok
13:09:48.0531 4612 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:09:48.0547 4612 ehRecvr - ok
13:09:48.0578 4612 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:09:48.0578 4612 ehSched - ok
13:09:48.0640 4612 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:09:48.0656 4612 elxstor - ok
13:09:48.0671 4612 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:09:48.0671 4612 ErrDev - ok
13:09:48.0734 4612 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:09:48.0734 4612 EventSystem - ok
13:09:48.0765 4612 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:09:48.0765 4612 exfat - ok
13:09:48.0781 4612 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:09:48.0796 4612 fastfat - ok
13:09:48.0859 4612 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:09:48.0874 4612 Fax - ok
13:09:48.0890 4612 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:09:48.0890 4612 fdc - ok
13:09:48.0921 4612 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:09:48.0921 4612 fdPHost - ok
13:09:48.0937 4612 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:09:48.0937 4612 FDResPub - ok
13:09:48.0968 4612 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:09:48.0968 4612 FileInfo - ok
13:09:48.0983 4612 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:09:48.0983 4612 Filetrace - ok
13:09:48.0983 4612 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:09:48.0999 4612 flpydisk - ok
13:09:49.0046 4612 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:09:49.0061 4612 FltMgr - ok
13:09:49.0108 4612 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:09:49.0124 4612 FontCache - ok
13:09:49.0171 4612 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:09:49.0171 4612 FontCache3.0.0.0 - ok
13:09:49.0186 4612 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:09:49.0202 4612 FsDepends - ok
13:09:49.0233 4612 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:09:49.0233 4612 Fs_Rec - ok
13:09:49.0295 4612 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:09:49.0295 4612 fvevol - ok
13:09:49.0327 4612 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:09:49.0342 4612 gagp30kx - ok
13:09:49.0405 4612 [ 1A0B9D84BEB3306F728BC3009D432F5C ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
13:09:49.0405 4612 GameConsoleService - ok
13:09:49.0467 4612 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:09:49.0467 4612 gpsvc - ok
13:09:49.0561 4612 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:09:49.0561 4612 gupdate - ok
13:09:49.0576 4612 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:09:49.0576 4612 gupdatem - ok
13:09:49.0639 4612 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:09:49.0654 4612 gusvc - ok
13:09:49.0670 4612 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:09:49.0670 4612 hcw85cir - ok
13:09:49.0732 4612 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:09:49.0732 4612 HdAudAddService - ok
13:09:49.0779 4612 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:09:49.0779 4612 HDAudBus - ok
13:09:49.0795 4612 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:09:49.0810 4612 HidBatt - ok
13:09:49.0810 4612 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:09:49.0826 4612 HidBth - ok
13:09:49.0826 4612 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:09:49.0841 4612 HidIr - ok
13:09:49.0857 4612 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:09:49.0857 4612 hidserv - ok
13:09:49.0904 4612 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:09:49.0904 4612 HidUsb - ok
13:09:49.0935 4612 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:09:49.0935 4612 hkmsvc - ok
13:09:49.0982 4612 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:09:49.0982 4612 HomeGroupListener - ok
13:09:50.0029 4612 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:09:50.0029 4612 HomeGroupProvider - ok
13:09:50.0044 4612 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:09:50.0060 4612 HpSAMD - ok
13:09:50.0122 4612 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:09:50.0122 4612 HTTP - ok
13:09:50.0153 4612 [ 1A5DA10E18FC2643E94C5DC7FA965868 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:09:50.0169 4612 hwdatacard - ok
13:09:50.0216 4612 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:09:50.0216 4612 hwpolicy - ok
13:09:50.0263 4612 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:09:50.0263 4612 i8042prt - ok
13:09:50.0325 4612 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:09:50.0325 4612 iaStor - ok
13:09:50.0372 4612 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:09:50.0387 4612 iaStorV - ok
13:09:50.0465 4612 [ 4DE2EE2A5186D74BABC4E7F60D2AE989 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
13:09:50.0481 4612 IconMan_R - ok
13:09:50.0575 4612 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:09:50.0575 4612 idsvc - ok
13:09:50.0824 4612 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:09:51.0043 4612 igfx - ok
13:09:51.0105 4612 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:09:51.0105 4612 iirsp - ok
13:09:51.0152 4612 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:09:51.0167 4612 IKEEXT - ok
13:09:51.0261 4612 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:09:51.0292 4612 IntcAzAudAddService - ok
13:09:51.0308 4612 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:09:51.0308 4612 intelide - ok
13:09:51.0355 4612 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:09:51.0355 4612 intelppm - ok
13:09:51.0386 4612 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:09:51.0386 4612 IPBusEnum - ok
13:09:51.0433 4612 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:09:51.0433 4612 IpFilterDriver - ok
13:09:51.0479 4612 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:09:51.0495 4612 iphlpsvc - ok
13:09:51.0526 4612 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:09:51.0526 4612 IPMIDRV - ok
13:09:51.0557 4612 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:09:51.0557 4612 IPNAT - ok
13:09:51.0604 4612 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:09:51.0604 4612 IRENUM - ok
13:09:51.0620 4612 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:09:51.0620 4612 isapnp - ok
13:09:51.0651 4612 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:09:51.0667 4612 iScsiPrt - ok
13:09:51.0713 4612 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:09:51.0713 4612 kbdclass - ok
13:09:51.0745 4612 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:09:51.0745 4612 kbdhid - ok
13:09:51.0776 4612 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:09:51.0776 4612 KeyIso - ok
13:09:51.0823 4612 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:09:51.0823 4612 KSecDD - ok
13:09:51.0838 4612 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:09:51.0838 4612 KSecPkg - ok
13:09:51.0869 4612 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:09:51.0869 4612 ksthunk - ok
13:09:51.0916 4612 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:09:51.0916 4612 KtmRm - ok
13:09:51.0979 4612 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:09:51.0994 4612 LanmanServer - ok
13:09:52.0041 4612 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:09:52.0041 4612 LanmanWorkstation - ok
13:09:52.0088 4612 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:09:52.0088 4612 lltdio - ok
13:09:52.0119 4612 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:09:52.0119 4612 lltdsvc - ok
13:09:52.0135 4612 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:09:52.0135 4612 lmhosts - ok
13:09:52.0181 4612 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
13:09:52.0181 4612 LPCFilter - ok
13:09:52.0244 4612 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:09:52.0244 4612 LSI_FC - ok
13:09:52.0259 4612 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:09:52.0259 4612 LSI_SAS - ok
13:09:52.0275 4612 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:09:52.0275 4612 LSI_SAS2 - ok
13:09:52.0306 4612 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:09:52.0306 4612 LSI_SCSI - ok
13:09:52.0337 4612 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:09:52.0353 4612 luafv - ok
13:09:52.0431 4612 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:09:52.0431 4612 MBAMProtector - ok
13:09:52.0525 4612 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:09:52.0525 4612 MBAMScheduler - ok
13:09:52.0571 4612 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:09:52.0571 4612 MBAMService - ok
13:09:52.0587 4612 McAfee SiteAdvisor Service - ok
13:09:52.0634 4612 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:09:52.0634 4612 Mcx2Svc - ok
13:09:52.0649 4612 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:09:52.0649 4612 megasas - ok
13:09:52.0665 4612 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:09:52.0665 4612 MegaSR - ok
13:09:52.0712 4612 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:09:52.0712 4612 MMCSS - ok
13:09:52.0727 4612 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:09:52.0727 4612 Modem - ok
13:09:52.0759 4612 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:09:52.0759 4612 monitor - ok
13:09:52.0790 4612 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:09:52.0790 4612 mouclass - ok
13:09:52.0821 4612 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:09:52.0821 4612 mouhid - ok
13:09:52.0868 4612 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:09:52.0868 4612 mountmgr - ok
13:09:52.0915 4612 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:09:52.0915 4612 MpFilter - ok
13:09:52.0946 4612 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:09:52.0946 4612 mpio - ok
13:09:52.0961 4612 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:09:52.0977 4612 mpsdrv - ok
13:09:53.0024 4612 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:09:53.0024 4612 MpsSvc - ok
13:09:53.0071 4612 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:09:53.0086 4612 MRxDAV - ok
13:09:53.0117 4612 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:09:53.0117 4612 mrxsmb - ok
13:09:53.0164 4612 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:09:53.0164 4612 mrxsmb10 - ok
13:09:53.0180 4612 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:09:53.0180 4612 mrxsmb20 - ok
13:09:53.0211 4612 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:09:53.0211 4612 msahci - ok
13:09:53.0242 4612 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:09:53.0242 4612 msdsm - ok
13:09:53.0258 4612 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:09:53.0273 4612 MSDTC - ok
13:09:53.0320 4612 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:09:53.0320 4612 Msfs - ok
13:09:53.0336 4612 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:09:53.0336 4612 mshidkmdf - ok
13:09:53.0351 4612 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:09:53.0351 4612 msisadrv - ok
13:09:53.0398 4612 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:09:53.0398 4612 MSiSCSI - ok
13:09:53.0398 4612 msiserver - ok
13:09:53.0445 4612 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:09:53.0445 4612 MSKSSRV - ok
13:09:53.0554 4612 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:09:53.0554 4612 MsMpSvc - ok
13:09:53.0570 4612 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:09:53.0585 4612 MSPCLOCK - ok
13:09:53.0601 4612 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:09:53.0601 4612 MSPQM - ok
13:09:53.0663 4612 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:09:53.0663 4612 MsRPC - ok
13:09:53.0695 4612 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:09:53.0695 4612 mssmbios - ok
13:09:53.0726 4612 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:09:53.0726 4612 MSTEE - ok
13:09:53.0726 4612 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:09:53.0726 4612 MTConfig - ok
13:09:53.0773 4612 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:09:53.0773 4612 Mup - ok
13:09:53.0788 4612 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:09:53.0804 4612 napagent - ok
13:09:53.0851 4612 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:09:53.0851 4612 NativeWifiP - ok
13:09:53.0929 4612 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:09:53.0944 4612 NDIS - ok
13:09:53.0991 4612 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:09:53.0991 4612 NdisCap - ok
13:09:54.0022 4612 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:09:54.0022 4612 NdisTapi - ok
13:09:54.0085 4612 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:09:54.0085 4612 Ndisuio - ok
13:09:54.0131 4612 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:09:54.0131 4612 NdisWan - ok
13:09:54.0163 4612 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:09:54.0163 4612 NDProxy - ok
13:09:54.0272 4612 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:09:54.0287 4612 Nero BackItUp Scheduler 4.0 - ok
13:09:54.0334 4612 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:09:54.0334 4612 NetBIOS - ok
13:09:54.0381 4612 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:09:54.0397 4612 NetBT - ok
13:09:54.0412 4612 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:09:54.0412 4612 Netlogon - ok
13:09:54.0459 4612 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:09:54.0459 4612 Netman - ok
13:09:54.0490 4612 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:09:54.0490 4612 netprofm - ok
13:09:54.0521 4612 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:09:54.0521 4612 NetTcpPortSharing - ok
13:09:54.0584 4612 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:09:54.0584 4612 nfrd960 - ok
13:09:54.0615 4612 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:09:54.0631 4612 NisDrv - ok
13:09:54.0662 4612 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
13:09:54.0662 4612 NisSrv - ok
13:09:54.0724 4612 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:09:54.0724 4612 NlaSvc - ok
13:09:54.0740 4612 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:09:54.0755 4612 Npfs - ok
13:09:54.0771 4612 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:09:54.0771 4612 nsi - ok
13:09:54.0787 4612 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:09:54.0787 4612 nsiproxy - ok
13:09:54.0865 4612 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:09:54.0880 4612 Ntfs - ok
13:09:54.0911 4612 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:09:54.0927 4612 Null - ok
13:09:54.0974 4612 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:09:54.0974 4612 nvraid - ok
13:09:55.0005 4612 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:09:55.0005 4612 nvstor - ok
13:09:55.0052 4612 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:09:55.0067 4612 nv_agp - ok
13:09:55.0083 4612 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:09:55.0083 4612 ohci1394 - ok
13:09:55.0130 4612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:09:55.0130 4612 p2pimsvc - ok
13:09:55.0145 4612 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:09:55.0161 4612 p2psvc - ok
13:09:55.0192 4612 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:09:55.0192 4612 Parport - ok
13:09:55.0223 4612 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:09:55.0223 4612 partmgr - ok
13:09:55.0255 4612 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:09:55.0255 4612 PcaSvc - ok
13:09:55.0286 4612 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:09:55.0301 4612 pci - ok
13:09:55.0317 4612 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:09:55.0317 4612 pciide - ok
13:09:55.0333 4612 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:09:55.0333 4612 pcmcia - ok
13:09:55.0348 4612 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:09:55.0348 4612 pcw - ok
13:09:55.0379 4612 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:09:55.0395 4612 PEAUTH - ok
13:09:55.0457 4612 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:09:55.0457 4612 PerfHost - ok
13:09:55.0504 4612 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
13:09:55.0504 4612 PGEffect - ok
13:09:55.0582 4612 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:09:55.0598 4612 pla - ok
13:09:55.0660 4612 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:09:55.0660 4612 PlugPlay - ok
13:09:55.0691 4612 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:09:55.0691 4612 PNRPAutoReg - ok
13:09:55.0723 4612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:09:55.0723 4612 PNRPsvc - ok
13:09:55.0769 4612 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:09:55.0769 4612 PolicyAgent - ok
13:09:55.0801 4612 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:09:55.0816 4612 Power - ok
13:09:55.0863 4612 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:09:55.0863 4612 PptpMiniport - ok
13:09:55.0894 4612 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:09:55.0894 4612 Processor - ok
13:09:55.0941 4612 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:09:55.0957 4612 ProfSvc - ok
13:09:55.0972 4612 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:09:55.0972 4612 ProtectedStorage - ok
13:09:56.0035 4612 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:09:56.0035 4612 Psched - ok
13:09:56.0081 4612 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:09:56.0097 4612 ql2300 - ok
13:09:56.0113 4612 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:09:56.0113 4612 ql40xx - ok
13:09:56.0128 4612 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:09:56.0144 4612 QWAVE - ok
13:09:56.0159 4612 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:09:56.0159 4612 QWAVEdrv - ok
13:09:56.0331 4612 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
13:09:56.0347 4612 RapportCerberus_42020 - ok
13:09:56.0425 4612 [ E00B1DAC20B52781A6F697235A1CE9D4 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
13:09:56.0425 4612 RapportEI64 - ok
13:09:56.0471 4612 [ A0D6937897654813C27CB149FC4337E4 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
13:09:56.0471 4612 RapportKE64 - ok
13:09:56.0549 4612 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
13:09:56.0549 4612 RapportMgmtService - ok
13:09:56.0612 4612 [ 9B5D119785654BF8219DCBD0C1925FF7 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
13:09:56.0612 4612 RapportPG64 - ok
13:09:56.0659 4612 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:09:56.0659 4612 RasAcd - ok
13:09:56.0705 4612 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:09:56.0705 4612 RasAgileVpn - ok
13:09:56.0737 4612 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:09:56.0737 4612 RasAuto - ok
13:09:56.0783 4612 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:09:56.0783 4612 Rasl2tp - ok
13:09:56.0830 4612 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:09:56.0846 4612 RasMan - ok
13:09:56.0893 4612 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:09:56.0893 4612 RasPppoe - ok
13:09:56.0908 4612 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:09:56.0908 4612 RasSstp - ok
13:09:56.0955 4612 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:09:56.0955 4612 rdbss - ok
13:09:56.0986 4612 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:09:56.0986 4612 rdpbus - ok
13:09:57.0002 4612 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:09:57.0002 4612 RDPCDD - ok
13:09:57.0033 4612 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:09:57.0033 4612 RDPENCDD - ok
13:09:57.0064 4612 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:09:57.0064 4612 RDPREFMP - ok
13:09:57.0111 4612 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:09:57.0111 4612 RDPWD - ok
13:09:57.0158 4612 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:09:57.0173 4612 rdyboost - ok
13:09:57.0189 4612 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:09:57.0189 4612 RemoteAccess - ok
13:09:57.0220 4612 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:09:57.0220 4612 RemoteRegistry - ok
13:09:57.0267 4612 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:09:57.0267 4612 RpcEptMapper - ok
13:09:57.0283 4612 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:09:57.0283 4612 RpcLocator - ok
13:09:57.0329 4612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:09:57.0329 4612 RpcSs - ok
13:09:57.0376 4612 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:09:57.0376 4612 rspndr - ok
13:09:57.0439 4612 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:09:57.0439 4612 RSUSBSTOR - ok
13:09:57.0517 4612 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:09:57.0517 4612 RTL8167 - ok
13:09:57.0579 4612 [ FFC748D848740D1BC8F330A8879C2674 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
13:09:57.0579 4612 RTL8192Ce - ok
13:09:57.0595 4612 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:09:57.0595 4612 SamSs - ok
13:09:57.0641 4612 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:09:57.0641 4612 sbp2port - ok
13:09:57.0688 4612 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:09:57.0688 4612 SCardSvr - ok
13:09:57.0735 4612 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:09:57.0751 4612 scfilter - ok
13:09:57.0797 4612 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:09:57.0813 4612 Schedule - ok
13:09:57.0875 4612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:09:57.0875 4612 SCPolicySvc - ok
13:09:57.0907 4612 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:09:57.0907 4612 SDRSVC - ok
13:09:57.0953 4612 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:09:57.0969 4612 secdrv - ok
13:09:58.0016 4612 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:09:58.0016 4612 seclogon - ok
13:09:58.0031 4612 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:09:58.0031 4612 SENS - ok
13:09:58.0063 4612 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:09:58.0094 4612 SensrSvc - ok
13:09:58.0109 4612 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:09:58.0109 4612 Serenum - ok
13:09:58.0141 4612 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:09:58.0141 4612 Serial - ok
13:09:58.0172 4612 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:09:58.0172 4612 sermouse - ok
13:09:58.0234 4612 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:09:58.0250 4612 SessionEnv - ok
13:09:58.0297 4612 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:09:58.0297 4612 sffdisk - ok
13:09:58.0297 4612 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:09:58.0312 4612 sffp_mmc - ok
13:09:58.0328 4612 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:09:58.0328 4612 sffp_sd - ok
13:09:58.0375 4612 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:09:58.0375 4612 sfloppy - ok
13:09:58.0421 4612 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:09:58.0421 4612 SharedAccess - ok
13:09:58.0468 4612 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:09:58.0484 4612 ShellHWDetection - ok
13:09:58.0499 4612 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:09:58.0499 4612 SiSRaid2 - ok
13:09:58.0515 4612 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:09:58.0515 4612 SiSRaid4 - ok
13:09:58.0577 4612 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:09:58.0593 4612 SkypeUpdate - ok
13:09:58.0624 4612 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:09:58.0624 4612 Smb - ok
13:09:58.0687 4612 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:09:58.0687 4612 SNMPTRAP - ok
13:09:58.0718 4612 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:09:58.0718 4612 spldr - ok
13:09:58.0765 4612 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:09:58.0780 4612 Spooler - ok
13:09:58.0889 4612 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:09:58.0967 4612 sppsvc - ok
13:09:58.0999 4612 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:09:58.0999 4612 sppuinotify - ok
13:09:59.0045 4612 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:09:59.0045 4612 srv - ok
13:09:59.0077 4612 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:09:59.0077 4612 srv2 - ok
13:09:59.0108 4612 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:09:59.0108 4612 srvnet - ok
13:09:59.0155 4612 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:09:59.0155 4612 SSDPSRV - ok
13:09:59.0170 4612 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:09:59.0170 4612 SstpSvc - ok
13:09:59.0201 4612 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:09:59.0201 4612 stexstor - ok
13:09:59.0264 4612 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:09:59.0279 4612 stisvc - ok
13:09:59.0311 4612 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:09:59.0311 4612 swenum - ok
13:09:59.0373 4612 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:09:59.0373 4612 swprv - ok
13:09:59.0435 4612 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:09:59.0435 4612 SynTP - ok
13:09:59.0513 4612 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:09:59.0529 4612 SysMain - ok
13:09:59.0576 4612 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:09:59.0576 4612 TabletInputService - ok
13:09:59.0623 4612 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
13:09:59.0623 4612 taphss - ok
13:09:59.0638 4612 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:09:59.0654 4612 TapiSrv - ok
13:09:59.0685 4612 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:09:59.0685 4612 TBS - ok
13:09:59.0763 4612 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:09:59.0779 4612 Tcpip - ok
13:09:59.0825 4612 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:09:59.0841 4612 TCPIP6 - ok
13:09:59.0872 4612 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:09:59.0888 4612 tcpipreg - ok
13:09:59.0935 4612 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:09:59.0935 4612 tdcmdpst - ok
13:09:59.0966 4612 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:09:59.0966 4612 TDPIPE - ok
13:10:00.0013 4612 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:10:00.0013 4612 TDTCP - ok
13:10:00.0059 4612 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:10:00.0059 4612 tdx - ok
13:10:00.0122 4612 [ 40E154B3125E17CE6F2AFAD57AFCFEB2 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
13:10:00.0122 4612 TemproMonitoringService - ok
13:10:00.0153 4612 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:10:00.0153 4612 TermDD - ok
13:10:00.0169 4612 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:10:00.0184 4612 TermService - ok
13:10:00.0215 4612 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:10:00.0247 4612 Themes - ok
13:10:00.0278 4612 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:10:00.0278 4612 THREADORDER - ok
13:10:00.0356 4612 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:10:00.0356 4612 TMachInfo - ok
13:10:00.0403 4612 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
13:10:00.0403 4612 TODDSrv - ok
13:10:00.0512 4612 [ 15CA4B185EA8AEF71DD86181E6E0157E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:10:00.0512 4612 TosCoSrv - ok
13:10:00.0559 4612 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:10:00.0559 4612 TOSHIBA HDD SSD Alert Service - ok
13:10:00.0590 4612 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:10:00.0590 4612 TrkWks - ok
13:10:00.0652 4612 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:10:00.0652 4612 TrustedInstaller - ok
13:10:00.0715 4612 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:10:00.0715 4612 tssecsrv - ok
13:10:00.0746 4612 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:10:00.0761 4612 TsUsbFlt - ok
13:10:00.0793 4612 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:10:00.0808 4612 tunnel - ok
13:10:00.0855 4612 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:10:00.0871 4612 TVALZ - ok
13:10:00.0886 4612 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:10:00.0886 4612 uagp35 - ok
13:10:00.0949 4612 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:10:00.0949 4612 udfs - ok
13:10:00.0995 4612 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:10:00.0995 4612 UI0Detect - ok
13:10:01.0042 4612 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:10:01.0042 4612 uliagpkx - ok
13:10:01.0073 4612 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:10:01.0073 4612 umbus - ok
13:10:01.0105 4612 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:10:01.0105 4612 UmPass - ok
13:10:01.0120 4612 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:10:01.0183 4612 upnphost - ok
13:10:01.0214 4612 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:10:01.0261 4612 usbccgp - ok
13:10:01.0323 4612 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:10:01.0323 4612 usbcir - ok
13:10:01.0339 4612 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:10:01.0339 4612 usbehci - ok
13:10:01.0385 4612 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:10:01.0385 4612 usbhub - ok
13:10:01.0401 4612 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:10:01.0401 4612 usbohci - ok
13:10:01.0432 4612 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:10:01.0448 4612 usbprint - ok
13:10:01.0479 4612 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:10:01.0479 4612 USBSTOR - ok
13:10:01.0510 4612 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:10:01.0510 4612 usbuhci - ok
13:10:01.0557 4612 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:10:01.0573 4612 usbvideo - ok
13:10:01.0604 4612 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:10:01.0604 4612 UxSms - ok
13:10:01.0604 4612 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:10:01.0619 4612 VaultSvc - ok
13:10:01.0651 4612 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:10:01.0651 4612 vdrvroot - ok
13:10:01.0729 4612 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:10:01.0729 4612 vds - ok
13:10:01.0760 4612 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:10:01.0760 4612 vga - ok
13:10:01.0791 4612 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:10:01.0791 4612 VgaSave - ok
13:10:01.0822 4612 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:10:01.0822 4612 vhdmp - ok
13:10:01.0838 4612 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:10:01.0838 4612 viaide - ok
13:10:01.0869 4612 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:10:01.0869 4612 volmgr - ok
13:10:01.0916 4612 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:10:01.0931 4612 volmgrx - ok
13:10:01.0947 4612 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:10:01.0947 4612 volsnap - ok
13:10:01.0994 4612 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:10:02.0009 4612 vsmraid - ok
13:10:02.0056 4612 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:10:02.0072 4612 VSS - ok
13:10:02.0087 4612 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:10:02.0103 4612 vwifibus - ok
13:10:02.0134 4612 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:10:02.0134 4612 vwififlt - ok
13:10:02.0165 4612 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:10:02.0181 4612 W32Time - ok
13:10:02.0197 4612 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:10:02.0212 4612 WacomPen - ok
13:10:02.0290 4612 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:10:02.0290 4612 WANARP - ok
13:10:02.0290 4612 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:10:02.0290 4612 Wanarpv6 - ok
13:10:02.0384 4612 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:10:02.0399 4612 WatAdminSvc - ok
13:10:02.0462 4612 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:10:02.0493 4612 wbengine - ok
13:10:02.0540 4612 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:10:02.0555 4612 WbioSrvc - ok
13:10:02.0602 4612 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:10:02.0602 4612 wcncsvc - ok
13:10:02.0633 4612 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:10:02.0633 4612 WcsPlugInService - ok
13:10:02.0665 4612 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:10:02.0665 4612 Wd - ok
13:10:02.0711 4612 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:10:02.0711 4612 Wdf01000 - ok
13:10:02.0727 4612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:10:02.0743 4612 WdiServiceHost - ok
13:10:02.0743 4612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:10:02.0743 4612 WdiSystemHost - ok
13:10:02.0805 4612 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:10:02.0805 4612 WebClient - ok
13:10:02.0836 4612 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:10:02.0852 4612 Wecsvc - ok
13:10:02.0852 4612 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:10:02.0852 4612 wercplsupport - ok
13:10:02.0899 4612 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:10:02.0899 4612 WerSvc - ok
13:10:02.0945 4612 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:10:02.0945 4612 WfpLwf - ok
13:10:02.0977 4612 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:10:02.0977 4612 WIMMount - ok
13:10:02.0992 4612 WinDefend - ok
13:10:02.0992 4612 WinHttpAutoProxySvc - ok
13:10:03.0055 4612 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:10:03.0055 4612 Winmgmt - ok
13:10:03.0117 4612 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:10:03.0148 4612 WinRM - ok
13:10:03.0226 4612 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:10:03.0226 4612 WinUsb - ok
13:10:03.0273 4612 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:10:03.0289 4612 Wlansvc - ok
13:10:03.0398 4612 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:10:03.0413 4612 wlidsvc - ok
13:10:03.0429 4612 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:10:03.0429 4612 WmiAcpi - ok
13:10:03.0460 4612 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:10:03.0476 4612 wmiApSrv - ok
13:10:03.0491 4612 WMPNetworkSvc - ok
13:10:03.0523 4612 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:10:03.0523 4612 WPCSvc - ok
13:10:03.0569 4612 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:10:03.0569 4612 WPDBusEnum - ok
13:10:03.0601 4612 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:10:03.0601 4612 ws2ifsl - ok
13:10:03.0616 4612 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:10:03.0616 4612 wscsvc - ok
13:10:03.0632 4612 WSearch - ok
13:10:03.0710 4612 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:10:03.0741 4612 wuauserv - ok
13:10:03.0757 4612 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:10:03.0757 4612 WudfPf - ok
13:10:03.0819 4612 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:10:03.0819 4612 WUDFRd - ok
13:10:03.0866 4612 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:10:03.0866 4612 wudfsvc - ok
13:10:03.0897 4612 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:10:03.0913 4612 WwanSvc - ok
13:10:03.0928 4612 ================ Scan global ===============================
13:10:03.0959 4612 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:10:04.0006 4612 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:10:04.0006 4612 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:10:04.0037 4612 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:10:04.0084 4612 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:10:04.0084 4612 [Global] - ok
13:10:04.0084 4612 ================ Scan MBR ==================================
13:10:04.0084 4612 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:10:04.0365 4612 \Device\Harddisk0\DR0 - ok
13:10:04.0365 4612 ================ Scan VBR ==================================
13:10:04.0396 4612 [ D988099961129A37E84EF81F60DE02C2 ] \Device\Harddisk0\DR0\Partition1
13:10:04.0396 4612 \Device\Harddisk0\DR0\Partition1 - ok
13:10:04.0412 4612 [ 5496462E7CD3B4C29D30E8266209873E ] \Device\Harddisk0\DR0\Partition2
13:10:04.0427 4612 \Device\Harddisk0\DR0\Partition2 - ok
13:10:04.0427 4612 ============================================================
13:10:04.0427 4612 Scan finished
13:10:04.0427 4612 ============================================================
13:10:04.0443 4248 Detected object count: 0
13:10:04.0443 4248 Actual detected object count: 0

My laptop has been running fine since and I have done my own research into 'Rootkit.0Access'. From what I have found out it would appear that this laptop could be compromised and can never be fully trusted again. Would you agree? I am considering just buying a new one, as this one owes me nothing. I have very little saved on it but I do use it for banking. Am I being over cautious or do you agree? I will follow your other instructions if you think it is worth proceeding.

Kind Regards

Gav

Edited by pob1, 21 September 2012 - 07:59 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:09 PM

Posted 21 September 2012 - 10:07 AM

Yes a 0access rootkit does compromise your security. But you can reformat it and gain that back.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 pob1

pob1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 23 September 2012 - 09:39 AM

Hi boopme,

Sorry for the delay getting back to you...but I bit the bullet and got a new laptop. I have taken the infected laptop back to factory settings and I was wondering what you would advise doing next? Would you use this machine for general web browsing? Any advice would be greatly appreciated.

Gav

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:09 PM

Posted 23 September 2012 - 11:04 AM

No problem Gav.. If you reformatted then the machine is trustworthy.
Reformatting a hard disk deletes all data and malware.

If you had back up items resacn before reinstalling any.
Data files, pictures and music (that isn't a file share) are safe.

Install your antivirus immediately. Instaall an antimalware like MalwareBytes or SUPERAnyispyware They are free an should be run at least weekly. If you need links let me know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users